HCRACK =========== HCRACK is a HMAC-MD5 message cracker written in C. HMAC-MD5 is sometimes used for client-side credential hashing, with a temporary key. One of the more notable examples of this is with Pearson's PowerSchool, where HMAC is used essentially as a method to secure credentials in absence of HTTPS. One can sniff these two variables, the HMAC_MD5 key and hash, and easily crack the original password with this tool. This type of client side security is just kind of silly. USAGE ============ Usage: hcrack [-t threads] [-h hash] [-k key] [-w wordlist] -h hash, hmac hash to crack -k key, hmac key that goes with hash -t threads, number of threads to use concurrently. Default: 1 -w wordlist, wordlist mode, follow with path to wordlist, one word per line -b [a] [a1] [all], (optional)character set for bruteforce: a = alphabet, a1 = alphanumerical, all = all ascii characters Default: a1 By default, hcrack will just try to bruteforce the password. Most likely, bruteforcing will either fail or take too long to be useful. You should use a good wordlist instead. Wordlist mode is activated with (-w).