Documentation
How to use this tool, practical use cases, and technical notes.
The Hash Cracker / Rainbow Table Lookup tool is straightforward to operate. The full workflow takes 2–5 minutes. Below is a complete step-by-step guide with tips for interpreting results.
Step 1 — Obtain or Identify Your Hash
Before using the tool, you need a hash value to look up. Common sources of hash values in educational and authorized security contexts include:
Source | Example Context | Hash Format Typically Encountered |
|---|---|---|
CTF challenge files | Hash extracted from a | MD5, SHA1, SHA256 |
Linux | Password hashes for cracking exercises | SHA512 (prefixed |
Windows SAM database dump (authorized) | Credential extraction exercise | NTLM |
Web app database dump (authorized pentest) | Legacy PHP/MySQL apps often store MD5 | MD5 |
Hash generation tools | Testing your own understanding by hashing a known word | Any algorithm |
PentesterWorld hash generator tool | Generate a hash then verify the lookup | Any algorithm |
How to identify your hash algorithm by length:
Hash Length (hex characters) | Likely Algorithm(s) |
|---|---|
32 characters | MD5 or NTLM |
40 characters | SHA1 |
56 characters | SHA224 |
64 characters | SHA256 or SHA3-256 |
96 characters | SHA384 |
128 characters | SHA512 or SHA3-512 |
Note: MD5 and NTLM both produce 32-character hex strings but use different algorithms. If you're unsure, select both in the tool and let it check both.
Step 2 — Enter the Hash
Paste or type your hash value into the "Hash to Search" input field. A few things to check:
Lowercase vs uppercase hex: Most tools output lowercase hex (e.g.,
5f4dcc3b...). The tool normalizes case, but paste as-is to be safe.No extra whitespace: Ensure there are no leading or trailing spaces in your hash value.
Prefixes: Some tools output hashes with prefixes (e.g.,
$1$,$6$,$nt$). Strip these — enter only the hex digest portion.Colons in NTLM dumps: Windows credential dumps often show
username:RID:LM_hash:NTLM_hash. Extract only the NTLM portion (the fourth colon-separated field).
Common hash formatting examples:
Raw Output | What to Enter in the Tool |
|---|---|
|
|
|
|
|
|
|
|
Step 3 — Select Hash Algorithms
Check the algorithm(s) you want to search against. The tool offers five options:
Checkbox | When to Select |
|---|---|
MD5 | Hash is 32 hex chars; source is a legacy web app, PHP system, or older tool |
SHA1 | Hash is 40 hex chars; source is Git, older SSL cert, or legacy web app |
SHA256 | Hash is 64 hex chars; source is a modern system or JWT |
SHA512 | Hash is 128 hex chars; source is a modern Linux shadow file |
NTLM | Hash is 32 hex chars; source is a Windows system, Active Directory dump |
Tip: If you don't know the algorithm, select all five. The tool will check each and report results for whichever produces a match. Checking all five adds negligible processing time since lookups are near-instantaneous.
Step 4 — Run the Search
Click "Search Rainbow Table". The tool performs an in-browser lookup against its precomputed hash database and returns results within milliseconds.
Step 5 — Interpret Your Results
Each algorithm you checked will return one of two statuses:
Result Status | Meaning | What to Do Next |
|---|---|---|
Found | The hash exists in the rainbow table; plaintext is displayed | Record the plaintext; note which algorithm matched |
Not Found | Hash not in this tool's limited table | Try a dedicated tool (hashcat, CrackStation) or accept the password is not a common one |
Understanding a "Not Found" result:
A "Not Found" result from this tool does not mean the hash is uncrackable. It means only that the plaintext is not in this tool's curated set of common passwords. The full landscape of hash cracking resources includes:
Resource | Coverage |
|---|---|
This tool | ~1,000–10,000 most common passwords |
CrackStation (online) | ~15 billion entries |
HashKiller (online) | ~800 million MD5, NTLM entries |
RockYou wordlist | 14 million passwords |
hashcat with rules | Billions of candidates via mutation rules |
Full GPU brute force (8x RTX 4090) | ~3 billion MD5/sec — cracks 8-char alphanumeric in hours |
Step 6 — Copy Results
Use the copy button next to any hash or result to copy it to your clipboard for documentation in a pentest report, lab write-up, or training exercise.
Step-by-Step Example Walkthrough
Scenario: You've retrieved the following hash from a legacy PHP application database during an authorized penetration test: 5f4dcc3b5aa765d61d8327deb882cf99
Step | Action | Result |
|---|---|---|
1 | Count hash length | 32 characters → likely MD5 or NTLM |
2 | Paste into "Hash to Search" field | ✅ |
3 | Select MD5 and NTLM checkboxes | ✅ |
4 | Click "Search Rainbow Table" | ✅ |
5 | Review results | MD5: Found → plaintext: |
6 | Note in pentest report | Critical finding: plaintext MD5 password storage with trivially common password |
The Hash Cracker / Rainbow Table Lookup tool is straightforward to operate. The full workflow takes 2–5 minutes. Below is a complete step-by-step guide with tips for interpreting results.
Step 1 — Obtain or Identify Your Hash
Before using the tool, you need a hash value to look up. Common sources of hash values in educational and authorized security contexts include:
Source | Example Context | Hash Format Typically Encountered |
|---|---|---|
CTF challenge files | Hash extracted from a | MD5, SHA1, SHA256 |
Linux | Password hashes for cracking exercises | SHA512 (prefixed |
Windows SAM database dump (authorized) | Credential extraction exercise | NTLM |
Web app database dump (authorized pentest) | Legacy PHP/MySQL apps often store MD5 | MD5 |
Hash generation tools | Testing your own understanding by hashing a known word | Any algorithm |
PentesterWorld hash generator tool | Generate a hash then verify the lookup | Any algorithm |
How to identify your hash algorithm by length:
Hash Length (hex characters) | Likely Algorithm(s) |
|---|---|
32 characters | MD5 or NTLM |
40 characters | SHA1 |
56 characters | SHA224 |
64 characters | SHA256 or SHA3-256 |
96 characters | SHA384 |
128 characters | SHA512 or SHA3-512 |
Note: MD5 and NTLM both produce 32-character hex strings but use different algorithms. If you're unsure, select both in the tool and let it check both.
Step 2 — Enter the Hash
Paste or type your hash value into the "Hash to Search" input field. A few things to check:
Lowercase vs uppercase hex: Most tools output lowercase hex (e.g.,
5f4dcc3b...). The tool normalizes case, but paste as-is to be safe.No extra whitespace: Ensure there are no leading or trailing spaces in your hash value.
Prefixes: Some tools output hashes with prefixes (e.g.,
$1$,$6$,$nt$). Strip these — enter only the hex digest portion.Colons in NTLM dumps: Windows credential dumps often show
username:RID:LM_hash:NTLM_hash. Extract only the NTLM portion (the fourth colon-separated field).
Common hash formatting examples:
Raw Output | What to Enter in the Tool |
|---|---|
|
|
|
|
|
|
|
|
Step 3 — Select Hash Algorithms
Check the algorithm(s) you want to search against. The tool offers five options:
Checkbox | When to Select |
|---|---|
MD5 | Hash is 32 hex chars; source is a legacy web app, PHP system, or older tool |
SHA1 | Hash is 40 hex chars; source is Git, older SSL cert, or legacy web app |
SHA256 | Hash is 64 hex chars; source is a modern system or JWT |
SHA512 | Hash is 128 hex chars; source is a modern Linux shadow file |
NTLM | Hash is 32 hex chars; source is a Windows system, Active Directory dump |
Tip: If you don't know the algorithm, select all five. The tool will check each and report results for whichever produces a match. Checking all five adds negligible processing time since lookups are near-instantaneous.
Step 4 — Run the Search
Click "Search Rainbow Table". The tool performs an in-browser lookup against its precomputed hash database and returns results within milliseconds.
Step 5 — Interpret Your Results
Each algorithm you checked will return one of two statuses:
Result Status | Meaning | What to Do Next |
|---|---|---|
Found | The hash exists in the rainbow table; plaintext is displayed | Record the plaintext; note which algorithm matched |
Not Found | Hash not in this tool's limited table | Try a dedicated tool (hashcat, CrackStation) or accept the password is not a common one |
Understanding a "Not Found" result:
A "Not Found" result from this tool does not mean the hash is uncrackable. It means only that the plaintext is not in this tool's curated set of common passwords. The full landscape of hash cracking resources includes:
Resource | Coverage |
|---|---|
This tool | ~1,000–10,000 most common passwords |
CrackStation (online) | ~15 billion entries |
HashKiller (online) | ~800 million MD5, NTLM entries |
RockYou wordlist | 14 million passwords |
hashcat with rules | Billions of candidates via mutation rules |
Full GPU brute force (8x RTX 4090) | ~3 billion MD5/sec — cracks 8-char alphanumeric in hours |
Step 6 — Copy Results
Use the copy button next to any hash or result to copy it to your clipboard for documentation in a pentest report, lab write-up, or training exercise.
Step-by-Step Example Walkthrough
Scenario: You've retrieved the following hash from a legacy PHP application database during an authorized penetration test: 5f4dcc3b5aa765d61d8327deb882cf99
Step | Action | Result |
|---|---|---|
1 | Count hash length | 32 characters → likely MD5 or NTLM |
2 | Paste into "Hash to Search" field | ✅ |
3 | Select MD5 and NTLM checkboxes | ✅ |
4 | Click "Search Rainbow Table" | ✅ |
5 | Review results | MD5: Found → plaintext: |
6 | Note in pentest report | Critical finding: plaintext MD5 password storage with trivially common password |