char *chessd_crypt(const char *passwd, const char *salt) { if (!strncmp(salt, "$1$", 3)) { salt += 3; salt = salt + strlen(salt) - strcspn(salt, "$"); return crypt_md5(passwd, salt); } return crypt_md5(passwd, salt); }
static void f_crypt_md5(INT32 args) { char salt[8]; char *ret, *saltp =""; char *choice = "cbhisjKlm4k65p7qrJfLMNQOPxwzyAaBDFgnoWXYCZ0123tvdHueEGISRTUV89./"; if (args < 1) SIMPLE_TOO_FEW_ARGS_ERROR("crypt_md5", 1); if (Pike_sp[-args].type != T_STRING) SIMPLE_BAD_ARG_ERROR("crypt_md5", 1, "string"); if (args > 1) { if (Pike_sp[1-args].type != T_STRING) SIMPLE_BAD_ARG_ERROR("crypt_md5", 2, "string"); saltp = Pike_sp[1-args].u.string->str; } else { unsigned int i, r; for (i = 0; i < sizeof(salt); i++) { r = my_rand(); salt[i] = choice[r % (size_t) strlen(choice)]; } saltp = salt; } ret = (char *)crypt_md5(Pike_sp[-args].u.string->str, saltp); pop_n_elems(args); push_string(make_shared_string(ret)); }
int main(int argc, char **argv) { struct stat sb; time_t change_time = -1; char buf[256]; char *user, *passwd, *p; user_data *u; setbuf(stdout, NULL); if (argc != 2) { fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n"); exit(1); } if (stat(argv[1], &sb) != 0) { fprintf(stderr, "cannot stat %s\n", argv[1]); exit(1); } while (fgets(buf, 256, stdin) != NULL) { if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ if (stat(argv[1], &sb) == 0) { if (sb.st_mtime != change_time) { read_passwd_file(argv[1]); change_time = sb.st_mtime; } } if ((user = strtok(buf, " ")) == NULL) { printf("ERR\n"); continue; } if ((passwd = strtok(NULL, "")) == NULL) { printf("ERR\n"); continue; } rfc1738_unescape(user); rfc1738_unescape(passwd); u = (user_data *) hash_lookup(hash, user); if (u == NULL) { printf("ERR No such user\n"); #if HAVE_CRYPT } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) { printf("OK\n"); #endif } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) { printf("OK\n"); } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) { /* md5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco */ printf("OK\n"); } else { printf("ERR Wrong password\n"); } } if (hash != NULL) { hashFreeItems(hash, my_free); hashFreeMemory(hash); } exit(0); }
void dictionaryAttack(Account **accounts, const char *dico) { int i, nb, found; size_t read, len; char *line = NULL; char *word = NULL; char *hash = NULL; FILE *f = NULL; Account *account = NULL; /* *** Init *** */ nb = AccountsLen(accounts); found = 0; /* *** Check parameters *** */ if (accounts == NULL || dico == NULL) goto exit; /* *** Try to open the dictionary *** */ f = fopen(dico, "r"); if (f == NULL) { fprintf(stderr, "error : unable to open %s\n", dico); goto exit; } /* *** Try each word in the dictionary *** */ while ((read = getline(&line, &len, f)) != EOF) { /* *** If all accounts have been cracked *** */ if (found == nb) goto exit; word = strtok(line, "\r\n"); if (word == NULL) continue; /* *** Print the word *** */ printf(" %s\n", word); /* *** Try the word for each account *** */ for (i = 0; i < nb; i++) { account = accounts[i]; switch(account->id) { case MD5: hash = crypt_md5(word, account->salt, account->rounds); break; case SHA256: hash = crypt_sha256(word, account->salt, account->rounds); break; case SHA512: hash = crypt_sha512(word, account->salt, account->rounds); break; } /* *** Check if the hash is identical *** */ if (hash != NULL) { if (account->password == NULL && !strcmp(account->hash, hash)) { printf("\nlogin : %s\n", account->login); printf("password : %s\n", word); account->password = (char *) malloc(strlen(word) + 1); if (account->password == NULL) { fprintf(stderr, "error : memory allocation "\ "failed\n"); goto exit; } strcpy(account->password, word); memset(account->password + strlen(word), '\0', 1); found++; getchar(); } free(hash); } } /* *** Restore memory *** */ free(line); line = NULL; word = NULL; hash = NULL; } exit: if (f != NULL) fclose(f); if (line != NULL) free(line); if (hash != NULL) free(hash); }
void bruteforceAttack(Account **accounts, int max_len) { int i, j, k, nb, found; char *word = NULL; char *hash = NULL; Account *account = NULL; /* *** Check parameters *** */ if (accounts == NULL) goto exit; if (max_len < 1) max_len = BRUTE_FORCE_DEFAULT_LEN; /* *** Init *** */ nb = AccountsLen(accounts); found = 0; word = malloc((max_len + 1) * sizeof(char)); if (word == NULL) { fprintf(stderr, "error : memory allocation failed\n"); goto exit; } for (i = 1; i <= max_len; i++) { for (j = 0; j < i; j++) word[j]='a'; word[i]=0; do { /* *** If all accounts have been cracked *** */ if (found == nb) goto exit; /* *** Display the testing word *** */ printf(" %s\n", word); /* *** Try the word for each account *** */ for (k = 0; k < nb; k++) { account = accounts[k]; /* *** Get the hash of the word *** */ switch(account->id) { case MD5: hash = crypt_md5(word, account->salt, account->rounds); break; case SHA256: hash = crypt_sha256(word, account->salt, account->rounds); break; case SHA512: hash = crypt_sha512(word, account->salt, account->rounds); break; } /* *** Check if the word hash is identical *** */ if (hash != NULL) { if (account->password == NULL && !strcmp(account->hash, hash)) { printf("\nlogin : %s\n", account->login); printf("password : %s\n", word); account->password = (char *) malloc(strlen(word) + 1); if (account->password == NULL) fprintf(stderr, "error : memory allocation "\ "failed\n"); memset(account->password + strlen(word), '\0', 1); getchar(); found++; } free(hash); hash = NULL; } } } while (inc(word)); } /* *** Restore memory *** */ free(word); word = NULL; exit: if (hash != NULL) free(hash); return ; }