-4

I was looking at HashCatt (any other tool is fine) to determine a string that was MD5 hashed. I know the main part of the string however there is a variable in the middle I am unaware of, how to I go about brute forcing it?

eg. original string is "fresh " + {type of fruit} + " is tasty!" and I wanted to know the type of fruit.

biroshima
  • 71
  • 2
  • 7
  • possible duplicate of [Is it possible to decrypt md5 hashes?](http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes) – Scott Solmer Dec 03 '14 at 14:36

2 Answers2

0

You'll have to list up every type of fruit you know, build the string with that type of fruit, then calculate the hash and compare.

MD5 is not reverse-engineerable, and it is not encryption, so that is the only way you'll figure it out. And only if you spell it exactly the same and use the same string encoding (i.e., if the string was UTF8 and you're encoding with UTF16 it's not going to fly).

Roy Dictus
  • 32,551
  • 8
  • 60
  • 76
-1

Do you know the range of values for the possible variable, or can you estimate it? If so, it reduces the range of the brute-force. That's probably your best approach.

It's worth recognising that with a well-designed hash algorithm you shouldn't, ideally, be able to draw any conclusions from string > hash conversion about the output of string + second_string > hash. To use the examples you've provided, the MD5 output of "fresh apples is tasty!" is 53aff0275a241760e654b3fe0e2184c4 - the output for "fresh oranges is tasty!" is e7c124fef3816ba5a6d6917e20bd5a8b. Very different results. So, if what you're looking for is a way to split the hash output and focus just on a substring, or something, you're not going to find it. Your best bet is reducing the brute-force's range.

Oliver Keyes
  • 3,294
  • 2
  • 14
  • 23
  • I want to refine the brute force's range yes, I'm asking how exactly I do that, I have briefly attempted trying to specify for eg. "fresh " [a-z] " is tasty!" where it will continually increase in characters within that part of the string, I just can't work out how exactly to do it. My question is how practically do I do it not how logically - if that makes sense – biroshima Dec 03 '14 at 14:42
  • Well, what's the range, and what language are you using? – Oliver Keyes Dec 03 '14 at 14:43
  • it's not necessarily words, the example was purely that, there is no comprehensible data in the string it's all random characters so I have no idea what it could be or how long it is I only know the starting and ending sections of the string which are also random (however consistent across all hashes) Also I am attempting to solve this with [HashCatt](http://hashcat.net/hashcat/) purely because that was the best I found. If anyone has a better way of going about it I am happy to take suggestions – biroshima Dec 03 '14 at 14:50