Friday, October 17, 2014

Cracking Wordpress Password MD5 Hashes with hash-identifier and hashcat on Kali Linux


In my daily search for knowledge I come across all types of challenges. Today I am going to teach you how to crack a Wordpress MD5 hash.

The secret is knowing the right tool to use for the job. Lets go.

Tools:
1. Hashcat            ==> Hash Cracker
2. Rockyou.txt      ==> Or any wordlist you like
3. Hash-Identifier  ==> This shows what type of hash you have (never know)

First we need to dump the hash from the wordpress somehow. I will leave this up to my readers to find there own hash to crack :) (I hope you all can get to this stage, if you are not to this level yet, follow me and read. I will be putting several new posts covering SQLi and WP hacking, promise)

Here is my dump, I managed to get the wp-config.php file, which contains the Database pass and username. From here I will use there PHPMYADMIN to snatch the hash!! Lets go.

Dig through the database untill you find the wp_users database entry. Open that and find the pw hash you want to crack. Here is mine:

$P$BZnLsG/hc/xHbB9WIaiVR07lGAV0fa1

Now we need to make sure that the hash that we have dumped is a wordpress MD5. There are several out there and hashcat can crack most of them!


Just type hash-identifier into the terminal for this to pop up, simply paste your hash here and it will check it. This confirms it is indeed a wordpress MD5. Now the fun...

Ok now write the hash to a txt file. Simplest way:

echo $P$BZnLsG/hc/xHbB9WIaiVR07lGAV0fa1 > md5.txt

Wrong, after running a cat on MD5.txt to check if it wrote, and I found that echo take anything with a $ in front of it as a variable. So the echo does not work in this case. Just a simple leafpad, nano, vim, or kate program will work perfect. Anyways save this file with just the hash in it.

Now to attempt to crack it. I have no idea if my wordlist is up the task, but I am using rockyou which is a great list. Lets see:

Here are the options we will run on hashcat:

 hashcat -m 400 /root/Desktop/hashMD5.txt /usr/share/wordlists/rockyou.txt

Options:
 -m                  = --hash-type=NUM  --Hash-type 400                 = MD5(Wordpress) MD5.txt          = path hash directory /usr/share/wordlists/rockyou.txt = path to wordlist 


That is all there is to it. Unfortunatly, my password was not in the list so, blah, in this case I would find more dictionaries from the link that says rockyou.txt and try more. This is the only way I know of to crack Wordpress MD5. Good luck and thank you for reading! As always, stay safe.

-Meo
Posted by at 9 comments :
Subscribe to: Posts ( Atom )