DEV Community

Trix Cyrus
Trix Cyrus

Posted on

Introducing Hash-Hammer πŸ”¨: A Multi-Threaded Hash-Cracking Tool

Author: Trix Cyrus

Waymap Pentesting tool: Click Here
TrixSec Github: Click Here

Hash-Hammer is a multi-threaded hash-cracking tool I recently developed for educational and security testing purposes. This tool is ideal for penetration testers, ethical hackers, and cybersecurity enthusiasts who want to dive deeper into hash-cracking mechanics, all while learning about multi-threading in C.

Why Hash-Hammer?

Password hashing is a common security measure, but weak or predictable passwords can make even hashed data vulnerable. With Hash-Hammer, you can test hash vulnerabilities by attempting to crack MD5 hashes using brute-force or dictionary attacks. This project is intended to promote responsible security testing, not unauthorized hacking, and to help educate on the importance of password security.

Key Features

  • Multi-threaded processing for faster hash cracking.
  • Two cracking modes:
    • Brute-force Mode: Create password combinations of a given length from a set character set.
    • Dictionary/Password File Mode: Check passwords from a pre-defined list, like a password file.
  • Real-time statistics including checked passwords, remaining attempts, and speed.

Supported Hash Algorithm

Currently, Hash-Hammer supports MD5 hashes, but other algorithms may be added in future updates.

How It Works

After compiling and running Hash-Hammer, you’ll be prompted to input the target hash and choose the cracking mode:

  1. Brute-force Mode: Hash-Hammer generates password combinations up to a specified length and tests each one.
  2. Dictionary Mode: Hash-Hammer iterates through passwords in a user-provided password file.

Each mode supports multi-threading, where the hash-cracking workload is divided across multiple threads, allowing you to utilize your CPU more effectively.

Sample Usage

  1. Brute-force Mode:
   Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
   Choose mode: 1
   Enter the password length: 4
   Enter the number of threads: 8
Enter fullscreen mode Exit fullscreen mode
  1. Password File Mode:
   Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
   Choose mode: 2
   Enter the path to the password file: /path/to/passwords.txt
   Enter the number of threads: 8
Enter fullscreen mode Exit fullscreen mode

Once started, Hash-Hammer displays real-time stats on checked passwords, attempts left, speed, and elapsed time. This feedback is invaluable for tracking the cracking process.

Technical Highlights

Hash-Hammer is built with C, using pthread for multi-threading and OpenSSL for MD5 hashing. Here’s a quick look at some of the core functions:

  • brute_force: Generates and tests combinations against the target hash.
  • thread_function_bruteforce: Divides character set segments across threads for brute-force cracking.
  • thread_function_file: Reads and tests each password from a file.
  • display_stats: Shows ongoing statistics like checked and remaining passwords and cracking speed.

Getting Started

Here’s a quick guide on how to compile and run Hash-Hammer:

gcc -o hash-hammer hash_hammer.c -lssl -lcrypto -pthread
./hash-hammer
Enter fullscreen mode Exit fullscreen mode

Security Reminder

This tool is for educational use and authorized security testing only. Unauthorized use is illegal and punishable by law.

Final Thoughts

Hash-Hammer demonstrates just how vulnerable weak passwords can be, even when hashed. I hope this tool serves as a practical learning resource on hashing and multi-threading. If you're interested in the code, check out Hash-Hammer on GitHub and feel free to contribute or suggest improvements!

Author: Trix Cyrus

GitHub: Hash-Hammer

Telegram: @Trixsec

Happy hacking (ethically)!

Top comments (0)