Crackq FAQ

1. How to submit hashes?

Hashes are submitted using the Python command-line client crackqcli. For installation instructions on Linux, OS X and Windows refer to this page or install the latest development client version using git:

$ git clone && cd Crackq

You will be prompted for your API key when you submit your first request to the Crackq. The API key can be obtained from your user settings page after logging in. The API key is then saved $HOME/.crackq and can be edited manually if necessary.

2. What are the supported character sets?

Currently, we only support the ASCII charset. There is no support for foreign languages.

3. What hash types are supported?

The Crackq supports the following algorithms:

  • NTLM
  • MD5
  • SHA1
  • WPA / WPA2
  • DESCRYPT / DES(Unix)
  • MD5CRYPT / FreeBSD MD5 / Cisco IOS MD5 / MD5(Unix)
  • PHPASS MD5 Wordpress, Joomla, phpBB3
  • Password protected PDF files (v1.4 - v1.6)

4. My hash wasn't cracked (Not found)?

The Crackq performs extensive hybrid and brute-force attacks but is not guaranteed to recover the password within the specified timeframe. The end goal is not to brute-force the entire keyspace but to quickly identify weak passwords.

5. Where are the results?

The results (whether plaintext was recovered or not) will be emailed to your email address provided during registration. These results are not public, i.e., your submission requests and results are not visible to other users. Note that you will need to confirm your email address to receive the results.

6. Do I still pay if my hash wasn't cracked?

Yes. Buying a batch of 5 submittions (valid for 30 days from the date of purchase) allows you to submit to the queue 5 times. Each submission reduces the count of remaining submissions by 1, whether the hash is cracked or not.

7. How to submit MD5 hashes?

To submit your MD5 hash:

$ ./ -t md5 32_hexchar_hash

8. How to submit NTLM hashes?

To submit your NTLM hash:

$ ./ -t ntlm 32_hexchar_hash

9. How to submit SHA1 hashes?

To submit your SHA1 hash:

$ ./ -t sha1 40_hexchar_hash

10. How to submit WPA/WPA2 handshakes?

If you have a pcap file (obtained with airodump, Kismet, etc) containing one or multiple WPA/WPA2 handshakes, the first step is to convert it into HCCAP format. This can be done using the aircrack-ng tool:

$ aircrack-ng -J /tmp/sendme your_pcap_file_with_handshakes.cap

Then select the number corresponding to the required BSSID/ESSID from the list. Note that you can only submit one handshake at a time. The above command should create the HCCAP file in /tmp/sendme.hccap that can be submitted with:

$ ./ -t wpa /tmp/sendme.hccap

Note that the file size of sendme.hccap should be 392 bytes exactly regardless the essid, bssid, etc:

$ ls -al /tmp/sendme.hccap
-rw-r--r--  1 vnik  staff  392  2 Dec 10:05 /tmp/sendme.hccap

11. How to submit descrypt / des(Unix) hashes?

DES-based Unix crypt(3) algorithm is still supported by many Unix flavors for legacy purposes. The hash is 13 characters long drawn from [0-9A-Za-z./]. The first 2 characters of the hash represent the salt with the remaining characters being the checksum. For example, ffTEQtUBN6Glk is a valid hash with salt ff and checksum TEQtUBN6Glk.

To submit your descrypt hash:

$ ./ -t descrypt descrypt_hash

12. How to submit md5crypt / FreeBSD md5 / Cisco IOS / md5(Unix) hashes?

The format for the MD5-based Unix crypt(3) hash algorithm is $1$SALT$CHECKSUM where SALT is 0-8 characters drawn from [0-9A-Za-z./] and CHECKSUM is 22 characters long drawn from the same charset as SALT. For example, $1$abcdefgh$WSwV3CmjYt3iE5AlESn9Z. is a valid hash with salt abcdefgh and checksum WSwV3CmjYt3iE5AlESn9Z.

To submit your md5crypt hash:

$ ./ -t md5crypt 'md5crypt_hash'

Since $ characters in md5crypt_hash could be interpreted as shell variables, use single quotes around the hash value.

13. How to submit Wordpress, Joomla and phpBB3 hashes?

Wordpress, Joomla and phpBB3 (MD5-based salted) hashing algorithms utilise the "phpass" PHP hashing framework. The format for these hashes is either $P$ (Wordpress and Joomla) or $H$ (phpBB3) prefix followed by 1 character representing the number of MD5 rounds, followed by the salt and checksum (30 characters in total) drawn from the following charset [./0-9A-Za-z].

To submit your MD5-based phpass hash:

$ ./ -t phpass 'phpass_hash'

Since $ characters in phpass_hash could be interpreted as shell variables, use single quotes around the hash value.

14. I'm getting "NO QUEUE SUBMISSIONS LEFT" error.

You can purchase submission quota using this link after loggin in. The number of submissions left can be viewed on the user settings page.


  1. 30/05/2016: Added HOTBOX-xxxx to the list of default ESSIDs. See the full list here.
  2. 28/05/2016: We're now accepting Ether as the payment option (!
  3. 05/05/2016: Added 4G-Gateway-XXXX to the list of default ESSIDs. See the full list here.
  4. 27/02/2016: Added RogersXXXXX to the list of default ESSIDs. See the full list here.
  5. 26/02/2016: Stand-alone Windows client binary v0.4 can be downloaded from here.
  6. 26/02/2016: Crackq client v0.4 is released. Added support for MYSQL 4.1+ (double SHA1) hashes.
  7. 20/10/2015: Added Speedy-XXXXXX and Fibertel WiFixxx to our default WPA list.
  8. 16/09/2015: Added support for password protected PDF files. Currently versions 1.4 - 1.6 are supported.
  9. 01/09/2015: Added EE-BrightBox-xxxxxx and TPG-XXXX to the list of default ESSIDs. See the full list here.
  10. 26/05/2015: Added support for PHPass (Wordpress, Joomla and phpBB3) hashes.
  11. 13/04/2015: WPA/WPA2 rules and brute-force attacks supported by Crackq