Kali Linux
About Lesson

 Findmyhash is a free open-source tool that helps to crack passwords using free online services. Findmyhash helps you to decipher some common hashes speedily, besides that, it is elementary to use.  Be sure to only install python in your machine.

It works with the following algorithms: MD4, MD5, SHA1, SHA225, SHA256, SHA384, SHA512, RMD160, GOST, WHIRLPOOL, LM, NTLM, MYSQL, CISCO7, JUNIPER, LDAP_MD5, and LDAP_SHA1. It also supports multi-thread analysis for faster speed and algorithm recognition from the hash value.

Main features include:

  • Empty hashes recognition
  • Reads input from a text file
  • Ability to escape special characters
  • Cracks single or multiple hashes.
  • Password hash search on Google
  • Pause and Resume options
  • Saves the results in a file.

How to crack different hasher algorithms like MD5, SHA1 using findmyhash in Kali Linux

Have you ever find an interesting hash on Internet or in some old database that used to be not so secure ? Now, with awesome and broad web services that you can find on the internet, you may be able to know what that hash used to look before it were hashed by some hasher algorithm like MD5, SHA1 or GOST. 

In Kali Linux, you may boost the process of searching on internet for the original string of your hash using the findmyhash tool that will do the job for you. findmyhash is an useful python script used to crack a lot of hashes using web services.

How does findmyhash works ?

findmyhash is an awesome command line utility that cracks hashes through different online services. As you may know, functions like MD5 aren’t plainly encryption tools (though it may be used as part of some encryption algorithms) but a one way hash function, that means that you can’t reverse it with certainty.

Basically what it does is to send the hash that you provide to different web services and in case that some database of any of the available services contains the string that generates the hash that you provide, then you’ll get the original string (which using the specified hasher function would generate the hashed string) as result.

findmyhash is included on Kali Linux and can be used quickly from the command line.

Using findmyhash

The usage of findmyhash is pretty simple, it has 1 required argument (the name of the hasher function e.g MD5, SHA1 etc) and 3 options:

  • -h <hash_value>: If you only want to crack one hash, specify its value with this option.
  • -f <file>: If you have several hashes, you can specify a file with one hash per line. All of the hashes have to be the same type.
  • -g : If your hash cannot be cracked, search it in Google and show all the results. This option ONLY works with -h (one hash input) option.

The following hash functions are supported by findmyhash:

  • MD4                – RFC 1320
  • MD5                – RFC 1321
  • SHA1              – RFC 3174 (FIPS 180-3)
  • SHA224          – RFC 3874 (FIPS 180-3)
  • SHA256          – FIPS 180-3
  • SHA384          – FIPS 180-3
  • SHA512          – FIPS 180-3
  • RMD160         – RFC 2857
  • GOST             – RFC 5831
  • WHIRLPOOL – ISO/IEC 10118-3:2004
  • LM                  – Microsoft Windows hash
  • NTLM             – Microsoft Windows hash
  • MYSQL           – MySQL 3, 4, 5 hash
  • CISCO7          – Cisco IOS type 7 encrypted passwords
  • JUNIPER        – Juniper Networks $9$ encrypted passwords
  • LDAP_MD5     – MD5 Base64 encoded
  • LDAP_SHA1  – SHA1 Base64 encoded

The most basic example, has the following structure:

findmyhash [Hasher function name] -h [The hash to crack]

So for example, if you want to find the text of the MD5 hash 5eb63bbbe01eeed093cb22bb8f5acdc3 (whose original text was “hello world”), then you would execute the following command on a new terminal:

findmyhash MD5 -h 5eb63bbbe01eeed093cb22bb8f5acdc3

Whose output will be:

Analyzing with md5decryption (http://md5decryption.com)...

***** HASH CRACKED!! *****
The original string is: hello world

The following hashes were cracked:

5eb63bbbe01eeed093cb22bb8f5acdc3 -> hello world

The only disadvantage you have, is the way in you identify the type of hash that you want to crack. MD5 is a 32 character alphanumeric representation and SHA-1 usually comes as a 40 character alphanumeric string (as does SHA-0) MD5 and SHA-1 account for the vast majority of hashes that you can find.

Let’s Try Another example:

$  python findmyhash_v1.1.2.py MD5 -h "25d55ad283aa400af464c76d713c07ad" 

The result of the previous command line is as follows.

Hope this article helpful for you. Thank You

If You Appreciate What We Do Here On Hackonology, You Should Consider:

Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.

Let's be a part of Hacker's Community! Join our Hacking Team

We Are Indian We Are Great

 "25d55ad283aa400af464c76d713c07ad" => 12345678