… or “Using Google and Yahoo to Light-Force An (Almost) Infinite Dictionary”
I read an article recently about using Google to search for plaintext equivalents of MD5 hashes. Basically, you search for the hash (something like, “5f4dcc3b5aa765d61d8327deb882cf99″) and look through the results for the plaintext equivalent (in this case, “5f4dcc3b5aa765d61d8327deb882cf99″ is equal to “password”).
It got me thinking about when I wore the Grey Hat in the old days, and I would download dozens of wordlists to use for my brute-force attempts at cracking Windows NT passwords (for educational purposes only). If you consider the *illions of pages in the internet, you can essentially utilize them as a massive wordlist, or “webtionary”, for cracking.
Using PHP, I whipped up a script that searches both Google and Yahoo for the MD5 hash, then takes the results, sorts them by frequency of word, and hashes each word to try to match to the original query.
There are sites that let you search their huge databases of MD5 hashes and their plaintext-equivalents, but that’s not the point here. The point is using search results and sifting through a few hundred words of search results–which is more efficient that searching a few million rows, though not as successful. But, I was surprised at how many times the script quickly deciphered a hash. Try it yourself, and send me any improvements that could be made to the code to make it even more efficient.
UPDATE 2013: I removed the MD5 cracker. It had become an API endpoint of sorts for crackers everywhere, and the 1000s of request per minute kept crashing my blog. You can still find the source code and my writeup for 2600 Magazine here.