brute force phyton convert to php script

6 February 2011 at 9:30 pm Leave a comment

Last weekend I came across this site, Hack This Site!. I’ve been able to breeze through the Basic missions for the most part, and the Javascript missions, seriously? It’s pretty interesting and I know there are many other sites out there that I’m looking forward to trying out once I get far enough with this one.

I came across one mission where I had to crack a hashed password. I was feeling ambitious enough to go ahead and write a brute force script to tackle the task. I messed around an entire day trying to figure out the right combination of nested-loops to solve the problem. I came to the realization that probably the only practical way of solving this algorithm was recursion, which I had very limited experience in doing. So I started searching the web and finally came across a brute force python script written by Robert Green. I ported it over to PHP, and in a matter of seconds I was moving on to the next mission.

Here is the script

<?php
/*
* Thanks to Robert Green for this script he wrote in python
* http://www.rbgrn.net/blog/2007/09/how-to-write-a-brute-force-password-cracker.html
* I took what we wrote and ported this to PHP
*
* This script was written for PHP 5, but should work with
* PHP 4 if the hash() function is replaced with md5() or something else
*/

#########################################################
/* Configuration */

// this is the hash we are trying to crack
define(‘HASH’, ‘098f6bcd4621d373cade4e832627b4f6’);

// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define(‘HASH_ALGO’, ‘md5’);

// max length of password to try
define(‘PASSWORD_MAX_LENGTH’, 4);

// available characters to try for password
// uncomment additional charsets for more complex passwords
$charset = ‘abcdefghijklmnopqrstuvwxyz’;
//$charset .= ‘0123456789’;
//$charset .= ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’;
//$charset .= ‘~`!@#$%^&*()-_\/\’";:,.+=<>? ‘;
#########################################################
$charset_length = strlen($charset);

function check($password)
{
if (hash(HASH_ALGO, $password) == HASH) {
echo ‘FOUND MATCH, password: ‘.$password."\r\n";
exit;
}
}

function recurse($width, $position, $base_string)
{
global $charset, $charset_length;

for ($i = 0; $i < $charset_length; ++$i) {
if ($position < $width – 1) {
recurse($width, $position + 1, $base_string . $charset[$i]);
}
check($base_string . $charset[$i]);
}
}

echo ‘target hash: ‘.HASH."\r\n";
recurse(PASSWORD_MAX_LENGTH, 0, ”);

echo "Execution complete, no password found\r\n";

?>

Advertisements

Entry filed under: Blog and Website. Tags: , .

Script for free message Dork list for watching cctv all the world

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Blog Stats

  • 56,171 hits
free counters


AziesT on Facebook


Yahoo bot last visit Msn bot last visit SEO Stats

Our Teams

Gudang Artikel AZIZALFIAN.COM

%d bloggers like this: