defuse/crackstation-hashdb

Stars
350
Rank 117,315 (Top 3 %)
Language
PHP
License
GNU General Publi...
Created almost 11 years ago
Updated over 5 years ago

defuse/crackstation-hashdb

defuse

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

CrackStation.net's Lookup Table Implementation.

CrackStation.net's Lookup Tables

Introduction

There are three components to this system:

The indexing PHP script (createidx.php), which takes a wordlist and builds a lookup table index for a hash function and the words in the list.
The indexing sorter program (sortidx.c), which sorts an index created by the indexing script, so that the lookup script can use a binary search on the index to crack hashes.
The lookup script (LookupTable.php), which uses the wordlist and index to crack hashes.

The system is split up like this because PHP provides easy access to many different types of hash functions, but is too slow to sort large indexes in a reasonable amount of time. We are planning to re-write components #1 and #3 in C or C++.

Building and Testing

The PHP scripts to not need to be built. To build the C programs, run make.

To run the tests, just run make test, and then clean up the files the tests created with make testclean.

Indexing a Dictionary

Suppose you have a password dictionary in the file words.txt and you would like to index it for MD5 and SHA1 cracking.

First, create the MD5 and SHA1 indexes:

$ php createidx.php md5 words.txt words-md5.idx
$ php createidx.php sha1 words.txt words-sha1.idx

Next, use the sortidx program to sort the indexes:

$ ./sortidx -r 256 words-md5.idx
$ ./sortidx -r 256 words-sha256.idx

The -r parameter is the maximum amount of memory sortidx is allowed to use in MiB. The more memory you let it use, the faster it will go. Give it as much as your system will allow.

You now have everything you need to crack MD5 and SHA1 hashes quickly.

Cracking Hashes

Once you have generated and sorted the index, you can use the LookupTable class to crack hashes. See test/test.php for an example of how to use it.

Adding Words

Once a wordlist has been indexed, you can not modify the wordlist file without breaking the indexes. Appending to the wordlist is safe in that it will not break the indexes, but the words you append won't be indexed, unless you re-generate the index. There is currently no way to add words to an index without re-generating the entire index.

php-encryption

Simple Encryption in PHP.

swatd

Run a script when one or more sensors fail.

password-hashing

Password hashing code.

sockstress

Sockstress (TCP DoS) implementation.

flush-reload-attacks

crackstation

Source code for my crackstation.net website.

passgen

A password generator.

defuse.ca

The source code to my defuse.ca website.

phpcount

A unique hit counter that respects users' privacy.

email-spoofing

Ruby script for spoofing SMTP emails.

php-passgen

Generating passwords in PHP.

dnsfs

Host files with DNS

gas-obfuscation

Extremely simple but inefficient x86-64 assembly obfuscation.

yescrypt

Non-C Implementations of the yescrypt KDF.

helloworld-cms

A simple content display system in PHP.

airgap

Design for an economical and simple air-gapped system.

DAWr

The start of a library for building a DAW and/or sound experiments in Rust

pastebin

The defuse.ca pastebin.

WinPassGen

A Windows Password Generator.

phphashcrack

A PHP hash cracker.

encutil

Example of how to build a command-line file encryption utility with defuse/php-encryption.

synergy-crack

Synergy 1.4.12 cracking tool.

cuda-md5

Old NVIDIA CUDA implementation of salted MD5 brute-force

ictm

A user-first approach to threat modeling.

x86rc4

A tiny x86 implementation of RC4

php-newsgroups

Newsgroup-style PHP forum.

elfplayer

Visualize an ELF's execution

backup-verify

Tool for verifying backups and comparing directories.

passgenr

A library for generating cryptographically-secure passwords in Rust.

textractor

Extract strings from files to make wordlists.

vim

My GVim Configuration

image-passwords

HTML5 Canvas: Generating keys from memorable image sequences.

canvas

Practice HTML5 Canvas.

gadgetrie

A simple gadget finder for Return Oriented Programming

truecrypt-archive

Archive of all TrueCrypt 7.1a files

defuse_failover

(Old) How I used to do implement failover for defuse.ca.

gnutls-psk

Example TLS PSK client/server.

js-encryption

SJCL (JavaScript) encryption example.

afl-demo

vst_plugin

Example VST2 plugin in Rust.

eotp

https://defuse.ca/eotp.htm

nova-extractor

WIP implementation of the extractor in Nova's security proof

passwordtrainer

A script for memorizing/practicing passwords.

php-login

A (half-finished) PHP login system.

stemviz

https-mockups

Negative feedback for insecure web connections.

sudoku-solver

A simple sudoku solver in Ruby

pfs-experiments

Testing perfect forward secrecy in the short term.

tix

A command-line ticket system in Ruby.

bqp

Source code for my bqp.io website.

juggler-pow

A memory-but-not-time asymmetric proof-of-work function.

upload

File transfer upload script.

popularaccess

popularaccess.org

hypothetico-web

Hypothetico e-zine website

nsa-letter

A letter to Canadian MPs about the NSA

vimhl

Syntax highlighting in PHP with Vim.

wavetool

A tool for processing/analyzing Serum wavetables.

qcircuitgen

Easily draw quantum circuits for LaTeX's picture environment

codefiles

A Ruby on Rails blog.