People talk to me a lot about hacking tools. The insanely great Mark Gibbs of Networkworld.com fame wrote about a hash-cracking tool that is just huge, in fact world-spanning.
Google.
Google has indexed everything, right? It knows how many fillings you have, right? So it’s probably indexed every accessible MD5, right?
Heck yeah. As the author of a Ruby script that automates the process (BozoCrack) says,
Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.
It works way better than it ever should.
Check out his story at:
http://www.networkworld.com/columnists/2011/120511-gearhead.html
And BozoCrack at:
https://github.com/juuso/BozoCrack
Keep in mind, you don’t necessarily need BozoCrack to do this. A simple Google search will get you there too, if you’re ready to MD5 every word on the results page. But isn’t automation wonderful?