Hashes.org Forum

Full Version: Looking for In-Depth explanation of MDXFind Parameters
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,
I recently started to use MDXfind and I really find it very useful.
Since the latest hashes v2 website supports the upload from the finding of MDXFind I would to get to know about the parameters of MDXFind.
The help is a good starting point and I will use it to outline where I have personal problems of understanding what the parameters are actually doing.... :roll:

Quote:./MDXfind/MDXfind
Working on hash types: MD5
./MDXfind/MDXfind: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.44 2015/09/21 16:00:04 dlr Exp dlr $
Search for MD5x values from a file
use:  mdxfind [options] [list of text files] < input hash
The text file stdin is special, and may be used if -f is
supplied, to read candidate passwords from stdin
-a    Do email address munging
What is email address munging? Will all hashes be skipped that look like an email address? Is there an     
amplified serach for email hases when turned on?


-b    Expand each word into unicode, best effort
Will this replace all words? Or do we check normal plin first and then an additional check with unicode?

-c    Replace each special char (<>&, etc) with XML equivilents
This one should be clear though

-d    De-duplicate wordlists, best effort
De-Duplicate == What? do we clean wordlists here?

-e    Extended search for truncated hashes
This one should be clear though

-p    Print source (filename) of found plaintexts
This one should be clear though

-q    Internal iteration counts for SHA1MD5x, and others
For what is this option useful? Since the output already contains ${HASH}x${Iterations} ?

-g    Rotate calculated hashes to attempt match to input hash
What happens here? We hash the plain normally, check if it matches any of the passwords and additionally we rotate the hash and do the same (e.g. to check for rotated hashes)

-s    File to read salts from
This one should be clear though

-u    File to read Userid/Usernames from
This one should be clear though

-k    File to read suffixes from
This one should be clear though

-n    Number of digits to append to passwords
What happens here? We hash the plain normally, check if it matches any of the passwords and additionally we append some numbers (e.g. when set to 3: append 0, 1, 3, ... 999 ?

-i    The number of iterations for each hash
This one should be clear though

-t    The number of threads to run
This one should be clear though

-f    file to read hashes from, else stdin
This one should be clear though

-l    Append CR/LF/CRLF and print in hex
This one should be clear though

-r    File to read rules from
This one should be clear though

-h    The hash types:MD5
This one should be clear though

Any help on this is highly appreciated :-)

And thanks for this tool, I really like it, but would like to know what parameter makes sense in which situation.... Big Grin
-a email munging was a special mode that was created for dealing with passwords in the form of an email address. Many email providers, gmail in particular, seem to ignore "." when embedded in email addresses, and this mode helps to insert combinations of "." characters in the user part of the email address. So: joe@gmail.com gets munged to j.oe@gmail.com, jo.e@gmail.com and j.o.e@gmail.com. Needless to say, with long user-parts of email address, this can generate _very_ large numbers of candidate passwords, and thus should only be used where you have a reasonable suspicion that these types of addresses are being used as passwords.

-b always expands, as best it can. Not every password can be correctly expanded, and it always assumes UTF-16LE. If you have other encodings, you can always do it yourself, with the $HEX[] format that MDXfind pioneered.

-d tries to de-duplicate the incoming dictionary. This is typically useful only if you are using mdxfind in stdin mode, and have a poor generation algorithm. Generally speaking, doing it outside of the hashing process is your best bet.

-q does internal iterations for SHA1MD5x. For example, if you have a hash that is SHA1(MD5(MD5(MD5(MD5($pass)))))), you would set -q to 5.

-g rotates the hash. So, for example, -g 1 would find:

rot01_MD5x01 95f4dcc3b5aa765d61d8327deb882cf9:password

-n appends digits to the input plaintext words, in an efficient manner. You can use it with a zero-length input word to quickly check a number-only password range. It has some other options, like: -n 6x would append 6 digit hex values, and 8i would append all ipv4 dotted-quad IP-addresses.

There's lots more undocumented things left. I am working on the manual, but it's slow going - quite large, already.
awesome, thanks!
If you need help on the manual please let me know!
I think a lot of people would find it usefull...well at least everybody who uses MDXFind :lol: