From 3d2ede41775121d5ffe55b3a6fa47932eadd25ac Mon Sep 17 00:00:00 2001
From: Tom Samstag <github@modtwo.com>
Date: Wed, 28 Dec 2011 17:29:07 -0800
Subject: [PATCH] Two additions to improve success rate

This commit adds two changes to improve the successrate of BozoCrack:
1. If the old method didn't find the hash, split the Google results
   on non-alphanumeric characters. This will find the hashes on
   pages which contain text such as:
     md5(password) = 5f4dcc3b5aa765d61d8327deb882cf99
     md5("password") = 5f4dcc3b5aa765d61d8327deb882cf99
     password:5f4dcc3b5aa765d61d8327deb882cf99

2. If that still didn't find the hash, do another Google search for
   the hash and the word md5. This helps for hashes that may by luck
   appear in their hashed form frequently on the web. For instance,
   compare:
   http://www.google.com/search?q=0e97d6e7124d6cc9623650201236cd52
   and
   http://www.google.com/search?q=md5+0e97d6e7124d6cc9623650201236cd52
   At the time of implementing this change, the first Google results did
   not contain the plaintext for this hash.
---
 bozocrack.rb | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/bozocrack.rb b/bozocrack.rb
index 5a4bd6f..7875e4c 100644
--- a/bozocrack.rb
+++ b/bozocrack.rb
@@ -35,7 +35,17 @@ def crack
   private
 
   def crack_single_hash(hash)
-    response = Net::HTTP.get URI("http://www.google.com/search?q=#{hash}")
+    if plaintext = crack_single_hash_with_website(hash, "http://www.google.com/search?q=#{hash}")
+      return plaintext
+    end
+    if plaintext = crack_single_hash_with_website(hash, "http://www.google.com/search?q=md5+#{hash}")
+      return plaintext
+    end
+    nil
+  end
+
+  def crack_single_hash_with_website(hash, url)
+    response = Net::HTTP.get URI(url)
     wordlist = response.split(/\s+/)
     if plaintext = dictionary_attack(hash, wordlist)
       return plaintext
@@ -48,6 +58,12 @@ def dictionary_attack(hash, wordlist)
       if Digest::MD5.hexdigest(word) == hash.downcase
         return word
       end
+      sub_wordlist = word.split(/[^a-zA-Z0-9]+/)
+      if (sub_wordlist.size > 1)
+        if plaintext = dictionary_attack(hash, sub_wordlist)
+          return plaintext
+        end
+      end
     end
     nil
   end
@@ -74,4 +90,4 @@ def append_to_cache(hash, plaintext, filename = "cache")
   BozoCrack.new(ARGV[0]).crack
 else
   puts "Usage example: ruby bozocrack.rb file_with_md5_hashes.txt"
-end
\ No newline at end of file
+end