Brute Force PHP Script

August 22, 2008

Last weekend I came across this site, Hack This Site!. I've been able to breeze through the Basic missions for the most part, and the Javascript missions, seriously? It's pretty interesting and I know there are many other sites out there that I'm looking forward to trying out once I get far enough with this one.

I came across one mission where I had to crack a hashed password. I was feeling ambitious enough to go ahead and write a brute force script to tackle the task. I messed around an entire day trying to figure out the right combination of nested-loops to solve the problem. I came to the realization that probably the only practical way of solving this algorithm was recursion, which I had very limited experience in doing. So I started searching the web and finally came across a brute force python script written by Robert Green. I ported it over to PHP, and in a matter of seconds I was moving on to the next mission.

<?php
/*
 * Thanks to Robert Green for this script he wrote in python
 * http://www.rbgrn.net/blog/2007/09/how-to-write-a-brute-force-password-cracker.html
 * I took what we wrote and ported this to PHP
 * 
 * This script was written for PHP 5, but should work with
 * PHP 4 if the hash() function is replaced with md5() or something else
 */

#########################################################
/*                   Configuration                     */

// this is the hash we are trying to crack
define('HASH', '098f6bcd4621d373cade4e832627b4f6');

// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define('HASH_ALGO', 'md5');

// max length of password to try
define('PASSWORD_MAX_LENGTH', 8);


// available characters to try for password
// uncomment additional charsets for more complex passwords
$charset = 'abcdefghijklmnopqrstuvwxyz';
//$charset .= '0123456789';
//$charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
//$charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
#########################################################

function check($password)
{	
	if (hash(HASH_ALGO, $password) == HASH) {
		echo 'FOUND MATCH, password: '.$password."\r\n";
		exit;
	}
}


function recurse($width, $position, $base_string)
{
	global $charset;
	
	for ($i = 0; $i < strlen($charset); ++$i) {
		if ($position  < $width - 1) {
			recurse($width, $position + 1, $base_string . $charset[$i]);
		}
		check($base_string . $charset[$i]);
	}
}

echo 'target hash: '.HASH."\r\n";
for ($i = 1; $i < PASSWORD_MAX_LENGTH + 1; ++$i) {
	echo 'checking passwords with width: '.$i."\r\n";
	recurse($i, 0, '');
}

echo "Execution complete, no password found\r\n";


?>

brute force PHP script output

13 Comments

Optimize ur script:

Exp:

<code>

$strLenght = strlen($charset);

for ($i = 0; $i < $strLenght; ++$i) {

[...]

}

</code>

;)

posted by Covi @ Sep 16, 2008 09:26 PM EDT

How could this script be modified to work on a site where there are two intput boxes name: and number, the number filed is 6 characters but can only be from 000000 to 999999? Any suggestions???

posted by Question @ Sep 26, 2008 07:57 PM EDT

12M1WD <a href="http://ldjtdjomygal.com/">ldjtdjomygal</a>, [url=http://wleadoyqacbk.com/]wleadoyqacbk[/url], [link=http://odscfqimmztc.com/]odscfqimmztc[/link], http://znvzmuslklhv.com/

posted by idsdilgntdd @ Nov 17, 2008 03:06 PM EST

It is not out-of-date information? Because I have other data on this theme. http://video-online-go.ru/map.html

posted by videoonlinego @ Nov 17, 2008 06:46 PM EST

Hi there!

My first post at this great blog!

I wanna show u my dayly updated blog: <a href= http://giantblg.cn/whole-ass-amateur.html >Whole Ass Amateur</a>

P.S. if you don't want to see this message please write me to no.ads08@gmail.com with subject "NO ADS" and URL of your forum

Thank you for cooperation!

posted by DominikKoehleru @ Nov 18, 2008 09:42 AM EST

Hi there!

My first post at this great blog!

I wanna show u my dayly updated blog: <a href= http://giantblg.cn/whole-ass-amateur.html >Whole Ass Amateur</a>

P.S. if you don't want to see this message please write me to no.ads08@gmail.com with subject "NO ADS" and URL of your forum

Thank you for cooperation!

posted by DominikKoehleru @ Nov 18, 2008 10:41 AM EST

My first post at this great blog!

I wanna show u my dayly updated blog: <a href= http://giantblg.cn/whole-ass-amateur.html >Whole Ass Amateur</a>

P.S. if you don't want to see this message please write me to no.ads08@gmail.com with subject "NO ADS" and URL of your forum

Thank you for cooperation!

posted by DominikKoehlerun @ Nov 18, 2008 11:02 AM EST

Great Site, http://bau-free-hosting.co.cc/, 685, rent rent rent north carolina, >:-OOO, fall down by trevor morgan lyrics, whsg, united states marine corps birthday party, 101812, glycogen storage disease type ix, >:)), elvis life size stand ups, :]]], 5hp briggs and stratton troubleshooting, orzq, new ipod touch screen release, 213, interesting facts about delaware first state, lpe, psychological effects of poverty in children, elzf, 24 hour starbucks locations los angeles, xajuyk,

posted by kansas jayhawks basketball schedule 2004 2005 @ Nov 19, 2008 07:53 AM EST

Hi There,

posted by ps2 castlevania lament of innocence walkthrough @ Nov 19, 2008 08:12 AM EST

Good Day,

posted by fluke 345 power quality clamp meter @ Nov 19, 2008 08:29 AM EST

Excellent Site,

posted by what guys like to do @ Nov 19, 2008 08:48 AM EST

Good Job,

posted by irony and satire lesson plans @ Nov 19, 2008 09:06 AM EST

Respect Work,

posted by orange county register sports articles @ Nov 19, 2008 09:23 AM EST

Post Comment

(X)HTML code will not be rendered and will be displayed as is.
Line breaks will automatically be formatted.