• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
  • Hosts
  • Company
    • About
    • Careers
    • Contact

Articles/ Identity and Access

Cracking MD5 Passwords with BozoCrack

Paul Asadoorian November 23, 2011

A couple of weeks ago I saw someone mention a little script called BozoCrack on Twitter and I decided to check it out. What caught my attention is that BozoCrack simply “cracks” md5 hashes by doing a search on Google for that hash. Once it finds the hash and the text that goes with it, it spits it back out on the screen. Not really cracking of course, but its pretty dang effective.
Here is the description that Juuso Salonen, the author, gave it.
“BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.
It works way better than it ever should.”
Here’s a quick test run of the script. I did a small list with the following passwords in it.
foobar
password
letmein!
password1234
wtfbbqftw
Save that as md5-list.txt and ran BozoCrack against it. My results came back in a just couple of seconds.

> ruby bozocrack.rb md5-list.txt
Loaded 5 unique hashes
3858f62230ac3c915f300c664312c63f:foobar
5f4dcc3b5aa765d61d8327deb882cf99:password
2a5de0f53b1317f7e36afcdb6b5202a4:letmein!
bdc87b9c894da5168059e00ebffb9077:password1234

I didn’t get “wtfbbqftw” this time, but who knows it may show up in future Google searches. This is a dead simple script, a great idea and WAY more effective than it should be.
Here’s the link to download it. BozoCrack

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

uptrend line arrows with bar chart in stock market on blue color background

Articles /

Ransomware Damage Claims Driving Insurance Hikes

SWG

Identity and Access /

Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments

web-application-firewall-comparison-696x423

Articles /

Building a More Secure AppDev Process

‹ Metasploit Changes to Git › Looking for Stealth ADS streams

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS feed RSS - Posts

Search

Latest Tweets

Tweets by @secweekly
© Security Weekly 2022
Powered by WordPress • Themify WordPress Themes