Difference between pages "Hashing" and "Hash (tool)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Hash Lookup Services)
 
m
 
Line 1: Line 1:
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. Other types of hashing, such as [[Context Triggered Piecewise Hashing]] can also be used.
+
{{Expand}}
 +
{{Infobox_Software |
 +
  name = Hash |
 +
  maintainer = [[The Grugq]] |
 +
  os = {{Linux}} |
 +
  genre =  |
 +
  license =  |
 +
  website = [http://www.tacticalvoip.com/ tacticalvoip.com] |
 +
}}
  
== Tools ==
+
===Background===
There are literally hundreds of hashing programs out there, but a few related to forensics are:
+
  
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
+
Hash ('''Ha'''cker '''She'''ll) is a tool to enable people to evade detection while penetrating a system.
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
+
* [[ssdeep]] - Computes and matches [[Context Triggered Piecewise Hashes]].
+
  
==Hash Databases==
+
Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, [http://www.powerofcommunity.net Power of Community] that November.
; [[National Software Reference Library ]]
+
: The largest hash database
+
  
==Hash Lookup Services==
+
===Features===
There are several online services that allow you to enter a hash code and find out what the preimage might have been.  One way to find these services is to google for 'd41d8cd98f00b204e9800998ecf8427e' (the MD5 of the null string).
+
  
Here are some services that we have been able to find:
+
'''Hacking utilities'''
 +
* Inline file transfer
 +
* qondom - remote diskless execution
  
; http://nz.md5.crysm.net/
+
'''Builtins'''
: MD5 reverse lookup, operated by  Stephen D Cope. As of December 2007 this database had 28 million MD5 hashes. The author states that the database is divided into 256 MySQL tables to make the problem more tractable.  The database claims to include every two, three, and four digit combination, all dictionary words, and a pile of user-submitted data." But the author also states that they are attempting to calculate and index all possible MD5 indexes. Of course, this is an impossibility.
+
* Triggers
 +
* Aliasing
 +
* Basic file system and shell escape commands
  
; http://us.md5.crysm.net/
+
===External Links===
: Similar to the NZ server, but with only 16 million MD5 hashes.
+
* [http://powerofcommunity.net/poc2007/grugq.pdf PoC presentation: ''Hacking Sucks!'']
 +
* [http://www.tacticalvoip.com/tools.html hash-0.2.5.tar.gz]
  
; http://md5.benramsey.com
+
[[Category:Anti-forensics tools]]
: A nice forward and reverse demonstration system, with an XML and AJAX interface.
+
 
+
: http://www.hashcrack.com/
+
: reverse hash lookup of MD5, SHA1, MySQL, NTLM, and Lanman hashes. Claims 75million hashes of 13.2 million unique words.
+

Latest revision as of 13:17, 1 September 2009

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Hash
Maintainer: The Grugq
OS: Linux
Genre:
License:
Website: tacticalvoip.com

Background

Hash (Hacker Shell) is a tool to enable people to evade detection while penetrating a system.

Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, Power of Community that November.

Features

Hacking utilities

  • Inline file transfer
  • qondom - remote diskless execution

Builtins

  • Triggers
  • Aliasing
  • Basic file system and shell escape commands

External Links