Ask The Admin

A website we read Hackaday posted this interesting a while back on how to use Google as a password cracker.

If you don't know what md5 hashed passwords are then this isnt for you and you should stop reading (Check back in a bit for a piece of password cracking) or see what they are here.

But if you are like me and need to um recover passwords on a system you have physical access to you know you can dump passwords from the local sam database as hashed passwords.

Using a program like l0pht crack (LC5 to those in the know - more on this later) to decpypher them is time consuming but according to this post you can simply Google the hash - if it is even a fairly common password google will return the answer. How fucking cool is that?


In the following example they use it after a machine was hacked they wanted to be able to login as that user and spy on the enviroment for some forensic goodness.

Usually we're into hardware hacks, but once in a while I run across something that's just too good. [Steven]'s blog was cracked a while back, and while he was doing forensics, he was trying to crack the md5 hashed password for the unauthorized account. Eventually he slapped the hash into Google, and guess that it was 'Anthony' based on the results that came up. Thanks to [gr] (Yes, I know it was on Slashdot a few days ago, but I don't care."