FAQ V1.5
Answer:
Question:
Where can i find binaries and/or sources for Unix like OSes ?
Since version 1.5, this software is now primarily developped for Win32 and is closed sources.
The reason is i needed a robust plateform for threads
At this time, i have not looked at Linux and BSD threads implementation, not yet.
The old 1.2 release for Windows really needed a complete rewrite and this was another good reason.
I still love FreeBSD and Linux though :)
A port for these systems might be released later but i can't give any date now.
Note that sources and binaries for the previous 1.2 version are still downloadable from MDCrack homepage: http://mdcrack.openwall.net.
Answer:
Question:
What's new in version 1.5 ?
In summary it now supports parallel cracking as well as load-sharing between up to 8 CPUs.
This version supports 3 new algorithms and several new optimized cores, is stable and more user friendly.
For more details please look at the web site: http://mdcrack.openwall.net
Answer:
Question:
Can i redistribute your package on my own site ?
Yes you can but...
please try to keep the original package structure untouched and provide the same MD5 signature or a link to it.
For those downloading from other sites than http://mdcrack.openwall.net, be sure to check the MD5 checksum on the homepage.
Answer:
Question:
What algorithm does it support ?
raw MD2, raw MD4, raw MD5, Microsoft NTLMv1, Cisco PIX for Enable and users accounts
All algorithms are supported with and without salt.
Answer:
Question:
What method of attack does it support ?
Since version 1.5, MDCrack only support bruteforce attacks (also known as incremental) and might never support anything else.
When passwords are not made of easily guessable names or if they are salted, this program is your best chance.
For a dictionnary based attack you probably want a program like John the ripper available here: http://www.openwall.com/john
Answer:
Question:
I have a shadow password file that use MD5 based BSD hashes, can i crack them with MDCrack ?
Not yet. It may be done one day but until that time, John the Ripper by Solar Designer is among the fastest crackers capable of BSD-style MD5 hashes - you can find it here: http://www.openwall.com/john
Answer:
Question:
Where can i get a valid NTLMv1 hash on my system ?
In the sam file usually located in "{WINROOT}\system32\config\sam". Use any tool like pwdump2.exe to dump the sam in clear form.
The first hash after the username is a Lanmanager hash (weak DES implementation) and the second one is this you want (NTLM).
Just copy and paste the hash as is (32 characters) in your command line.
eg: mdcrack -M NTLM 6287617255addf63715eefd1b1b0e15f
Answer:
Question:
Where can i get a valid PIX hash, how do i crack it ?
In your PIX configuration, you should read something like
enable password rsg12dl5/1GOnD2e
copy the last part "rsg12dl5/1GOnD2e" and past it into your command line and use -M PIX or -M PIX-E.
eg. mdcrack -M PIX rsg12dl5/1GOnD2e
In the same configuration you may also read one or many lines like:
username user password dse19dn3/2GOfD2m encrypted privilege 15
This is a PIX user definition, use a similar command line to crack his hash.
eg. mdcrack -M PIX-U -u user dse19dn3/2GOfD2mAnswer:
Question:
I already know the charset or password scheme in use in my organisation.
You can use the -s option and feed your organisation charset to MDCrack, additionnally you can use the '-m' option to mix it up randomly before use.
If you know even partially the password scheme in use (eg: usernameXXXX2006) salts will be of great help, use -b username and -e 2006 in this example.
Answer:
Question:
I have no clue about the charset being used by my organisation but i suspect MDCrack default charset ([a-z0-9A-Z]) to be too large or incomplete for my needs.
Either use '-s' followed by a charset of your choice, or use '-c' <size> and MDCrack will randomly generate one for you
Answer:
Question:
I feel lucky and seek as many collisions as possible.
'-a' option will ask MDCrack to not quit after the first collision found, it will actually never quit until you explicitly stop the session
by using control-C from the console.
Note that it will also leave if current keyspace has been depleted or if one of the limits has been reached (eg. timer expiration).
Answer:
Question:
How fast is MDcrack ?
As far as i know, MDcrack offers the fastest bruteforce attacks for all the algorithms it supports MD2/MD5/MD4/NTLMv1/PIX/PIXu.
Please, let me know if you know anything faster.
Answer:
Question:
MD2 poorly performs in comparison to MD5 on my computer, is it normal behavior ?
Yes, MD2 was designed and optimised for a 8bits architecture, it is hard to optimize on a 32bits architecture.
I'm still working on this but do not expect any rate near MD5.
Answer:
Question:
Why prepended salts seem to make MDCrack running slightly slower than with appended salts or no salt at all?
With no salt or an appended salt MDCrack uses a double-hashing algorithm where two hashes are generated in a row
thus benefiting even more from the use of the L1 CPU cache.
Answer:
Question:
Why are performances so poor with verbosity set (ie. -v and -V options) ?
for obvious reasons, MDCrack makes repetitive calls to IO functions in order to display current candidate and hash.
This mode should only be considered for fun and educationnal purposes. It should never be used for anything else.
Since 1.5, you can press any key at the keyboard during a session to get runtime threads statictics.
Answer:
Question:
When should i change MDCrack process priority and why ?
In most cases, IDLE is just perfect and will kindly let CPU cycles for any other running applications you may have.
In some circumstances, a penetration test for instance, you may want to reserve most if not all CPU cycles for MDCrack and use HIGH priority.
Be aware that REALTIME will make your system unresponding for the whole session time !
Never use -a with -p REALTIME !
Otherwise dry your tears and press reset ;)
Answer:
Question:
I tried to run MDCrack with REALTIME priority but it complains about that and nothing happens.
You probably don't want to do that but if you know for sure what you are doing, type '-P REALTIME' twice on the command line
Answer:
Question:
Can i save my session and resume it at a later time ?
Yes, MDCrack automatically saves your session if you stop it from the console (with control-c).
Default session file is located in %USER PROFILE%\Application Data\MDCrack\mdcrack.latest
To change session filename, use '-A'from the command line.
To resume a saved session, either:
type MDCrack alone
or type MDCrack -L [other options]
The later lets you add more option like '-A' to load an alternate session filename, '-p' to set process priority etc..
in fact any option not restored from the session file.
Answer:
Question:
What are -C, -f, -N options used for ?
They are aesthetic options, they affect the console colors and layout and nothing else
-C switches the console in color mode, more readable IMO,
-f switches console in fullscreen mode
-Noffers alternate color schemes
Answer:
Question:
How can i benchmark my system and how to send my results ?
I still need them,
Since version 1.5, type mdcrack -E from the console, wait about the minute it takes
then copy the report and send it to me by email at mdcrack@videotron.ca
Ideally you should close any other running application, especially applications greedy with your CPU.
Before sending your benchmark, check your system has not already been reported in the performance table.
Also if you see what you think to be an error in this table, please report it by email (mdcrack@videotron.ca)
Thank you !
Answer:
Question:
What can I do to help you?
Any help will be appreciated.
I you find typo or grammar errors in the documentation, please report it.
You can also translate the documentation like this faq in your native language.
Send me your benchmarks
Send me an email to discuss any new feature you wish and/or problem you may have
Send me an email to report bugs.
Since 1.5 you can now make a donation to support MDCrack.
See the web page for more details: http://mdcrack.openwall.net
Answer:
Question:
What is coming in next releases ?
The biggest and most exciting feature under development is Network distribution (i prefer the term 'mass cracking'), still no date to give.
Meantime, expect to see:
more algorithms and optimized cores.
bug fixes
any new feature you request that makes sense.
Answer:
Question:
I still have a question that's unanswered...
You can e-mail me at mdcrack@videotron.ca
You can also visit the main site to read the latest news at http://mdcrack.openwall.net
Have fun !
Gregory