Braindisorder If you are not free to choose wrongly and irresponsibly, you are not free at all.

1Nov/089

MD5 Brute Force with PHP

Dictionary MD5 hacking was fun, but now let's do some brute force! I used part of some code I found and entered some testdata just to prove the concept.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?
set_time_limit(0);
 
function getmicrotime() {
   list($usec, $sec) = explode(" ",microtime());
   return ((float)$usec + (float)$sec);
} 
 
$time_start = getmicrotime();
 
// algorithm of hash
// see http://php.net/hash_algos for available algorithms
define('HASH_ALGO', 'md5');
 
// max length of password to try
define('PASSWORD_MAX_LENGTH', 8);
 
$charset = 'abcdefghijklmnopqrstuvwxyz';
#$charset .= '0123456789';
#$charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
#$charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
$str_length = strlen($charset);
 
 
// If no arguments given present usage info
if ($_SERVER["argc"] < 1) {
  print "Usage: attack.php <hash>\n";
  exit;
}
 
// Get MD5 checksum from command line
$hash_password = $_SERVER["argv"][1];
 
function check($password)
{
        global $hash_password, $time_start;     
 
        if (hash(HASH_ALGO, $password) == $hash_password) {
 
                echo "\n\n" . "FOUND MATCH, password: " . $password . "\n\n";
                $time_end = getmicrotime();
                $time = $time_end - $time_start; 
                echo "Found in " . $time . " seconds\n";
                exit;
        }
}
 
 
function recurse($width, $position, $base_string)
{
        global $charset, $str_length;
 
        for ($i = 0; $i < $str_length; ++$i) {
                if ($position  < $width - 1) {
                        recurse($width, $position + 1, $base_string . $charset[$i]);
                }
                check($base_string . $charset[$i]);
        }
}
 
echo "Target hash: " . $hash_password . "\n";
for ($i = 1; $i < PASSWORD_MAX_LENGTH + 1; ++$i) {
        echo "\n" . "Checking passwords with length:" .$i;
        $time_check = getmicrotime();
        $time = $time_check - $time_start;
        echo "\n" . "Runtime: " . $time . " seconds";
        recurse($i, 0, '');
}
 
echo "Execution complete, no password found\r\n";
?>

Target hash: e80b5017098950fc58aad83c8c14978e

Checking passwords with length:1
Runtime: 0.000102043151855 seconds
Checking passwords with length:2
Runtime: 0.000209093093872 seconds
Checking passwords with length:3
Runtime: 0.00194907188416 seconds
Checking passwords with length:4
Runtime: 0.0476939678192 seconds
Checking passwords with length:5
Runtime: 1.09398603439 seconds
Checking passwords with length:6
Runtime: 28.3298618793 seconds

FOUND MATCH, password: abcdef

Found in 29.4669120312 seconds

With the complete charset enabled:

Target hash: e80b5017098950fc58aad83c8c14978e

Checking passwords with length:1
Runtime: 0.00101113319397 seconds
Checking passwords with length:2
Runtime: 0.00128507614136 seconds
Checking passwords with length:3
Runtime: 0.0210931301117 seconds
Checking passwords with length:4
Runtime: 1.49697518349 seconds
Checking passwords with length:5
Runtime: 149.323027134 seconds
Checking passwords with length:6
Runtime: 26291.0229962 seconds

FOUND MATCH, password: abcdef

Found in 26451.9779811 seconds

I'm currently running some 8 character brute forces, but they are taking forever, so I'll post the results later.

Filed under: Code Leave a comment
Comments (9) Trackbacks (0)
  1. I’m also writing a md5 bruteforce on php. Have you complete 8 character brute force? If yes, how long it takes?

    [Reply]

  2. I haven’t had the patience yet to complete a 8 character brute force. It takes forever, even with just a-z. It is only 208.827.064.576 possibilites after all.

    I think the only realistic way to hack MD5 (pass)words is to get a very extensive dictionary and hope that, like almost all people, they use simple words.

    [Reply]

  3. Yeap. I think that this way will be some kind of luck in cracking password. As i know that someone had already crack md5 algorithm.

    [Reply]

  4. This is nice, this until salt is added. Then you aren’t in Kansas anymore.

    For the record, md5 hash 16^32 possible combinations. This is just 340.282.366.920.938.463.463.374.607.431.768.211.456 possibilities. This won’t take long! 😉

    [Reply]

  5. Or you should use a CUDA or ATI supported GPU cracker 🙂

    [Reply]

  6. Certainly seems to be possible to crack the algorithm mathamatically.

    [Reply]

    Sacha LigthertNo Gravatar Reply:

    Yeah, md5 is kinda old news: https://secure.wikimedia.org/wikipedia/en/wiki/MD5#Security

    [Reply]

  7. Hello,

    I have a PHP script that creates all 4 letter combination with an array.

    Check it out
    http://lxcblog.com/2010/10/27/create-four-4-letter-domain-name-password-key-combination-php-array-script/

    [Reply]

  8. Hi admin i see you don’t earn on your blog. You can earn extra bucks easily,
    search on youtube for: how to earn selling articles

    [Reply]


Leave a comment

No trackbacks yet.