MD5 Hacking with PHP
Although I have been working with php and thus md5 hashed passwords for loads of years I have never actually tried to break the md5 hash to see how easy (or not) it is to break it until I stumbled on a site with some examples.
I wanted to give the dictionary example a shot and modified the dictattack script so that it would keep time and show me some form of progress. (I hate software or scripts not showing me that they are actually still busy with at least something.)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | <? function getmicrotime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); } $time_start = getmicrotime(); // If no arguments given present usage info if ($_SERVER["argc"] < 2) { print "Usage: dictattack.php <MD5 checksum> [ <Dictionary file> ]\n"; exit; } // Get MD5 checksum from command line $md5sum = $_SERVER["argv"][1]; // Open word list - either the one from the command line // or use the default list if (isset($_SERVER["argv"][2]) && is_file($_SERVER["argv"][2])) { $words = file($_SERVER["argv"][2]); } else { $words = file("/usr/share/dict/words"); } // Loop through all words foreach ($words as $word) { $word = rtrim($word); if (md5($word) == $md5sum) { print "Match found! $word = $md5sum\n"; $time_end = getmicrotime(); $time = $time_end - $time_start; print "Found in " . $time . " seconds\n"; exit; } } print "No matches found!\n"; ?> |
Match found! zwirrel = e5b4466aa52137f90cba03ad88381dee
Found in 0.287662982941 seconds
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | <? set_time_limit(0); function getmicrotime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); } $time_start = getmicrotime(); // Charset to append characters from $charset = "abcdefghijkmnopqrstuvwxyzABCDEFGHJIKLMNPQRSTUVWXYZ0123456789"; // If no arguments given present usage info if ($_SERVER["argc"] < 2) { print "Usage: dictattack.php <MD5 checksum> [ <Dictionary file> ]\n"; exit; } // Get MD5 checksum from command line $md5sum = $_SERVER["argv"][1]; // Open word list - either the one from the command line // or use the default list if (isset($_SERVER["argv"][2]) && is_file($_SERVER["argv"][2])) { $words = file($_SERVER["argv"][2]); } else { $words = file("/usr/share/dict/words"); } // Loop through all words foreach ($words as $word) { $word = rtrim($word); if (md5($word) == $md5sum) { print "Match found in dictionary! $word = $md5sum\n"; $time_end = getmicrotime(); $time = $time_end - $time_start; print "Found in " . $time . " seconds\n"; exit; } } // Loop through all the words again, but append 2 characters foreach ($words as $word) { $word = rtrim($word); for ($i=0; $i<strlen($charset); $i++) { for ($j=0; $j<strlen($charset); $j++) { $word2 = $word.$charset[$i].$charset[$j]; if (md5($word2) == $md5sum) { print "Match found! $word2 = $md5sum\n"; $time_end = getmicrotime(); $time = $time_end - $time_start; print "Found in " . $time . " seconds\n"; exit; } } } } print "No matches found!\n"; ?> |
Match found! zwirrel16 = d2dc8ee8c936b543a04e96618587c4a7
Found in 913.657567024 seconds
With the charset only using 0-9
Match found! zwirrel16 = d2dc8ee8c936b543a04e96618587c4a7
Found in 24.3986721039 seconds
More later!
January 22nd, 2012 - 17:05
Ciao,
I report my work on brute force an MD5 hash:
http://www.guizzardi.net/?p=209
No wordlist use, only brute force, here the code:
http://www.guizzardi.net/?file_id=5
Thanks.
[Reply]