Build and Reverse MD5 Hashes Programatically

An MD5 hash encodes a string into a 128-bit fingerprint in a one-way transaction that nets the same result no matter what computer you’re using to generate hashes. I know it’s hard to imagine, but the md5 command will create a hash. There are a few ways people go about doing such things. The easiest way I’ve found is to echo the string into md5, most easily done using a command such as the following, which simply echoes out the word test to the md5 command on a Mac: echo -n test | md5 And the output is a simple hash: 098f6bcd4621d373cade4e832627b4f6 The reason I use the -n is because if you just echo without it the new line is included. You can also use the -s option of md5 without echoing anything: md5 -s "test" Which outputs: MD5 ("test") = 098f6bcd4621d373cade4e832627b4f6 If you then pop this unreversible hash into some tables of hashes or even sites that just do such things for you these days, you can basically reverse them pretty easily now: curl | grep "The MD5 hash" Screen Shot 2013-11-04 at 8.05.22 PM Now use something stronger. Something with numbers, letters, special characters, etc to make a hash. The resultant lookup is likely going to be empty when you attempt to reverse the hash. Therefore, to see if your password is easily reversed from the MySQL md5 tables of all those websites you put it into, convert it to a hash and then pop it into a reverse site. echo -n noice

Quick and Dirty md5

A hashing function is used to calculate a hash value.  If you insert a file into a hashing function then it should produce a value that is almost certain to be unique (there’s always the remote likelihood that no matter how good your function, you may end up with a duplicate).   The openssl command is used to access a number of functions/ciphers including sha1, base64, md5, rc4/rc5 and of course des/des3.  It is a very simple command to use, simply provide the cipher, followed by the path to the file you would like to get a hash value (aka digest) for.  So if I have a file called myfile.txt and I would like to get a digest for it I could just use the following command: openssl md5 myfile.txt At its most basic level, we’re just leveraging openssl to grab digests quickly and easily.

openssl and Signatures

A checksum can be used to determine if a file has been tampered with at a later date.  To run a checksum use the following command:
openssl dgst -HASHTYPE path_to_file
HASHTYPE would then be md2, md4, md5, mdc2, rmd160, sha or sha1.  Let’s go ahead and do a checksum of our smb.conf file:
openssl dgst -md5 /var/db/smb.conf
You should then see output similar to the following:
MD5(/var/db/smb.conf)= e4b58a63c6682b298aeca3ad40734c1e
MD5(/var/db/smb.conf)= e4b58a63c6682b298aeca3ad40734c1e