What is md4 hash cracker?

591    Asked by Amitraj in Cyber Security , Asked on Apr 5, 2022

 I'm doing some hacking exercises and I have to gain access to a site's database so I can delete all records.


The way of getting into the administrator panel is through a password (no username). I've tried some ways of getting in (SQLi, SSI, cookies) but didn't succeed. But, reading through some of the site's pages, I found something on the "news" talking about Google crawling some links it shouldn't and that they fixed it, so checking the robots.txt file gives me a /secret directory in which there is a php file called admin.php (the one that checks for correct password) and admin.bak.php. When opened the backup one, it returned:


error matching hash dc2240d8ee745db929a6944ae7a8d016

That hash is MD4 as I found a file on one of the server's hidden directories where they were trying to generate a MD4 hash.


I've tried:

findmyhash -h dc2240d8ee745db929a6944ae7a8d016 andhashcat -m 900 -a 0 dc2240d8ee745db929a6944ae7a8d016but none of them were able to crack it. How could I do this?

Answered by Andrea Bailey

  • The below hashcat command works as MD4 hash cracker:
  • hashcat64.exe -a 0 -m 900 hash.txt rockyou.txt -r rules/dive.rule
  • Either these John the Ripper (JtR) commands cracks your hash:
  • john.exe --format=Raw-MD4 --wordlist=rockyou.txt --rules=hashcat hash.txt
  • john.exe --format=Raw-MD4 hash.txt




Your Answer

Interviews

Parent Categories