Thanks to visit codestin.com
Credit goes to www.scribd.com

0% found this document useful (0 votes)
33 views5 pages

MD5 & SHA1 Hash Decryption Guide

The document provides a detailed tutorial on various methods for decrypting MD5 and MySQL hashes using different tools such as FindMyHash, Hash Cracker Lite, Hashkiller Helper, and Password Pro. It outlines step-by-step instructions for each method, including the use of VPNs, handling captchas, and combining results from multiple tools. Additionally, it offers links to download the necessary tools and wordlists for effective password cracking.

Uploaded by

artemisxakep
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
33 views5 pages

MD5 & SHA1 Hash Decryption Guide

The document provides a detailed tutorial on various methods for decrypting MD5 and MySQL hashes using different tools such as FindMyHash, Hash Cracker Lite, Hashkiller Helper, and Password Pro. It outlines step-by-step instructions for each method, including the use of VPNs, handling captchas, and combining results from multiple tools. Additionally, it offers links to download the necessary tools and wordlists for effective password cracking.

Uploaded by

artemisxakep
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

➖ TUTORIAL ➖

Method 1

FindMyHash 0.2.1.1 - Decrypts MD5

Its kinda fast, the database is big and it allows you to export found and not
found.
Let's start decrypting one of the hashed combos, in this case the MD5.
FindMyHash decrypts 80% of the hashes
If you want you can delete the original mail:hash (in my case i named my file, as
you can see in the gif, "mail.hash 1 MD5"). From now on we are going to use the
"not found.txt".

Now, we are going to Method 2 to decrypt the rest.

Method 2

Hash Cracker Lite v1.3.2 - Decrypts MD5 & SHA1

This tool is good, but its a 'free version' so probably a lot of the hashes are
going to the private file forcing you to buy the PRO version.
However, sometimes i use it just to decrypt a little more and another reason that
you are going to see in the Method 3.

Now in the folder that we opened in the 'Hash Cracker Lite' you are going to copy
"good.txt" and "bad.txt", and paste them in the folder that contains "found.txt"
and "not found.txt" that we created in the method. The "good.txt" we are later
going to combine with the "found.txt".
The "bad.txt" is now the file with mail.hash that we are going to decrypt in the
Method 3.

Method 3

Hashkiller Helper - Decrypts MD5, SHA1 & NTLM

This tool is a very, very good! They use the Hashkiller.co.uk database that its
HUGE and its daily updated! They have a DeathbyCaptcha plugin that solves the
captchas (not tested this dbc - if you have and account and can lend me to test or
test yourself, let me know!)
However, its an old tool and needs an update so there are a few problems that we
need to adress before using this tool!

1 - You MUST USE this tool with VPN or in a RDP. Cause if you end up using too much
of this tool, Hashkiller.co.uk will ban you IP! That will disable the abiity of the
tool to decrypt the hashes.

2 - Since its using the Haskiller.co.uk decrypter format, that only allows 64 hash
at a time, the tool will only be able to decrypt 64 hash at a time.

3 - If your "bad.txt" or "not found.txt" with hashes is still pretty big,


decrypting them will be very time cosuming, cause every 64 hashes you will have to
solve a captcha.

4 - However, the main problem of this tool is that after you finish decrypting, you
wont be able to retrieve the "Not Found" hashes in the tool. This is the reason why
i always leave this tool to last. BUT, if you liked this tool and if you have the
DeathbyCaptcha account, there is a way to retrieve the "Not Found" with a different
tool. But im going to make a tutorial in the end of the topic to show you guys how
to do it.

Now you will copy the 'Results' into a notepad and save it.

Now, you used the 3 methods to crack your MD5 mail.hash combo,you will have 3 txt
files.

In the end of this tutorial im going to teach you how to combine them!

Method 4

Hashkiller Online Tool, InsidePro Hash Finder and Passwords Pro. - Decrypts ALL
Hashes!

Since we decrypted 99% of the MD5. We are going to decrypt now the MySQL mail.hash
that we identified in the beginning.

Now you have to understand that there are not a lot of tools to decrypt MySQL, like
there are to MD5. So we are probably have a harder time to decrypt 99%, we might
not even be able to make it that high porcentage!

In this method we use 3 different tools so it can get a bit tricky to explain, so
im going to break it into 5 parts so you can understand it better!

PART 1 - Using Hashkiller Online Tool to divide the mail from the hash

We need to use this tool, because the decrypter we are going to use doesnt
recognize mail:hash, only recognizes hash. So we have to separate the mail from the
hash first. For that we use the hashkiller tool that its pretty easy.

After you split them you have to copy only the hashes.

So now we have to get these hashes that we copied to the InsidePro Hash Finder.

PART 2 - InsidePro Hash Finder to decrypt the hashes

InsidePro its a website that decrypts the hashes in a lot of formats. It allows the
maximum of 25.000.

However its a free tool, so a lot of the hashes will go to the private folder that
you can only decrypt by paying. But its still worth it to use it!

Paste only the Hashes in the InsidePro, solve the recaptcha and Search for the
Hashes.

So the InsidePro Hash Finder decrypted 4817 hashes.

However we dont know to which email the password belongs to. For that we will need
the PasswordPro.

But first we need to separate the Hash from the password.

PART 3 - HashKiller Online Tool to separate the HASH from the PASS

Its just the same as the Part 1

Now you are going to save ONLY the decrypted password in a txt so that way we can
open in the PasswordPro
PART 4 - Using PasswordPro to find which password belongs to which email.

Im going to show the gif, but i will detail step by step on how to do it.

Step 1: Go to the Settings, Click on 'Dictionaries' and add the .txt file with the
password that you saved!

Step 2: Import the user.hash file to the PasswordPro

Step 3: Select the type of hash(in this case MySQL) and the line format(In this
case username:hash)

Step 4: Go to attack type and select 'Simple Dictionary Attack'

Step 5: Them click on 'Run Attack from Start'

After that the PasswordPro will find out which password belongs to which email.

PART 5 - Exporting the found and not found with Password Pro.

Now we are going to export the found and the not found

The not found is Username and Hash, always remember to EXPORT THE NOT FOUND!!!!

THERE IS ANOTHER METHOD TO DECRYPT THE HASHES!

But we can improve this porcentage a little bit more with the next Method!

Method 5

Password Pro with Simple Dictionary Attack - Decrypts ALL Hashes!

This method is easy, but its hard. Because to work you will need to have a wordlist
with the password that you want to find!

There are a lot of wordlists in the internet and they can be pretty big (up to
96gb) and even them, if the password is not in the worldlist you will not decrypt
it!

The worldlist that i am going to use is the wordlist that hashkiller.co.uk provides
in their website. It has a lot of good passwords.

You can find the wordlist that i used to download here:


https://hashkiller.co.uk/downloads.aspx

However in the end of this method i will provide you a few links to download good
worldlist to give it a try!

The ones that i am going to use are the 'Hashkiller Passwords' and the 'HashKiller
Output Wordlist'.

If you download the PyscOPacK v2 make sure you have space on your computer or VM
cause they are 37gb when you extract!

Lets try this now.

Lets go Step by Step


Step 1: Open the 'Settings' and go to Dictionary. Delete the file in there (you can
leave the file, however i know all passwords in there will be useless cause we
already tried them, so i deleted because if i leave it it will check that file and
take a little longer) and open the wordlist that you downloaded! (in this case i
used 2).

Step 2: Go to the main page and delete all the user (You can also leave it, it will
decrypt)

Step 3: If you deleted, like i did, go and Import the "not found.txt" that we saved
earlier.

Step 4: Make sure the attack type is 'Simple Dictionary Attack'

Step 5: Click on 'Run the attack from start'

Now, you will also save the found and the not found. Look at the second gif, of the
PART 5 from the Method 4.

We can find a lot more. However, you will need different worldlists

As promised here are a few links for you to find wordlists

1- https://thehacktoday.com/password-cracking-dictionarys-download-for-free/
2 - https://weakpass.com/wordlist/huge
3 - https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
4 - https://wiki.skullsecurity.org/Passwords
5 - http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists/?redirect

But know that Password Pro only recognizes .txt and .dic extension!!! Some
wordlists are .lst that PasswordPro will not recognize!

Method 6

Paying and Asking for Help - Decrypts ALL Hashes

I leave this Method for last cause it requires you to pay or requires the help of
others.

Part 1: Paying to decrypt hashes

I recommend that you use the InsidePro Hash Finder Client.


Their database is big, the price is very low(1$ for 500k hashes kek ) and they
decrypt pretty much all the formats that you are going to find.

But you can also look it up at the marketplace of the forum, sometimes there are
people that offer their services to decrypt for a few bucks.

Part 2: Asking for help of other

You can ask for help in the "Cracking Help" area of the forum.

But what i really recommend is that you ask for help in the HashKiller forum, their
forum is very active and they really help if you need!

1 - FindMyHash 0.2.1.1

Link: https://anonfiles.com/tbx9A0k8b6/FindMyHash_rar
VT:
https://www.virustotal.com/gui/file/dcfa1a1db6368e80d4580f2f652430d0b2eb7183f17ab78
7e09372106e232c32/detection

2 - Hash Identifier

Link: https://anonfiles.com/I5xeAdkcbc/Hash_Identifier_rar
VT:
https://www.virustotal.com/gui/file/4a114ee9b67a559bb4f6246f341e1625ba4be6f9a531fe3
ae91e16502a5867b1/detection

3 - HashKiller Helper

Link: https://anonfiles.com/51y7A0k8be/Hashkiller_Help_zip
VT:
https://www.virustotal.com/gui/file/84ebd8f0598803fcc0a346a132e2ff10705062ff0115a76
5a7cd0892ed133a1c/detection

4 - HashCracker Lite 1.3.2

Link: https://anonfiles.com/D5ybAbk7bb/HashCra..._1.3.2_rar
VT:
https://www.virustotal.com/gui/file/ea35d5c7d6e75250d28bf78da0b86491e9e1fee19c212d8
265e6b03615d4d08b/detection

5 - PasswordPRO

Link: https://anonfiles.com/f2z0A0k8bf/passwordspro_zip
VT:
https://www.virustotal.com/gui/file/98790456c9ba045919c78efdb9382ff63a847ddfbbd5d20
ba356038d528b1b0b/detection

6 - Combos used in this tutorial (MD5 and MySQL)

Link: https://anonfiles.com/W82bA1k1b0/combo_rar
VT:
https://www.virustotal.com/gui/file/79c571a0425c89cc29132c4e46424bcc4b909035fdab2aa
5a61b674c53ea865b/detection

7 - HashKiller Online Tool

Link: https://hashkiller.co.uk/list-tool.aspx

8 - InsidePro Hash Finder

Link: http://finder.insidepro.team/

EVEN THOUGH ITS CLEAN! ITS BETTER TO USE EVERYTHING ON RDP, VM!

Some links are dead that's why directly files are packed.

You might also like