MD5 Hash를 꺠는데 구글을 이용하여 레인보우 테이블이나 브루트포스 공격보다 더 빠르게 찾을 수 있는 BozoCrack 이란게 있다고 하여 간단하게 테스트를 해보았습니다.
[root@localhost byjjoon]# cat test.txt
098f6bcd4621d373cade4e832627b4f6
755f85c2723bb39381c7379a604160d8
f6182f0359f72aae12fb90d305ccf9eb
eb938c5aa46863c29e86c64a2c2ed60c
[root@localhost byjjoon]# ruby bozocrack.rb
Usage example: ruby bozocrack.rb file_with_md5_hashes.txt
[root@localhost byjjoon]# ruby bozocrack.rb test.txt
Loaded 4 unique hashes
098f6bcd4621d373cade4e832627b4f6:test
755f85c2723bb39381c7379a604160d8:good
f6182f0359f72aae12fb90d305ccf9eb:young
eb938c5aa46863c29e86c64a2c2ed60c:pyj꽤 빠르게 뽑아주네요 다운로드는 아래 사이트에서 하실 수 있습니다.
https://github.com/juuso/BozoCrack/
require 'digest/md5'
require 'net/http'
class BozoCrack
def initialize(filename)
@hashes = Array.new
@cache = Hash.new
File.new(filename).each_line do |line|
if m = line.chomp.match(/\b([a-fA-F0-9]{32})\b/)
@hashes << m[1]
end
end
@hashes.uniq!
puts "Loaded #{@hashes.count} unique hashes"
load_cache
end
def crack
@hashes.each do |hash|
if plaintext = @cache[hash]
puts "#{hash}:#{plaintext}"
next
end
if plaintext = crack_single_hash(hash)
puts "#{hash}:#{plaintext}"
append_to_cache(hash, plaintext)
end
sleep 1
end
end
private
def crack_single_hash(hash)
response = Net::HTTP.get URI("http://www.google.com/search?q=#{hash}")
wordlist = response.split(/\s+/)
if plaintext = dictionary_attack(hash, wordlist)
return plaintext
end
nil
end
def dictionary_attack(hash, wordlist)
wordlist.each do |word|
if Digest::MD5.hexdigest(word) == hash.downcase
return word
end
end
nil
end
def load_cache(filename = "cache")
if File.file? filename
File.new(filename).each_line do |line|
if m = line.chomp.match(/^([a-fA-F0-9]{32}):(.*)$/)
@cache[m[1]] = m[2]
end
end
end
end
def append_to_cache(hash, plaintext, filename = "cache")
File.open(filename, "a") do |file|
file.write "#{hash}:#{plaintext}\n"
end
end
end
if ARGV.size == 1
BozoCrack.new(ARGV[0]).crack
else
puts "Usage example: ruby bozocrack.rb file_with_md5_hashes.txt"
end