saltymd5 - brute-force salted MD5 hashes

Download: saltymd5-0.1.tar.gz
MD5: codito.de/remote-exploit-md5/saltymd5.txt
Author: Martin J. Muench

Background:
Web applications often store account passwords in the following form within the databases (e.g. vBulletin): md5(md5("password") . "salt")

Compile / Build instructions:
Download the tar.gz and unpack it into a folder.
Change into that folder and type 'make'.
If you don't have OpenSSL installed or encounter any building problems try 'make no-openssl' to build with integrated MD5 function (which is slower than the OpenSSL implementation).

Hash file:
Create a file containing the hashes and the salts in the following format:
md5 hash,salt

For example:
881faf4d4fad3ca29f63e3b34fb64862,[_2

Example usage:
Use normal dictionary:
$ saltymd5 testhash.txt testwords.txt

Uses named pipe's and john the ripper:
$ mkfifo myfifofile
$ john --incremental=alpha --stdout=8 > myfifofile
$ saltymd5 testhash.txt myfifofile

Support && Bugs:
The tool is an alpha version and contains several bugs. Future updates will enhance speed and usability.
If you discover any bugs or want to provide patches send them to mjm (-@-) remote-exploit.org.

Screenshot:

$ saltymd5 testhash.txt myfifo 

saltymd5 0.1  ( MaJoMu | www.codito.de ) 
----------------------------------------

* Match: 881faf4d4fad3ca29f63e3b34fb64862 = test
* All hashes cracked

* Tried 794 passwords in 0 second on 1 hashes.
* Found 1 password(s)

Free Projects

BackTrack
Hardware Hacking
Codes&Tools
- CUPP
- 5NMP
- saltymd5
- Bluebugger
- Wyd
- SIPcrack
- Hotspotter
- Wellenreiter
Research
Publications
Donations