What is md4 hash cracker?
I'm doing some hacking exercises and I have to gain access to a site's database so I can delete all records.
The way of getting into the administrator panel is through a password (no username). I've tried some ways of getting in (SQLi, SSI, cookies) but didn't succeed. But, reading through some of the site's pages, I found something on the "news" talking about Google crawling some links it shouldn't and that they fixed it, so checking the robots.txt file gives me a /secret directory in which there is a php file called admin.php (the one that checks for correct password) and admin.bak.php. When opened the backup one, it returned:
error matching hash dc2240d8ee745db929a6944ae7a8d016
That hash is MD4 as I found a file on one of the server's hidden directories where they were trying to generate a MD4 hash.
I've tried:
findmyhash -h dc2240d8ee745db929a6944ae7a8d016 andhashcat -m 900 -a 0 dc2240d8ee745db929a6944ae7a8d016but none of them were able to crack it. How could I do this?
- The below hashcat command works as MD4 hash cracker:
- hashcat64.exe -a 0 -m 900 hash.txt rockyou.txt -r rules/dive.rule
- Either these John the Ripper (JtR) commands cracks your hash:
- john.exe --format=Raw-MD4 --wordlist=rockyou.txt --rules=hashcat hash.txt
- john.exe --format=Raw-MD4 hash.txt