maxcell Posted March 14, 2007 Share Posted March 14, 2007 I have an encrypted password i'm trying to decrypt, and I have a php script to do so.. I use a program called crunch that comes with the linux backtrack live CD to generate a dictionary file... however this process takes too long, I was wondering how can i build that into this script to automatically generate either 7 or 8 character long strings from a character set? <?php if ( $argc != 4 ) { printf("--------------------------------------------------------"); printf("\nUsage: php $argv[0] dictionary one_time_token encoded_pw\n"); printf("\n dictionary = Textfile containing password, one each line"); printf("\n one_time_token = Token extracted from sniffed packet"); printf("\n encoded_pw = Already encoded password extracted from sniffed packet\n"); printf("\nExample: \nphp $argv[0] dic.txt 045E54583B13364A6E77E2FAC27AFD90 7C62B02BF9A238ED1455F74F03367C49\n\n"); printf("Don't mix the arguments - sorry for this.\n"); printf("--------------------------------------------------------\n"); exit; } $one_time_token = $argv[2]; $encoded_pw = $argv[3]; $dic = $argv[1]; $words = fopen($dic,'r'); $a=0; $b=0; $t=time(); while(!feof($words)) { $word = chop(fgets($words,4096)); $password = md5($word); $password = strtoupper($password); $final_step = $password . $one_time_token; $final_step = strtoupper($final_step); $password_enc_my = md5($final_step); $password_enc_my = strtoupper($password_enc_my); if ( $password_enc_my == $encoded_pw ) { printf("\nSUCCESS - Password is '$word'\n"); break; } if($a==20000){$s=time()-$t;printf("Time: $s seconds, trying word #$b - $word\n");$a=0;}else{$a++;$b++;}; } ?> Quote Link to comment Share on other sites More sharing options...
jitesh Posted March 14, 2007 Share Posted March 14, 2007 For md5 you can not decript you can use base64_encode and base64_decode. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted March 14, 2007 Share Posted March 14, 2007 For md5 you can not decript you can use base64_encode and base64_decode. Yes Jitesh is right u cannot decrypt the md5 password. use another methods for it like jitesh mention. Quote Link to comment Share on other sites More sharing options...
btherl Posted March 14, 2007 Share Posted March 14, 2007 The OP is talking about guessing passwords, not decryption. You can guess md5() passwords, even if you cannot decrypt md5. maxcell, yes you can. What approach do you want to take to generating the dictionary? Generating and testing all 7 and 8 character strings is not feasible on today's hardware, so you will need to choose a strategy of some sort. Quote Link to comment Share on other sites More sharing options...
maxcell Posted March 14, 2007 Author Share Posted March 14, 2007 this script works... I tested it and used it.. I do have the hashed data one_time_token=7D2EE8BBF99E5CD232EC66F401B88E34 encoded_pw=92AC9183FE8CBB00A833DE22B72309B9 WHat im trying to do is instead of generating a dictionary text file, I want to build that into the script so that it generates dictionary word files on the fly, not using a text file to read from.. Quote Link to comment Share on other sites More sharing options...
btherl Posted March 14, 2007 Share Posted March 14, 2007 Maxcell, you will still need a strategy for generating those words. Usually you will start with a simple dictionary (english words, names, or words in whatever language is appropriate) and generate variations on those words, like add 0 to the end, replace "l" with "1", and so on. For the overall structure you could use: <?php if ( $argc != 4 ) { printf("--------------------------------------------------------"); printf("\nUsage: php $argv[0] dictionary one_time_token encoded_pw\n"); printf("\n dictionary = Textfile containing password, one each line"); printf("\n one_time_token = Token extracted from sniffed packet"); printf("\n encoded_pw = Already encoded password extracted from sniffed packet\n"); printf("\nExample: \nphp $argv[0] dic.txt 045E54583B13364A6E77E2FAC27AFD90 7C62B02BF9A238ED1455F74F03367C49\n\n"); printf("Don't mix the arguments - sorry for this.\n"); printf("--------------------------------------------------------\n"); exit; } $one_time_token = $argv[2]; $encoded_pw = $argv[3]; $dic = $argv[1]; $a=0; $b=0; $t=time(); while($word = next_word()) { $password = md5($word); $password = strtoupper($password); $final_step = $password . $one_time_token; $final_step = strtoupper($final_step); $password_enc_my = md5($final_step); $password_enc_my = strtoupper($password_enc_my); if ( $password_enc_my == $encoded_pw ) { printf("\nSUCCESS - Password is '$word'\n"); break; } if($a==20000){$s=time()-$t;printf("Time: $s seconds, trying word #$b - $word\n");$a=0;}else{$a++;$b++;}; } function next_word() { static $x = 0; // Word generation code in here. $x is used to remember where we are up to. // If no words left, return false } ?> Then you just need to decide on your word generation strategy, which will go inside next_word() Quote Link to comment Share on other sites More sharing options...
maxcell Posted March 14, 2007 Author Share Posted March 14, 2007 THanks alot, i appreciate your help! The strategy I was going to use was just brute force 8 character long strings from a to 9 using the character set of: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789. im actually not fluent in php at all.. just trying to use my logic, kinda hard sometimes when i dont know the scripting language... Thanks again guys! Quote Link to comment Share on other sites More sharing options...
jitesh Posted March 20, 2007 Share Posted March 20, 2007 This is for u test it. <?php class Crypter{ var $key; function Crypter($clave){ $this->key = $clave; } function setKey($clave){ $this->key = $clave; } function keyED($txt) { $encrypt_key = md5($this->key); $ctr=0; $tmp = ""; for ($i=0;$i<strlen($txt);$i++) { if ($ctr==strlen($encrypt_key)) $ctr=0; $tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1); $ctr++; } return $tmp; } function encrypt($txt){ srand((double)microtime()*1000000); $encrypt_key = md5(rand(0,32000)); $ctr=0; $tmp = ""; for ($i=0;$i<strlen($txt);$i++){ if ($ctr==strlen($encrypt_key)) $ctr=0; $tmp.= substr($encrypt_key,$ctr,1) . (substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1)); $ctr++; } return base64_encode($this->keyED($tmp)); } function decrypt($txt) { $txt = $this->keyED(base64_decode($txt)); $tmp = ""; for ($i=0;$i<strlen($txt);$i++){ $md5 = substr($txt,$i,1); $i++; $tmp.= (substr($txt,$i,1) ^ $md5); } return $tmp; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.