BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.

It works way better than it ever should.

[cc lang=”bash”]$ ruby bozocrack.rb my_md5_hashes.txt[/cc]

[cc lang=”bash”]$ ruby bozocrack.rb example.txt
Loaded 5 unique hashes

[cc lang=”ruby”]require ‘digest/md5’
require ‘net/http’

class BozoCrack

def initialize(filename)
@hashes =
@cache = do |line|
if m = line.chomp.match(/b([a-fA-F0-9]{32})b/)
@hashes << m[1] end end @hashes.uniq! puts "Loaded #{@hashes.count} unique hashes" load_cache end def crack @hashes.each do |hash| if plaintext = @cache[hash] puts "#{hash}:#{plaintext}" next end if plaintext = crack_single_hash(hash) puts "#{hash}:#{plaintext}" append_to_cache(hash, plaintext) end sleep 1 end end private def crack_single_hash(hash) response = Net::HTTP.get URI("{hash}") wordlist = response.split(/s+/) if plaintext = dictionary_attack(hash, wordlist) return plaintext end nil end def dictionary_attack(hash, wordlist) wordlist.each do |word| if Digest::MD5.hexdigest(word) == hash.downcase return word end end nil end def load_cache(filename = "cache") if File.file? filename do |line| if m = line.chomp.match(/^([a-fA-F0-9]{32}):(.*)$/) @cache[m[1]] = m[2] end end end end def append_to_cache(hash, plaintext, filename = "cache"), "a") do |file| file.write "#{hash}:#{plaintext}n" end end end if ARGV.size == 1[0]).crack else puts "Usage example: ruby bozocrack.rb file_with_md5_hashes.txt" end[/cc] Source here