Introducing Hash-Hammer 🔨: A Multi-Threaded Hash-Cracking Tool

Author: Trix Cyrus

Waymap Pentesting tool: Click Here
TrixSec Github: Click Here

Hash-Hammer is a multi-threaded hash-cracking tool I recently developed for educational and security testing purposes. This tool is ideal for penetration testers, ethical hackers, and cybersecurity enthusiasts who want to dive deeper into hash-cracking mechanics, all while learning about multi-threading in C.

Why Hash-Hammer?

Password hashing is a common security measure, but weak or predictable passwords can make even hashed data vulnerable. With Hash-Hammer, you can test hash vulnerabilities by attempting to crack MD5 hashes using brute-force or dictionary attacks. This project is intended to promote responsible security testing, not unauthorized hacking, and to help educate on the importance of password security.

Key Features

• Multi-threaded processing for faster hash cracking.
• Two cracking modes:
  • Brute-force Mode: Create password combinations of a given length from a set character set.
  • Dictionary/Password File Mode: Check passwords from a pre-defined list, like a password file.
• Real-time statistics including checked passwords, remaining attempts, and speed.

Supported Hash Algorithm

Currently, Hash-Hammer supports MD5 hashes, but other algorithms may be added in future updates.

How It Works

After compiling and running Hash-Hammer, you’ll be prompted to input the target hash and choose the cracking mode:

1. Brute-force Mode: Hash-Hammer generates password combinations up to a specified length and tests each one.
2. Dictionary Mode: Hash-Hammer iterates through passwords in a user-provided password file.

Each mode supports multi-threading, where the hash-cracking workload is divided across multiple threads, allowing you to utilize your CPU more effectively.

Sample Usage

1. Brute-force Mode:

   Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
   Choose mode: 1
   Enter the password length: 4
   Enter the number of threads: 8

1. Password File Mode:

   Enter the hash to crack: 098f6bcd4621d373cade4e832627b4f6
   Choose mode: 2
   Enter the path to the password file: /path/to/passwords.txt
   Enter the number of threads: 8

Once started, Hash-Hammer displays real-time stats on checked passwords, attempts left, speed, and elapsed time. This feedback is invaluable for tracking the cracking process.

Technical Highlights

Hash-Hammer is built with C, using pthread for multi-threading and OpenSSL for MD5 hashing. Here’s a quick look at some of the core functions:

• brute_force: Generates and tests combinations against the target hash.
• thread_function_bruteforce: Divides character set segments across threads for brute-force cracking.
• thread_function_file: Reads and tests each password from a file.
• display_stats: Shows ongoing statistics like checked and remaining passwords and cracking speed.

Getting Started

Here’s a quick guide on how to compile and run Hash-Hammer:

gcc -o hash-hammer hash_hammer.c -lssl -lcrypto -pthread
./hash-hammer

Security Reminder

This tool is for educational use and authorized security testing only. Unauthorized use is illegal and punishable by law.

Final Thoughts

Hash-Hammer demonstrates just how vulnerable weak passwords can be, even when hashed. I hope this tool serves as a practical learning resource on hashing and multi-threading. If you're interested in the code, check out Hash-Hammer on GitHub and feel free to contribute or suggest improvements!

Author: Trix Cyrus

GitHub: Hash-Hammer

Telegram: @Trixsec

Happy hacking (ethically)!