Braindisorder If you are not free to choose wrongly and irresponsibly, you are not free at all.

30Oct/080

MD5 Hacking with PHP

Although I have been working with php and thus md5 hashed passwords for loads of years I have never actually tried to break the md5 hash to see how easy (or not) it is to break it until I stumbled on a site with some examples.

I wanted to give the dictionary example a shot and modified the dictattack script so that it would keep time and show me some form of progress. (I hate software or scripts not showing me that they are actually still busy with at least something.)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
<?
function getmicrotime() {
   list($usec, $sec) = explode(" ",microtime());
   return ((float)$usec + (float)$sec);
} 
 
$time_start = getmicrotime();
 
// If no arguments given present usage info
if ($_SERVER["argc"] < 2) {
  print "Usage: dictattack.php <MD5 checksum> [ <Dictionary file> ]\n";
  exit;
}
 
// Get MD5 checksum from command line
$md5sum = $_SERVER["argv"][1];
 
// Open word list - either the one from the command line
// or use the default list
if (isset($_SERVER["argv"][2]) && is_file($_SERVER["argv"][2])) {
  $words = file($_SERVER["argv"][2]);
} else {
  $words = file("/usr/share/dict/words");
}
 
// Loop through all words
foreach ($words as $word) {
  $word = rtrim($word);
  if (md5($word) == $md5sum) {
    print "Match found! $word = $md5sum\n";
    $time_end = getmicrotime();
    $time = $time_end - $time_start; 
    print "Found in " . $time . " seconds\n";
    exit;
  }
}
 
print "No matches found!\n";
?>

Match found! zwirrel = e5b4466aa52137f90cba03ad88381dee
Found in 0.287662982941 seconds

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?
set_time_limit(0);
 
function getmicrotime() {
   list($usec, $sec) = explode(" ",microtime());
   return ((float)$usec + (float)$sec);
} 
 
$time_start = getmicrotime();
 
// Charset to append characters from
$charset = "abcdefghijkmnopqrstuvwxyzABCDEFGHJIKLMNPQRSTUVWXYZ0123456789"; 
 
// If no arguments given present usage info
if ($_SERVER["argc"] < 2) {
  print "Usage: dictattack.php <MD5 checksum> [ <Dictionary file> ]\n";
  exit;
}
 
// Get MD5 checksum from command line
$md5sum = $_SERVER["argv"][1];
 
// Open word list - either the one from the command line
// or use the default list
if (isset($_SERVER["argv"][2]) && is_file($_SERVER["argv"][2])) {
  $words = file($_SERVER["argv"][2]);
} else {
  $words = file("/usr/share/dict/words");
}
 
// Loop through all words
foreach ($words as $word) {
  $word = rtrim($word);
  if (md5($word) == $md5sum) {
    print "Match found in dictionary! $word = $md5sum\n";
    $time_end = getmicrotime();
    $time = $time_end - $time_start; 
    print "Found in " . $time . " seconds\n";
    exit;
  }
}
 
// Loop through all the words again, but append 2 characters
foreach ($words as $word) {
  $word = rtrim($word);
 
  for ($i=0; $i<strlen($charset); $i++) {
    for ($j=0; $j<strlen($charset); $j++) {
      $word2 = $word.$charset[$i].$charset[$j];
      if (md5($word2) == $md5sum) {
        print "Match found! $word2 = $md5sum\n";
        $time_end = getmicrotime();
        $time = $time_end - $time_start;
        print "Found in " . $time . " seconds\n";
        exit;
      }
    }
  }
} 
 
print "No matches found!\n";
?>

Match found! zwirrel16 = d2dc8ee8c936b543a04e96618587c4a7
Found in 913.657567024 seconds

With the charset only using 0-9

Match found! zwirrel16 = d2dc8ee8c936b543a04e96618587c4a7
Found in 24.3986721039 seconds

More later!

Filed under: Code Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.