Author: Trix Cyrus
Waymap Pentesting tool: Click Here
TrixSec Github: Click Here
Hash-Hammer is a multi-threaded hash-cracking tool I recently developed for educational and security testing purposes. This tool is ideal for penetration testers, ethical hackers, and cybersecurity enthusiasts who want to dive deeper into hash-cracking mechanics, all while learning about multi-threading in C.
Why Hash-Hammer?
Password hashing is a common security measure, but weak or predictable passwords can make even hashed data vulnerable. With Hash-Hammer, you can test hash vulnerabilities by attempting to crack MD5 hashes using brute-force or dictionary attacks. This project is intended to promote responsible security testing, not unauthorized hacking, and to help educate on the importance of password security.
Key Features
- Multi-threaded processing for faster hash cracking.
-
Two cracking modes:
- Brute-force Mode: Create password combinations of a given length from a set character set.
- Dictionary/Password File Mode: Check passwords from a pre-defined list, like a password file.
- Real-time statistics including checked passwords, remaining attempts, and speed.
Supported Hash Algorithm
Currently, Hash-Hammer supports MD5 hashes, but other algorithms may be added in future updates.
How It Works
After compiling and running Hash-Hammer, youโll be prompted to input the target hash and choose the cracking mode:
- Brute-force Mode: Hash-Hammer generates password combinations up to a specified length and tests each one.
- Dictionary Mode: Hash-Hammer iterates through passwords in a user-provided password file.
Each mode supports multi-threading, where the hash-cracking workload is divided across multiple threads, allowing you to utilize your CPU more effectively.
Sample Usage
- Brute-force Mode:
Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
Choose mode: 1
Enter the password length: 4
Enter the number of threads: 8
- Password File Mode:
Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
Choose mode: 2
Enter the path to the password file: /path/to/passwords.txt
Enter the number of threads: 8
Once started, Hash-Hammer displays real-time stats on checked passwords, attempts left, speed, and elapsed time. This feedback is invaluable for tracking the cracking process.
Technical Highlights
Hash-Hammer is built with C, using pthread for multi-threading and OpenSSL for MD5 hashing. Hereโs a quick look at some of the core functions:
- brute_force: Generates and tests combinations against the target hash.
- thread_function_bruteforce: Divides character set segments across threads for brute-force cracking.
- thread_function_file: Reads and tests each password from a file.
- display_stats: Shows ongoing statistics like checked and remaining passwords and cracking speed.
Getting Started
Hereโs a quick guide on how to compile and run Hash-Hammer:
gcc -o hash-hammer hash_hammer.c -lssl -lcrypto -pthread
./hash-hammer
Security Reminder
This tool is for educational use and authorized security testing only. Unauthorized use is illegal and punishable by law.
Final Thoughts
Hash-Hammer demonstrates just how vulnerable weak passwords can be, even when hashed. I hope this tool serves as a practical learning resource on hashing and multi-threading. If you're interested in the code, check out Hash-Hammer on GitHub and feel free to contribute or suggest improvements!
Author: Trix Cyrus
GitHub: Hash-Hammer
Telegram: @Trixsec
Happy hacking (ethically)!