Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

Build and Reverse MD5 Hashes Programatically

An MD5 hash encodes a string into a 128-bit fingerprint in a one-way transaction that nets the same result no matter what computer you’re using to generate hashes. I know it’s hard to imagine, but the md5 command will create a hash. There are a few ways people go about doing such things. The easiest way I’ve found is to echo the string into md5, most easily done using a command such as the following, which simply echoes out the word test to the md5 command on a Mac:

echo -n test | md5

And the output is a simple hash:

098f6bcd4621d373cade4e832627b4f6

The reason I use the -n is because if you just echo without it the new line is included.

You can also use the -s option of md5 without echoing anything:

md5 -s "test"

Which outputs:

MD5 ("test") = 098f6bcd4621d373cade4e832627b4f6

If you then pop this unreversible hash into some tables of hashes or even sites that just do such things for you these days, you can basically reverse them pretty easily now:

curl http://md5.gromweb.com/?md5=098f6bcd4621d373cade4e832627b4f6 | grep "The MD5 hash"

Screen Shot 2013-11-04 at 8.05.22 PM

Now use something stronger. Something with numbers, letters, special characters, etc to make a hash. The resultant lookup is likely going to be empty when you attempt to reverse the hash. Therefore, to see if your password is easily reversed from the MySQL md5 tables of all those websites you put it into, convert it to a hash and then pop it into a reverse site.

echo -n noice