Zend Certified Engineer

September 14, 2009

Sean Lavine PHP5 Zend Certified Engineer CertificateI've been working with PHP for quite some time now and thought that it certainly couldn't hurt to get that certification. I purchased Zend's PHP5 certification bundle that comes with 10 online practice exams, a PDF version of their study guide, and a voucher to take the exam with Pearson Vue. I took the time to study before school started up and a week later I was taking the exam and got my certification.

0 Comments

Still Running

May 3, 2009

Western Michigan University High Honors

1 Comment

Brute Force PHP Script

August 22, 2008

Last weekend I came across this site, Hack This Site!. I've been able to breeze through the Basic missions for the most part, and the Javascript missions, seriously? It's pretty interesting and I know there are many other sites out there that I'm looking forward to trying out once I get far enough with this one.

I came across one mission where I had to crack a hashed password. I was feeling ambitious enough to go ahead and write a brute force script to tackle the task. I messed around an entire day trying to figure out the right combination of nested-loops to solve the problem. I came to the realization that probably the only practical way of solving this algorithm was recursion, which I had very limited experience in doing. So I started searching the web and finally came across a brute force python script written by Robert Green. I ported it over to PHP, and in a matter of seconds I was moving on to the next mission.

<?php
/*
 * Thanks to Robert Green for this script he wrote in python
 * http://www.rbgrn.net/blog/2007/09/how-to-write-a-brute-force-password-cracker.html
 * I took what we wrote and ported this to PHP
 * 
 * This script was written for PHP 5, but should work with
 * PHP 4 if the hash() function is replaced with md5() or something else
 */

#########################################################
/*                   Configuration                     */

// this is the hash we are trying to crack
define('HASH', '098f6bcd4621d373cade4e832627b4f6');

// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define('HASH_ALGO', 'md5');

// max length of password to try
define('PASSWORD_MAX_LENGTH', 4);


// available characters to try for password
// uncomment additional charsets for more complex passwords
$charset = 'abcdefghijklmnopqrstuvwxyz';
//$charset .= '0123456789';
//$charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
//$charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
#########################################################
$charset_length = strlen($charset);

function check($password)
{	
	if (hash(HASH_ALGO, $password) == HASH) {
		echo 'FOUND MATCH, password: '.$password."\r\n";
		exit;
	}
}


function recurse($width, $position, $base_string)
{
	global $charset, $charset_length;
	
	for ($i = 0; $i < $charset_length; ++$i) {
		if ($position  < $width - 1) {
			recurse($width, $position + 1, $base_string . $charset[$i]);
		}
		check($base_string . $charset[$i]);
	}
}

echo 'target hash: '.HASH."\r\n";
recurse(PASSWORD_MAX_LENGTH, 0, '');

echo "Execution complete, no password found\r\n";


?>

brute force PHP script output

10 Comments