Created
July 18, 2016 12:13
-
-
Save spacelatte/235b7ec4981dd11eaebf450b78d4e534 to your computer and use it in GitHub Desktop.
attack modems' passwd files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
#include <unistd.h> | |
#include <string.h> | |
#include <sys/types.h> | |
#include <signal.h> | |
#include <math.h> | |
#include <locale.h> | |
#ifdef __linux__ | |
#include <crypt.h> | |
#endif | |
#define LINE_MAX_CHARS 1024 | |
#define MAX_LEN 10 | |
enum ERRORS | |
{ | |
OK, | |
GENERIC, | |
NO_FILE, | |
NO_HASH, | |
CORRUPTED, | |
RESERVED | |
}; | |
int useWordList(const char *hash, const char *wl) | |
{ | |
if(strlen(hash) != 13) | |
return CORRUPTED; | |
FILE *wfp = fopen(wl,"r"); | |
if(wfp == NULL) | |
return NO_FILE; | |
char *line = (char*)malloc(LINE_MAX_CHARS*sizeof(char)); | |
char *pwd; | |
char salt[3] = {hash[0],hash[1],0}; | |
while(!feof(wfp)) | |
{ | |
fgets(line,LINE_MAX_CHARS,wfp); | |
line[strlen(line)-1] = 0; | |
pwd = crypt(line,salt); | |
if(!strcmp(pwd,hash)) | |
{ | |
printf("PWD FOUND! : \"%s\"\n",line); | |
return OK; | |
} | |
} | |
return GENERIC; | |
} | |
unsigned calculateDigits(uint64_t num) | |
{ | |
unsigned digits = 0; | |
unsigned dots = 0; | |
while(num) | |
{ | |
digits += 1; | |
if(digits%3 == 0) | |
dots += 1; | |
num /= 10; | |
} | |
return digits + dots; | |
} | |
uint64_t pcnt = 0; | |
bool bruteForceWithConstLen(const char *hash, int length) | |
{ | |
setlocale(LC_ALL,""); | |
char salt[3] = {hash[0],hash[1],0}; | |
char key[length+1]; | |
int interval[] = {33,126}; | |
for(int i=0;i<length;i++) | |
key[i] = interval[0]; | |
key[length] = 0; | |
char *pwd; | |
int pos = 1; | |
bool qt = false; | |
double maxlimit = pow(interval[1]-interval[0],length); | |
unsigned maxdigits = calculateDigits((uint64_t)maxlimit); | |
while(!qt) | |
{ | |
for(int i=interval[0];i<=interval[1];i++) | |
{ | |
key[0] = i; | |
pwd = crypt(key,salt); | |
pcnt += 1; | |
if(pcnt%(uint64_t)pow(10,5) == 0) | |
{ | |
fprintf(stderr,"%-78s|\r","."); | |
fprintf(stderr," %'*llu %7.3f%% %*s %*s \r",maxdigits,pcnt,100.0*pcnt/maxlimit,MAX_LEN+1,key,14,pwd); | |
} | |
if(!strcmp(hash,pwd)) | |
{ | |
printf("\nPWD FOUND! : \"%s\"\n",key); | |
return true; | |
} | |
} | |
key[0] += 1; | |
for(int i=0;i<length;i++) | |
{ | |
if(key[i] > interval[1]) | |
{ | |
if(i + 1 < length) | |
{ | |
key[i+1] += 1; | |
key[i] = interval[0]; | |
}else | |
qt = true; | |
} | |
} | |
} | |
return false; | |
} | |
int bruteForce(const char *hash) | |
{ | |
bool found = false; | |
int mx = MAX_LEN; | |
pid_t p[mx]; | |
pid_t c = 0; | |
for(int i=mx;i>0;i++) | |
{ | |
// if(i%2) | |
c = 0; | |
c = p[i] = fork(); | |
if(c) | |
{ | |
found = bruteForceWithConstLen(hash,i); | |
break; | |
} | |
} | |
printf("Enter to abort... (%d)\n",c); | |
fgetc(stdin); | |
for(int i=mx;i>0;i++) | |
kill(p[i],SIGTERM); | |
return !found; | |
} | |
int create(const char *t) | |
{ | |
//char t[LINE_MAX_CHARS]; | |
//fgets(t,LINE_MAX_CHARS,stdin); | |
char salt[3] = {t[0],t[1],0}; | |
//t[strlen(t)-1] = 0; | |
char *pwd = crypt(t,salt); | |
printf("%s\n",pwd); | |
return 0; | |
} | |
int help(const char *name) | |
{ | |
printf("Usage: %s (0|1|2|3) (hash) [length|wordlist]\n" | |
"\t%s 0 passphrase\n" | |
"\t%s 1 hash\n" | |
"\t%s 2 hash length\n" | |
"\t%s 3 hash wordlist\n" | |
,name,name,name,name,name); | |
return 0; | |
} | |
int main(int argc, const char *argv[]) | |
{ | |
if(argc < 2) | |
return help(argv[0]); | |
int type = atoi(argv[1]); | |
switch(type) | |
{ | |
case 3: | |
return useWordList(argv[2],argv[3]); | |
case 2: | |
return bruteForceWithConstLen(argv[2],atoi(argv[3])); | |
case 1: | |
return bruteForce(argv[2]); | |
case 0: | |
return create(argv[2]); | |
default: | |
return help(argv[0]); | |
} | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment