Crackq API

Version 0.1


If you're planning to integrate Crackq into your existing project or create a custom client, Crackq provides the following API.

/crackq/v0.1/submit


Method: POST

Request content type: application/json

Request body:

 {
         "key": "API_KEY", 
         "type": "HASH_TYPE",
         "content": "HASH_VAL",
         "q": "privq"
 }
keyAPI_KEY is the unique randomly-generated API key associated with your account. This key can be located on the user details page available after logging in.
typeHASH_TYPE is a string that represents the hash type provided in the 'content' parameter. For example, the hash type can be 'ntlm', 'wpa', 'descrypt', 'md5crypt', etc. For a full list of supported hash types refer to the Hash types section.
contentDepending on the HASH_TYPE, HASH_VAL may represent either a single hash value (e.g., a hex string for 'md5', 'ntlm', 'sha1', etc.) or a base64-encoded gzipped string (for WPA handshakes).
qThis parameter is fixed to "privq".

Sample request:

POST https://haschrack.org/crackq/v0.1/submit HTTP/1.1
Content-Length: 151
Host: hashcrack.org
Content-Type: application/json
User-Agent: Crackq

{
  "key": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
  "type": "md5",
  "content": "06aa3b7d55df43e7d7fa4aef94811e4a",
  "q": "privq"
}

Responses:

201{"msg": "SUBMITTED"} - the hash was successfully submitted to the queue for processing.
400{"msg": "MALFORMED REQUEST"} - the request is missing required parameters.
400{"msg": "UNSUPPORTED HASH TYPE"} - the requested hash type ("type" parameter) is not supported.
400{"msg": "INVALID FORMAT"} - the hash format ("content" parameter) is not valid.
401{"msg": "INVALID API KEY"} - the provided API key ("key" parameter) is not valid.
401{"msg": "QUOTA IS EXCEEDED"} - the submission quota associated with your account is 0. You can view and purchase your queue submission quota on the user details page after logging in.
401{"msg": "QUEUE IS FULL"} - the maximum queue size is 10 submissions, meaning that there can be at most 10 hashes in the queue at any time. If you're receiving this error, wait for some hashes to be processed and try submitting to the queue again.

/crackq/v0.1/user_email


Method: POST

Request content type: application/json

Request body:

 {
         "key": "API_KEY", 
 }
keyAPI_KEY is the unique randomly-generated API key associated with your account. This key can be located on the user details page available after logging in.

Sample request:

POST https://haschrack.org/crackq/v0.1/user_email HTTP/1.1
Content-Length: 75
Host: hashcrack.org
Content-Type: application/json
User-Agent: Crackq

{"key": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}

Responses:

200{"email": "support@hashcrack.org", "privq_limit": x, "pubq_limit": 10} - where the "email" parameter represents the user's registered email. The "privq_limit" is the submission quota (i.e., the number of queue submissions left) and "pubq_limit" parameter is obsolete and is likely to be removed if future releases.
400{"msg": "MALFORMED REQUEST"} - the request is missing required parameters.
401{"msg": "INVALID API KEY"} - the provided API key ("key" parameter) is not valid.

/crackq/v0.1/client_ver


Method: GET

Sample request:

GET https://haschrack.org/crackq/v0.1/client_ver HTTP/1.1
Host: hashcrack.org
User-Agent: Crackq


Responses:

verwhere 'ver' is a string representing the current Crackq version.

The following hash types are supported by the Crackq.

"type": "ntlm"Set the "content" parameter to a 32 hex character (upper- or lower-case) string.
"type": "md5"Set the "content" parameter to a 32 hex character (upper- or lower-case) string.
"type": "sha1"Set the "content" parameter to a 40 hex character (upper- or lower-case) string.
"type": "descrypt"Set the "content" parameter to a 13 characters long string drawn from [0-9A-Za-z./].
"type": "md5crypt"Set the "content" parameter to $1$SALT$CHECKSUM, where SALT is 0-8 characters drawn from [0-9A-Za-z./] and CHECKSUM is 22 characters long drawn from the same charset as SALT.
"type": "phpass"Set the "content" parameter to either $P$ (Wordpress and Joomla) or $H$ (phpBB3) prefix followed by 1 character representing the number of MD5 rounds, followed by the salt and checksum (30 characters in total) drawn from the following charset [./0-9A-Za-z].
"type": "mysql"Set the "content" parameter to a 40 hex character (upper- or lower-case) string.
"type": "wpa"The .hccap file should contain a single handshake (392 bytes). Gzip the binary and base64-encode the result: base64.b64encode(zlib.compress(handshake_bin))


Updates

  1. 30/05/2016: Added HOTBOX-xxxx to the list of default ESSIDs. See the full list here.
  2. 28/05/2016: We're now accepting Ether as the payment option (ethereum.org)!
  3. 05/05/2016: Added 4G-Gateway-XXXX to the list of default ESSIDs. See the full list here.
  4. 27/02/2016: Added RogersXXXXX to the list of default ESSIDs. See the full list here.
  5. 26/02/2016: Stand-alone Windows client binary v0.4 can be downloaded from here.
  6. 26/02/2016: Crackq client v0.4 is released. Added support for MYSQL 4.1+ (double SHA1) hashes.
  7. 20/10/2015: Added Speedy-XXXXXX and Fibertel WiFixxx to our default WPA list.
  8. 16/09/2015: Added support for password protected PDF files. Currently versions 1.4 - 1.6 are supported.
  9. 01/09/2015: Added EE-BrightBox-xxxxxx and TPG-XXXX to the list of default ESSIDs. See the full list here.
  10. 26/05/2015: Added support for PHPass (Wordpress, Joomla and phpBB3) hashes.
  11. 13/04/2015: WPA/WPA2 rules and brute-force attacks supported by Crackq hashcrack.org/crackq/page?n=wpa.