char *chessd_crypt(const char *passwd, const char *salt)
{
if (!strncmp(salt, "$1$", 3)) {
salt += 3;
salt = salt + strlen(salt) - strcspn(salt, "$");
return crypt_md5(passwd, salt);
}
return crypt_md5(passwd, salt);
}
static void f_crypt_md5(INT32 args)
{
char salt[8];
char *ret, *saltp ="";
char *choice =
"cbhisjKlm4k65p7qrJfLMNQOPxwzyAaBDFgnoWXYCZ0123tvdHueEGISRTUV89./";
if (args < 1)
SIMPLE_TOO_FEW_ARGS_ERROR("crypt_md5", 1);
if (Pike_sp[-args].type != T_STRING)
SIMPLE_BAD_ARG_ERROR("crypt_md5", 1, "string");
if (args > 1)
{
if (Pike_sp[1-args].type != T_STRING)
SIMPLE_BAD_ARG_ERROR("crypt_md5", 2, "string");
saltp = Pike_sp[1-args].u.string->str;
} else {
unsigned int i, r;
for (i = 0; i < sizeof(salt); i++)
{
r = my_rand();
salt[i] = choice[r % (size_t) strlen(choice)];
}
saltp = salt;
}
ret = (char *)crypt_md5(Pike_sp[-args].u.string->str, saltp);
pop_n_elems(args);
push_string(make_shared_string(ret));
}
int
main(int argc, char **argv)
{
struct stat sb;
time_t change_time = -1;
char buf[256];
char *user, *passwd, *p;
user_data *u;
setbuf(stdout, NULL);
if (argc != 2) {
fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
exit(1);
}
if (stat(argv[1], &sb) != 0) {
fprintf(stderr, "cannot stat %s\n", argv[1]);
exit(1);
}
while (fgets(buf, 256, stdin) != NULL) {
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0'; /* strip \n */
if (stat(argv[1], &sb) == 0) {
if (sb.st_mtime != change_time) {
read_passwd_file(argv[1]);
change_time = sb.st_mtime;
}
}
if ((user = strtok(buf, " ")) == NULL) {
printf("ERR\n");
continue;
}
if ((passwd = strtok(NULL, "")) == NULL) {
printf("ERR\n");
continue;
}
rfc1738_unescape(user);
rfc1738_unescape(passwd);
u = (user_data *) hash_lookup(hash, user);
if (u == NULL) {
printf("ERR No such user\n");
#if HAVE_CRYPT
} else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
printf("OK\n");
#endif
} else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
printf("OK\n");
} else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) { /* md5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco */
printf("OK\n");
} else {
printf("ERR Wrong password\n");
}
}
if (hash != NULL) {
hashFreeItems(hash, my_free);
hashFreeMemory(hash);
}
exit(0);
}
void dictionaryAttack(Account **accounts, const char *dico)
{
int i, nb, found;
size_t read, len;
char *line = NULL;
char *word = NULL;
char *hash = NULL;
FILE *f = NULL;
Account *account = NULL;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
/* *** Check parameters *** */
if (accounts == NULL || dico == NULL)
goto exit;
/* *** Try to open the dictionary *** */
f = fopen(dico, "r");
if (f == NULL)
{
fprintf(stderr, "error : unable to open %s\n", dico);
goto exit;
}
/* *** Try each word in the dictionary *** */
while ((read = getline(&line, &len, f)) != EOF)
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
word = strtok(line, "\r\n");
if (word == NULL)
continue;
/* *** Print the word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (i = 0; i < nb; i++)
{
account = accounts[i];
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt, account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word) + 1);
if (account->password == NULL)
{
fprintf(stderr, "error : memory allocation "\
"failed\n");
goto exit;
}
strcpy(account->password, word);
memset(account->password + strlen(word), '\0', 1);
found++;
getchar();
}
free(hash);
}
}
/* *** Restore memory *** */
free(line);
line = NULL;
word = NULL;
hash = NULL;
}
exit:
if (f != NULL)
fclose(f);
if (line != NULL)
free(line);
if (hash != NULL)
free(hash);
}
void bruteforceAttack(Account **accounts, int max_len)
{
int i, j, k, nb, found;
char *word = NULL;
char *hash = NULL;
Account *account = NULL;
/* *** Check parameters *** */
if (accounts == NULL)
goto exit;
if (max_len < 1)
max_len = BRUTE_FORCE_DEFAULT_LEN;
/* *** Init *** */
nb = AccountsLen(accounts);
found = 0;
word = malloc((max_len + 1) * sizeof(char));
if (word == NULL)
{
fprintf(stderr, "error : memory allocation failed\n");
goto exit;
}
for (i = 1; i <= max_len; i++)
{
for (j = 0; j < i; j++)
word[j]='a';
word[i]=0;
do
{
/* *** If all accounts have been cracked *** */
if (found == nb)
goto exit;
/* *** Display the testing word *** */
printf(" %s\n", word);
/* *** Try the word for each account *** */
for (k = 0; k < nb; k++)
{
account = accounts[k];
/* *** Get the hash of the word *** */
switch(account->id)
{
case MD5:
hash = crypt_md5(word, account->salt,
account->rounds);
break;
case SHA256:
hash = crypt_sha256(word, account->salt,
account->rounds);
break;
case SHA512:
hash = crypt_sha512(word, account->salt,
account->rounds);
break;
}
/* *** Check if the word hash is identical *** */
if (hash != NULL)
{
if (account->password == NULL &&
!strcmp(account->hash, hash))
{
printf("\nlogin : %s\n", account->login);
printf("password : %s\n", word);
account->password = (char *) malloc(strlen(word)
+ 1);
if (account->password == NULL)
fprintf(stderr, "error : memory allocation "\
"failed\n");
memset(account->password + strlen(word), '\0', 1);
getchar();
found++;
}
free(hash);
hash = NULL;
}
}
} while (inc(word));
}
/* *** Restore memory *** */
free(word);
word = NULL;
exit:
if (hash != NULL)
free(hash);
return ;
}
