Forum Thread: How to Retreive a Password from an Hash

During CTFs, it's common to encounter some hashes that you may want to crack. You can do it offline by cracking them, you can google them or use a web service that stores massive data about cracked or generated hashes. The best way (if you can't afford cracking them on your own) is to relay on those web sites. But you can't check them one by one until you find a match. So why don't use a tool that does this on its own?

Jack Hash Finder

I made this tool to make it easier to me (and to others) finding the passwords that has been hashed. It basically queries some web sites and gets the result.

Step 1: Download the Tool

You can find the code here (github.com/jackrendor/jhf) and follow the tutorial.
Download the tools using git
> git clone git@github.com:jackrendor/jhf.git

Step 2: Configure and Install Dependencies

Install the dependencies
> sudo apt install python3 python3-virtualenv

After downloading it, navigate to it's folder and execute the configure.sh file
> bash configure.sh

Step 3: Execute the Tool

Now you're ready to execute the tool.
Try to run the following command:
> ./jhf a4fd8e6fa9fbf9a6f2c99e7b70aa9ef2

That's It!

You're done! If the hash is inside of some of those databases, you will see the output of it.

Also, you can concatenate multiple hashes, so you don't have to run the command for every hash. Just separate by using spaces.

> ./jhf a4fd8e6fa9fbf9a6f2c99e7b70aa9ef2 d033e22ae348aeb5660fc2140aec35850c4da997

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active