I'm super excited to share with you how I cracked masked passwords from a stolen Linux /etc/shadow file by altering the MD5 hash algorithm. I was inspired by this interesting article I found on Vidar Holen's blog [1]. So, let's dive in!

First off, I learned how the MD5 password hashes are computed using 1000 rounds of primitive MD5 hashes by studying the tutorial in the article. It provided me with great insights into the process and a better understanding of the topic.

To crack the passwords, I decided to write a brute-force style program in C++, Python, Bash, and Go, making use of the multiprocessing feature. This enabled me to efficiently explore all the possible passwords while optimizing for speed. Remember that the passwords we're dealing with are intentionally randomized, so dictionary attacks wouldn't be very effective.

I utilized the primitive hash functions from the crypto libraries, like hashlib.md5(string) in Python, as my foundation. I then implemented my custom MD5 hash algorithm using the information from the article as a reference, which allowed me to create a more efficient and powerful password cracking tool.

To speed up the cracking process, I leveraged multiprocessing. This enabled my program to concurrently test multiple candidate passwords, significantly reducing the time it took to find the correct one. I made sure not to interfere with other people's use of the machines by adhering to the rules and not overloading the resources.

During the process, I monitored the throughput of the password cracking, which is the number of candidate passwords tested per second. This helped me keep track of the performance of my program and make any necessary adjustments along the way. As a result, I was able to crack the password for my team user within a reasonable amount of time. It was such a thrilling and rewarding experience!

I encourage you to try it out yourself and see the power of a custom MD5 hash algorithm in action. That's it for today's blog