Hashes are submitted using the Python command-line client crackqcli. For installation instructions on Linux, OS X and Windows refer to this page or install the latest development client version using git:
$ git clone https://github.com/vnik5287/Crackq.git && cd Crackq $ ./crackqcli.py -t HASH_TYPE HASH|FILE_PATH
You will be prompted for your API key when you submit your first request to the Crackq. The API key can be obtained from your user settings page after logging in. The API key is then saved
$HOME/.crackq and can be edited manually if necessary.
Currently, we only support the ASCII charset. There is no support for foreign languages.
The Crackq supports the following algorithms:
The Crackq performs extensive hybrid and brute-force attacks but is not guaranteed to recover the password within the specified timeframe. The end goal is not to brute-force the entire keyspace but to quickly identify weak passwords.
The results (whether plaintext was recovered or not) will be emailed to your email address provided during registration. These results are not public, i.e., your submission requests and results are not visible to other users. Note that you will need to confirm your email address to receive the results.
Yes. Buying a batch of 5 submittions (valid for 30 days from the date of purchase) allows you to submit to the queue 5 times. Each submission reduces the count of remaining submissions by 1, whether the hash is cracked or not.
To submit your MD5 hash:
$ ./crackqcli.py -t md5 32_hexchar_hash
To submit your NTLM hash:
$ ./crackqcli.py -t ntlm 32_hexchar_hash
To submit your SHA1 hash:
$ ./crackqcli.py -t sha1 40_hexchar_hash
If you have a
pcap file (obtained with airodump, Kismet, etc) containing one or multiple WPA/WPA2 handshakes, the first step is to convert it into HCCAP format. This can be done using the
$ aircrack-ng -J /tmp/sendme your_pcap_file_with_handshakes.cap
Then select the number corresponding to the required BSSID/ESSID from the list. Note that you can only submit one handshake at a time. The above command should create the HCCAP file in
/tmp/sendme.hccap that can be submitted with:
$ ./crackqcli.py -t wpa /tmp/sendme.hccap
Note that the file size of
sendme.hccap should be 392 bytes exactly regardless the essid, bssid, etc:
$ ls -al /tmp/sendme.hccap -rw-r--r-- 1 vnik staff 392 2 Dec 10:05 /tmp/sendme.hccap
DES-based Unix crypt(3) algorithm is still supported by many Unix flavors for legacy purposes. The hash is 13 characters long drawn from
[0-9A-Za-z./]. The first 2 characters of the hash represent the salt with the remaining characters being the checksum. For example,
ffTEQtUBN6Glk is a valid hash with salt
ff and checksum
To submit your descrypt hash:
$ ./crackqcli.py -t descrypt descrypt_hash
The format for the MD5-based Unix crypt(3) hash algorithm is
SALT is 0-8 characters drawn from
CHECKSUM is 22 characters long drawn from the same charset as
SALT. For example,
$1$abcdefgh$WSwV3CmjYt3iE5AlESn9Z. is a valid hash with salt
abcdefgh and checksum
To submit your md5crypt hash:
$ ./crackqcli.py -t md5crypt 'md5crypt_hash'
$ characters in md5crypt_hash could be interpreted as shell variables, use single quotes around the hash value.
Wordpress, Joomla and phpBB3 (MD5-based salted) hashing algorithms utilise the "phpass" PHP hashing framework. The format for these hashes is either $P$ (Wordpress and Joomla) or $H$ (phpBB3) prefix followed by 1 character representing the number of MD5 rounds, followed by the salt and checksum (30 characters in total) drawn from the following charset
To submit your MD5-based phpass hash:
$ ./crackqcli.py -t phpass 'phpass_hash'
$ characters in phpass_hash could be interpreted as shell variables, use single quotes around the hash value.