Brute Force PHP Script

August 22, 2008

Last weekend I came across this site, Hack This Site!. I've been able to breeze through the Basic missions for the most part, and the Javascript missions, seriously? It's pretty interesting and I know there are many other sites out there that I'm looking forward to trying out once I get far enough with this one.

I came across one mission where I had to crack a hashed password. I was feeling ambitious enough to go ahead and write a brute force script to tackle the task. I messed around an entire day trying to figure out the right combination of nested-loops to solve the problem. I came to the realization that probably the only practical way of solving this algorithm was recursion, which I had very limited experience in doing. So I started searching the web and finally came across a brute force python script written by Robert Green. I ported it over to PHP, and in a matter of seconds I was moving on to the next mission.

<?php
/*
 * Thanks to Robert Green for this script he wrote in python
 * http://www.rbgrn.net/blog/2007/09/how-to-write-a-brute-force-password-cracker.html
 * I took what we wrote and ported this to PHP
 * 
 * This script was written for PHP 5, but should work with
 * PHP 4 if the hash() function is replaced with md5() or something else
 */

#########################################################
/*                   Configuration                     */

// this is the hash we are trying to crack
define('HASH', '098f6bcd4621d373cade4e832627b4f6');

// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define('HASH_ALGO', 'md5');

// max length of password to try
define('PASSWORD_MAX_LENGTH', 8);


// available characters to try for password
// uncomment additional charsets for more complex passwords
$charset = 'abcdefghijklmnopqrstuvwxyz';
//$charset .= '0123456789';
//$charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
//$charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
#########################################################

function check($password)
{	
	if (hash(HASH_ALGO, $password) == HASH) {
		echo 'FOUND MATCH, password: '.$password."\r\n";
		exit;
	}
}


function recurse($width, $position, $base_string)
{
	global $charset;
	
	for ($i = 0; $i < strlen($charset); ++$i) {
		if ($position  < $width - 1) {
			recurse($width, $position + 1, $base_string . $charset[$i]);
		}
		check($base_string . $charset[$i]);
	}
}

echo 'target hash: '.HASH."\r\n";
for ($i = 1; $i < PASSWORD_MAX_LENGTH + 1; ++$i) {
	echo 'checking passwords with width: '.$i."\r\n";
	recurse($i, 0, '');
}

echo "Execution complete, no password found\r\n";


?>

brute force PHP script output

2 Comments

Commentable Revolution

August 21, 2008

I was finally able to get around to updating the site to include the comments on blog posts, which I had left out before in order to get the new version up quick.

I've been mostly trying to clean up the HMS site lately, as at my "real job" as I call it, they haven't had any work for me to do. Today, I went in for two and a half hours and seriously did nothing, but it doesn't bother me. As long as I've got other sources of income, I'll be alright.

Since taking the Fall 2007 semester off, I had to make up some credits this summer if I wanted to graduate on time. Last week I finished my Philosophy of Science class. The class overall I found to be very interesting, though at times was too philosophical for me. I've gained a new understanding, appreciation, and perception of science.

0 Comments

MSNBC blocks Firefox users for Democratic Presidential Debate?

October 30, 2007

Is MSNBC blocking Firefox users from viewing the live stream of the Democratic Presidential Debate? For 30 minutes I have been trying to view the debate at msnbc.com (Firefox), but only to receive a "Sorry, this video is unavailable" message each time.

Finally, I thought well, the stream must really be experiencing some high-traffic, so I thought to myself "maybe they're blocking Firefox users to keep the traffic down." And sure enough I open up IE7 and the stream loads up immediately, anyone else have a similar experience?

3 Comments

100 pounds off my shoulders

October 1, 2007

I'm about a week behind on my calculus homework, got a zero on my quiz last week, and now have an exam on Wednesday. I'm stressed out, and I'm giving up.

I gave up and now I feel great. I feel like I can actually have time to do what I want. I'll just take it again next semester by itself.

0 Comments

Goodbye Globat!

September 26, 2007

The transfer of my domain to my new host is complete, the site is faster, and the best part of all - no more unauthorized automated charges to my credit card for add-ons! Remember kids, Globat is bad.

0 Comments

The Da Vinci Code : The book

July 24, 2007

I've just recently begun to get back into reading in my spare time after a long lost childhood with The World Is Flat. It's a non-fictional informative read on globalization and how our ever-increasing means of communication and interaction are affecting the economy and the way we live. I would highly recommend it to anyone concerned with the threat of outsourcing and interested in the future of "Globalization 3.0."

Just this past weekend I turned the last page of The Da Vinci Code. It started with my cousin lending it to me and reading just about 15 minutes every night. This past weekend as I started to get about three-fourths of the way through, I just couldn't put it down. The book has many (about 100) chapters that are only a few pages long. I found myself unable to just put the book down for the session as I just couldn't help but to learn what was in store next for the characters, Langdon and Sophie. This is an awesome read and will feed the intellectual side in you and keep you wanting more with the suspense and twists that it has in store for you.

0 Comments

My upgrade to Vista and experience with Mozy

July 22, 2007

I finally decided to take advantage of that disk I got free of charge over at the CS department this past semester and install it on my laptop. I took a leap of faith in Mozy and just formatted my drive to do a clean install with Vista, hoping that my data was as safe as Mozy claims it to be.

Vista installed surprisingly quick, seemed much faster than a clean XP install. Although I like all the new little things, there's not much really new in Vista that makes you get that excited. I like the new customization options for the windows with the variety of color choices and some of the animations with minimizing windows and stuff, but is it really worth the hassle and money? I don't think it is, especially with talk of the Windows 7 release happening in the next few years.

Once I got Vista up and running, I logged into my Mozy account to request a web restore of all 19 GBs of my data. It took about an entire day (24 hours) to finally have the restore built, so I'm still struggling to download it all from Mozy's server. I was presented with a 1.5 GB, (4) 3.6 GB, and a 3.1 GB self-extracting executable. I've managed to download the one 1.5 GB file but am currently struggling to get the rest of the files due to an apparent strain on Mozy's download server. I'm confident though that I will eventually get all my data and would highly recommend Mozy. You pay $54.45/year to backup, encrypt (optionally with your own key), and store your unlimited amount of data on Mozy's servers in the event of theft, hardware or software failure, or whatever else could go wrong. You then have the option to backup via web (free) or next-day delivery by FedEx via DVDs (insanely expensive).

0 Comments

Hard work pays off

April 15, 2007

Earlier this week I received a letter from a messenger while sitting in my computer science class. It was a notice that I had been invited to the Computer Science Spring Awards Ceremony held at Western Michigan University's Parkview Campus. My first thought was that it would just be some general lame award given out to students based upon their GPA. I decided that it would be in my best interest to go and check it out anyway.

Col. Charles E. Bayliss Scholarship 2007-2008 presented to Sean P. Lavine I walked into one of the lecture halls where the ceremony was being held and picked up a program for the event. I found a seat and began flipping through the program trying to find my name. I was shocked. I was invited to be awarded the Col. Charles E. Bayliss Scholarship, awarded to promising new computer science students. I had applied for the scholarship back in January and the deadline for winners being announced had past, so I thought. I assumed that I hadn't been a recipient and forgot about it, but now I was there waiting to receive it. It was an awesome way to close out the school week.

2 Comments

Transformation upon the horizon

April 12, 2007

I have been wanting to make some changes to the site lately, but haven't yet due to the lack of time... or time management. I can't say if that is really true or not, I have had a lot on my plate lately and for this reason I have been trying to improve my time management skills lately. A skill well-worth learning to do right I would say.

Just two more weeks of school left. This summer will be less idle than all my previous ones. I want to start posting more once summer comes around, and posting more worthwhile stuff that contains information goodness.

0 Comments

Globat.com and shady business practices

March 22, 2007

Wow, my hosting provider, Globat.com, sucks! I have been using them for a few years now, and they were fine up until now. As soon as my account expires, I'm going to cancel and find a new company to host with.

Today I got an e-mail from Globat.com saying how they had automatically upgraded my account and charged my credit card for $39.95. This is the second time this has happened. I called customer support very annoyed at the fact that my credit card been charged without my consent. I had never even signed up for any sort of upgrade, and my account wasn't up for renewal either. Customer support told me that apparently this in the terms of agreement when you sign up, that you will be upgraded every 3 months automatically. Wow, I can't believe how ridiculous that is.

2 Comments