Cracking hashes using findmyhash
Hashcat http://hashcat.net/hashcat/ is the definitely tool to use for cracking hashes. It might be highly possible that the hash might have been cracked by others online.
Therefore, it might be more convenient to perform a lookup using the online free services before even trying to crack the hash with Hashcat.
findmyhash is a very useful tool for cracking the hashes using free online services.
Most of the password dumps have been appearing on websites like Pastebin.com and it makes it even more useful if findmyhash is able to find and crack md5/sha1 hashes located in a website link like pastebin. I have submitted a patch to https://code.google.com/p/findmyhash/issues/detail?id=7 for this new feature.
If you do not feel comfortable with another party knowing about the hashes, you should skip using findmyhash all together and dive straight to hashcat instead.
Cracking hashes from a url
To directly search and crack hashes from a url, you only need to key in the below commands
- python findmyhash_v1.1.2.py MD5 -u http://pastebin.com/ddWYY634
- python findmyhash_v1.1.2.py SHA1 -u http://pastebin.com/1YbcH2k5
Applying the patch
As the patch is not yet accepted and committed to the source, you can apply the patch listed at https://code.google.com/p/findmyhash/issues/detail?id=7 by performing the below actions
- python findmyhash_v1.1.2.py -i findmyhash.patch -o findmyhash_v1.1.3.py
Video on how to use findmyhash 1.1.2
Below is a video on how to use findmyhash.py
You can download the updated findmyhash at http://pastebin.com/9GRTrNj7