In my daily search for knowledge I come across all types of challenges. Today I am going to teach you how to crack a Wordpress MD5 hash.
The secret is knowing the right tool to use for the job. Lets go.
Tools:
1. Hashcat ==> Hash Cracker
2. Rockyou.txt ==> Or any wordlist you like
3. Hash-Identifier ==> This shows what type of hash you have (never know)
First we need to dump the hash from the wordpress somehow. I will leave this up to my readers to find there own hash to crack :) (I hope you all can get to this stage, if you are not to this level yet, follow me and read. I will be putting several new posts covering SQLi and WP hacking, promise)
Here is my dump, I managed to get the wp-config.php file, which contains the Database pass and username. From here I will use there PHPMYADMIN to snatch the hash!! Lets go.
Dig through the database untill you find the wp_users database entry. Open that and find the pw hash you want to crack. Here is mine:
$P$BZnLsG/hc/xHbB9WIaiVR07lGAV0fa1
Now we need to make sure that the hash that we have dumped is a wordpress MD5. There are several out there and hashcat can crack most of them!
Just type hash-identifier into the terminal for this to pop up, simply paste your hash here and it will check it. This confirms it is indeed a wordpress MD5. Now the fun...
Ok now write the hash to a txt file.
Wrong, after running a cat on MD5.txt to check if it wrote, and I found that echo take anything with a $ in front of it as a variable. So the echo does not work in this case. Just a simple leafpad, nano, vim, or kate program will work perfect. Anyways save this file with just the hash in it.
Now to attempt to crack it. I have no idea if my wordlist is up the task, but I am using rockyou which is a great list. Lets see:
Here are the options we will run on hashcat:
hashcat -m 400 /root/Desktop/hashMD5.txt /usr/share/wordlists/rockyou.txt
Options:
-m = --hash-type=NUM --Hash-type 400 = MD5(Wordpress) MD5.txt = path hash directory /usr/share/wordlists/rockyou.txt = path to wordlist
That is all there is to it. Unfortunatly, my password was not in the list so, blah, in this case I would find more dictionaries from the link that says rockyou.txt and try more. This is the only way I know of to crack Wordpress MD5. Good luck and thank you for reading! As always, stay safe.
-Meo
This article is very helpful for me I know many new things after read this article just want to thank you. Just Click Here
ReplyDeleteThe best blog I had ever gone through. Really a promising blog. And a promising wordpress blog Service Provider. awaz
ReplyDeleteThank you for posting such a great article! I found your website perfect for my needs. It contains wonderful and helpful posts.Legal Translation Service in Abu Dhabi
ReplyDeleteI feel really happy to have seen your webpage and look forward to so many more entertaining times reading here. Thanks once more for all the details.Legal Translation Services in Dubai
ReplyDeleteVery impressive post.
ReplyDeleteThank you very much Rai. I try my best to use proper grammer and spelling. And I triple check all my sources and codes; Thanks for reading, follow me if you have not already. Thanks for the kind words. More to come. Working with honeypots and malware ananasys. Check back soon friend. --Meo
DeleteCommunication Legal Translation provides the professional translation services in Dubai by qualified certified translators . If you are looking for legal translation services in UAE. We offer affordable and scalable translation in over 75 languages.Get in touch with us : https://communicationdubai.com/
ReplyDeleteIf you are looking for best Legal Translation Services in Dubai. Your business is most important to us, and with translation services in Dubai to help you, just know that you are bound to benefit from such a service. Expanding over more than 55 Services, our Translation Services in more than 75 languages.
ReplyDeleteGet in touch with us : https://translatedubai.ae/
ReplyDeleteThanks For Post which have lot of knowledge and informataion thanks.... phpMyAdmin Crack