slpctrl Posted December 4, 2007 Share Posted December 4, 2007 I got some help on an MD5 cracker in here, well my little version (it's a project, i'm not using it to actually crack MD5 hashes) doesn't seem to work. Not sure why, here's the script: function hashcrack($string) { $words = str_ireplace(",", " ", file("http://www.site.com/dictionary.txt")); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } if ($result == $hash) { echo "hash matches $result"; } else { echo "No match found"; } Quote Link to comment Share on other sites More sharing options...
btherl Posted December 4, 2007 Share Posted December 4, 2007 What happens when you run it? Edit: Ok, here's what it should look like: function hashcrack($hash) { $words = str_ireplace(",", " ", file("http://www.site.com/dictionary.txt")); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } $word = hashcrack($hash); if ($word !== false) { echo "hash $hash matches $word\n"; } else { echo "no matches found\n"; } Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 What happens when you run it? Well, I have a small wordfile with a few words, then I have an MD5 hash hashed through PHP using md5(), so I know for a fact the word that matches the hash is in there, but it won't return the word. Quote Link to comment Share on other sites More sharing options...
mr_mind Posted December 4, 2007 Share Posted December 4, 2007 Here is what i would do function hashcrack($string) { $dictionary = show_source("http://www.site.com/dictionary.txt"); $against = explode(',', $dicionary); foreach ($against as $word) { if (md5($word) == $hash) { return $word; } } if(!isset($hash) { return 'No hass found'; } } And then where you use the function i would do if($_POST['hash']) { print hashcrack($_POST['hash']); } And voila the function should either print the word that matches the hash or No hash found Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 What happens when you run it? Edit: Ok, here's what it should look like: function hashcrack($hash) { $words = str_ireplace(",", " ", file("http://www.site.com/dictionary.txt")); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } $word = hashcrack($hash); if ($word !== false) { echo "hash $hash matches $word\n"; } else { echo "no matches found\n"; } Still nothin. But my PHP editor claims that the function is ended here: function hashcrack($hash) { $words = str_ireplace(",", " ", file("http://www.site.com/dictionary.txt")); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } Instead of the whole thing: function hashcrack($hash) { $words = str_ireplace(",", " ", file("http://www.site.com/dictionary.txt")); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } $word = hashcrack($hash); if ($word !== false) { echo "hash $hash matches $word\n"; } else { echo "no matches found\n"; } But when I take the bracket and move it to the bottom to include everything it displays nothing. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted December 4, 2007 Share Posted December 4, 2007 I explained this earlier MD5 could care less about words it cares about 32-bit portions of the whole that are then phrased. a word isn't exactly 32-bit Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 I explained this earlier MD5 could care less about words it cares about 32-bit portions of the whole that are then phrased. a word isn't exactly 32-bit Lol, yeah I heard you. Look, it's taking a txt file with words in it and MD5ing each value and comparing it to a hash that I have stored as a variable. Thanks for your input again though Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted December 4, 2007 Share Posted December 4, 2007 so you are basically doing it on your own subsets as you are exploding at the " ". You basically are trying a mini rainbow table aproach, md5 is crackable, but its a bit more complicated than this so keep trying Quote Link to comment Share on other sites More sharing options...
btherl Posted December 4, 2007 Share Posted December 4, 2007 The function should stop where it stops. The code below is code that demonstrates how to use the function. Put another way, hashcrack() is the function, and the code at the end (with the call to hashcrack()) is the code that uses the function. The code at the end shouldn't be inside the function. Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 Alright, here's my code simplified: function hashcrack($string) { $words = explode(",", file_get_contents("site.com/dic.txt")); foreach ($words as $word) { if (md5($word) == $string) return $word; else return false; } } It's still not doin the trick. And I can't catch where it's going wrong. Quote Link to comment Share on other sites More sharing options...
btherl Posted December 4, 2007 Share Posted December 4, 2007 Does it work if you try it with a known correct value? Your code that you pm'd me needs the following changes: //end hashcrack function $word = hashcrack($hash); echo $word; If it fails, it will echo nothing. If you want to display something different for failure, take a look at the code in my earlier post in this thread. Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 Does it work if you try it with a known correct value? Your code that you pm'd me needs the following changes: //end hashcrack function $word = hashcrack($hash); echo $word; If it fails, it will echo nothing. If you want to display something different for failure, take a look at the code in my earlier post in this thread. Wow, it does work with a known value. This works: function hashcrack($string) { $word = $string; $wordhash = md5($word); if (md5($word) == $wordhash){ return $word;} else{ return false;} } $var = hashcrack("string"); echo $var; It has to be somewhere where it splits the words up... ??? Quote Link to comment Share on other sites More sharing options...
btherl Posted December 4, 2007 Share Posted December 4, 2007 What do you see if you print out each word as it's checked? Do it like this to capture any invisible characters foreach ($words as $word) { print "Checking " . urlencode($word) . "<br>"; if (md5($word) == $string) return $word; else return false; } Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 What do you see if you print out each word as it's checked? Do it like this to capture any invisible characters foreach ($words as $word) { print "Checking " . urlencode($word) . "<br>"; if (md5($word) == $string) return $word; else return false; } Ah now were getting somewhere. It only does the first value, and doesn't check further. It's words seperated by commas, and it cuts off at the first word. ??? Here's my new code. I have the dictionary saved locally to save trouble: function hashcrack($string) { $dic = fopen("data.txt","r"); $words1 = fgets($dic); fclose($dic); $words = explode(",", $words1); foreach ($words as $word) { print "Checking " . urlencode($word) . "<br>"; if (md5($word) == $string) return $word; else return false; } } Quote Link to comment Share on other sites More sharing options...
slpctrl Posted December 4, 2007 Author Share Posted December 4, 2007 After some research, I'm convinced I need to use the array_map to cycle each value of the array through the function. Here's what I got out of that which isn't working, and once again I donno why function hashcrack($hash,$words) { foreach ($words as $word) { print "Checking " . urlencode($word) . "<br>"; if (md5($word) == $hash) return $word; else return false; } } //end hashcrack function $words=explode(",","12345,abc123,password,computer,123456,tigger,1234,a1b2c3,qwerty,123,xxx,money,test,carmen,mickey,secret,summer,internet,service,,canada,hello,ranger,shadow,baseball,donald,harley,hockey,letmein,maggie,mike,mustang,snoopy,buster,dragon,jordan,michael,michelle,mindy,patrick,123abc,andrew,bear,calvin,changeme,diamond,fuckme,fuckyou,matthew,miller,ou812,tiger,trustno1,12345678,alex,apple,avalon,brandy,chelsea,coffee,dave,falcon,freedom,gandalf,golf,green,helpme,linda,magic,merlin,molson,newyork,soccer,thomas,wizard,Monday,asdfgh,bandit,batman,boris,butthead,dorothy,eeyore,fishing,football,george,happy,iloveyou,jennifer,jonathan,love,marina,master,missy,monday,monkey,natasha,ncc1701,newpass,pamela") print_r(array_map("hashcrack",$hash,$words)); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.