Skip to content

Instantly share code, notes, and snippets.

@Xyl2k
Created September 14, 2014 09:23
Show Gist options
  • Save Xyl2k/41bc662a6b6a55945940 to your computer and use it in GitHub Desktop.
Save Xyl2k/41bc662a6b6a55945940 to your computer and use it in GitHub Desktop.
<?php
/**
* Defeat the weak hash function of Rovnix
* to get password from a hash.
*/
$HASH = 'fbff791ef0770855e599ea6f87d41653';
$value = getNumber($HASH);
$search = search($value, $HASH);
echo('Hash: ' . $HASH . '<br />');
echo('Value: ' . $value . '<br />');
echo('Search: ' . $search);
// Search an working (number) password
function search($value, $hash) {
$i = 0;
while (true) {
if (getHash($i) == $value)
return $i;
$i++;
}
}
// Get the hashed number
function getNumber($hash) {
$i = 0;
while (true) {
if (md5($i) == $hash)
return $i;
$i++;
}
}
// Hash function without final MD5 (return only numbers)
function getHash($hash) {
$salt = 'LKJFDJLJkkljKJKJKJkjkj$i%&@(%jkjJn@@j$r@!cdh*!@#$djl1J$r!j@o*$@duJxlJLEKJkJFKJEJ2$jkeJFJLEJFE';
return $hash + $salt + md5($salt) + md5($hash) + $salt[3];
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment