Zend Certified Engineer
September 14, 2009
I've been working with PHP for
quite some time now and thought that it certainly couldn't hurt to get
that certification. I purchased Zend's PHP5 certification bundle that
comes with 10 online practice exams, a PDF version of their study guide,
and a voucher to take the exam with Pearson Vue. I took the time to
study before school started up and a week later I was taking the exam
and got my certification.
Brute Force PHP Script
August 22, 2008
Last weekend I came across this site, Hack This Site!. I've been able to breeze through the Basic missions for the most part, and the Javascript missions, seriously? It's pretty interesting and I know there are many other sites out there that I'm looking forward to trying out once I get far enough with this one.
I came across one mission where I had to crack a hashed password. I was feeling ambitious enough to go ahead and write a brute force script to tackle the task. I messed around an entire day trying to figure out the right combination of nested-loops to solve the problem. I came to the realization that probably the only practical way of solving this algorithm was recursion, which I had very limited experience in doing. So I started searching the web and finally came across a brute force python script written by Robert Green. I ported it over to PHP, and in a matter of seconds I was moving on to the next mission.
<?php
/*
* Thanks to Robert Green for this script he wrote in python
* http://www.rbgrn.net/blog/2007/09/how-to-write-a-brute-force-password-cracker.html
* I took what we wrote and ported this to PHP
*
* This script was written for PHP 5, but should work with
* PHP 4 if the hash() function is replaced with md5() or something else
*/
#########################################################
/* Configuration */
// this is the hash we are trying to crack
define('HASH', '098f6bcd4621d373cade4e832627b4f6');
// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define('HASH_ALGO', 'md5');
// max length of password to try
define('PASSWORD_MAX_LENGTH', 4);
// available characters to try for password
// uncomment additional charsets for more complex passwords
$charset = 'abcdefghijklmnopqrstuvwxyz';
//$charset .= '0123456789';
//$charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
//$charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
#########################################################
$charset_length = strlen($charset);
function check($password)
{
if (hash(HASH_ALGO, $password) == HASH) {
echo 'FOUND MATCH, password: '.$password."\r\n";
exit;
}
}
function recurse($width, $position, $base_string)
{
global $charset, $charset_length;
for ($i = 0; $i < $charset_length; ++$i) {
if ($position < $width - 1) {
recurse($width, $position + 1, $base_string . $charset[$i]);
}
check($base_string . $charset[$i]);
}
}
echo 'target hash: '.HASH."\r\n";
recurse(PASSWORD_MAX_LENGTH, 0, '');
echo "Execution complete, no password found\r\n";
?>

Recent Tracks
- Puddle of Mudd—We Don't Have To Look Back Now 2 months ago
- Puddle of Mudd—We Don't Have To Look Back Now 2 months ago
- Young Jeezy—Bury Me A G (Produced By J.U.S.T.I.C.E. League) 2 months ago
- Smash Mouth—Push 2 months ago
- Red Hot Chili Peppers—Especially in Michigan 2 months ago
- Frédéric Chopin—Berceuse in D Flat, Op. 57 ("Lullaby") 2 months ago
- Pyotr Ilyich Tchaikovsky—The Nutcracker Suite: Waltz of the Flowers 2 months ago
- Pyotr Ilyich Tchaikovsky—Eugene Onegin - Polonaise 2 months ago
- Mendelssohn-Bartholdy—A Midsummer Night's Dream: Nocturne 2 months ago
- Coates—Summer Days Suite: On the Edge of the Lake 2 months ago
