Looking for In-Depth explanation of MDXFind Parameters

Here you will find posts with tutorials how to use MDXfind correctly and you can ask questions about usage.
snoozer
Posts: 3
Joined: Wed 7. Oct 2015, 15:53

Looking for In-Depth explanation of MDXFind Parameters

Postby snoozer » Wed 7. Oct 2015, 16:14

Hi,
I recently started to use MDXfind and I really find it very useful.
Since the latest hashes v2 website supports the upload from the finding of MDXFind I would to get to know about the parameters of MDXFind.
The help is a good starting point and I will use it to outline where I have personal problems of understanding what the parameters are actually doing.... :roll:
./MDXfind/MDXfind
Working on hash types: MD5
./MDXfind/MDXfind: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.44 2015/09/21 16:00:04 dlr Exp dlr $
Search for MD5x values from a file
use: mdxfind [options]
  • < input hash
    The text file stdin is special, and may be used if -f is
    supplied, to read candidate passwords from stdin
    -a Do email address munging
    What is email address munging? Will all hashes be skipped that look like an email address? Is there an
    amplified serach for email hases when turned on?


    -b Expand each word into unicode, best effort
    Will this replace all words? Or do we check normal plin first and then an additional check with unicode?

    -c Replace each special char (<>&, etc) with XML equivilents
    This one should be clear though

    -d De-duplicate wordlists, best effort
    De-Duplicate == What? do we clean wordlists here?

    -e Extended search for truncated hashes
    This one should be clear though

    -p Print source (filename) of found plaintexts
    This one should be clear though

    -q Internal iteration counts for SHA1MD5x, and others
    For what is this option useful? Since the output already contains ${HASH}x${Iterations} ?

    -g Rotate calculated hashes to attempt match to input hash
    What happens here? We hash the plain normally, check if it matches any of the passwords and additionally we rotate the hash and do the same (e.g. to check for rotated hashes)

    -s File to read salts from
    This one should be clear though

    -u File to read Userid/Usernames from
    This one should be clear though

    -k File to read suffixes from
    This one should be clear though

    -n Number of digits to append to passwords
    What happens here? We hash the plain normally, check if it matches any of the passwords and additionally we append some numbers (e.g. when set to 3: append 0, 1, 3, ... 999 ?

    -i The number of iterations for each hash
    This one should be clear though

    -t The number of threads to run
    This one should be clear though

    -f file to read hashes from, else stdin
    This one should be clear though

    -l Append CR/LF/CRLF and print in hex
    This one should be clear though

    -r File to read rules from
    This one should be clear though

    -h The hash types:MD5
    This one should be clear though
Any help on this is highly appreciated :-)

And thanks for this tool, I really like it, but would like to know what parameter makes sense in which situation.... :D

Waffle
Posts: 3
Joined: Wed 7. Oct 2015, 04:48

Re: Looking for In-Depth explanation of MDXFind Parameters

Postby Waffle » Thu 8. Oct 2015, 22:46

-a email munging was a special mode that was created for dealing with passwords in the form of an email address. Many email providers, gmail in particular, seem to ignore "." when embedded in email addresses, and this mode helps to insert combinations of "." characters in the user part of the email address. So: joe@gmail.com gets munged to j.oe@gmail.com, jo.e@gmail.com and j.o.e@gmail.com. Needless to say, with long user-parts of email address, this can generate _very_ large numbers of candidate passwords, and thus should only be used where you have a reasonable suspicion that these types of addresses are being used as passwords.

-b always expands, as best it can. Not every password can be correctly expanded, and it always assumes UTF-16LE. If you have other encodings, you can always do it yourself, with the $HEX[] format that MDXfind pioneered.

-d tries to de-duplicate the incoming dictionary. This is typically useful only if you are using mdxfind in stdin mode, and have a poor generation algorithm. Generally speaking, doing it outside of the hashing process is your best bet.

-q does internal iterations for SHA1MD5x. For example, if you have a hash that is SHA1(MD5(MD5(MD5(MD5($pass)))))), you would set -q to 5.

-g rotates the hash. So, for example, -g 1 would find:

rot01_MD5x01 95f4dcc3b5aa765d61d8327deb882cf9:password

-n appends digits to the input plaintext words, in an efficient manner. You can use it with a zero-length input word to quickly check a number-only password range. It has some other options, like: -n 6x would append 6 digit hex values, and 8i would append all ipv4 dotted-quad IP-addresses.

There's lots more undocumented things left. I am working on the manual, but it's slow going - quite large, already.

snoozer
Posts: 3
Joined: Wed 7. Oct 2015, 15:53

Re: Looking for In-Depth explanation of MDXFind Parameters

Postby snoozer » Tue 13. Oct 2015, 08:25

awesome, thanks!
If you need help on the manual please let me know!
I think a lot of people would find it usefull...well at least everybody who uses MDXFind :lol:


Return to “Application Usage”

Who is online

Users browsing this forum: No registered users and 0 guests

cron