int main(void) { char buf[255]; int count; char **chbuffer; if((chbuffer=charArrAlloc(25,255))==NULL) { return 1; } while(fgets(buf,255,stdin)!=NULL) { count=stringtoarray(buf,255,chbuffer,25,255,'\n'); printfstrarr(chbuffer,count); } freeArr(chbuffer,25); return 0; }
// NOTE, this still needs work. I am sure this will not eliminate (compact out) // duplicate salts. static void *get_salt(char *ciphertext) { sip_salt *salt; static char saltBuf[2048]; char *lines[16]; login_t login; int num_lines; MD5_CTX md5_ctx; unsigned char md5_bin_hash[MD5_LEN]; char static_hash[MD5_LEN_HEX+1]; char *saltcopy = saltBuf; salt = mem_calloc_tiny(sizeof(sip_salt), MEM_ALIGN_NONE); strcpy(saltBuf, ciphertext); saltcopy += 6; /* skip over "$sip$*" */ memset(&login, 0, sizeof(login_t)); num_lines = stringtoarray(lines, saltcopy, '*'); assert(num_lines == 14); strncpy(login.server, lines[0], sizeof(login.server) - 1 ); strncpy(login.client, lines[1], sizeof(login.client) - 1 ); strncpy(login.user, lines[2], sizeof(login.user) - 1 ); strncpy(login.realm, lines[3], sizeof(login.realm) - 1 ); strncpy(login.method, lines[4], sizeof(login.method) - 1 ); /* special handling for uri */ if (!strcmp(lines[7], "")) sprintf(login.uri, "%s:%s", lines[5], lines[6]); else sprintf(login.uri, "%s:%s:%s", lines[5], lines[6], lines[7]); strncpy(login.nonce, lines[8], sizeof(login.nonce) - 1 ); strncpy(login.cnonce, lines[9], sizeof(login.cnonce) - 1 ); strncpy(login.nonce_count, lines[10], sizeof(login.nonce_count) - 1 ); strncpy(login.qop, lines[11], sizeof(login.qop) - 1 ); strncpy(login.algorithm, lines[12], sizeof(login.algorithm) - 1 ); strncpy(login.hash, lines[13], sizeof(login.hash) - 1 ); if(strncmp(login.algorithm, "MD5", strlen(login.algorithm))) { printf("\n* Cannot crack '%s' hash, only MD5 supported so far...\n", login.algorithm); exit(-1); } /* Generating MD5 static hash: 'METHOD:URI' */ MD5_Init(&md5_ctx); MD5_Update(&md5_ctx, (unsigned char*)login.method, strlen( login.method )); MD5_Update(&md5_ctx, (unsigned char*)":", 1); MD5_Update(&md5_ctx, (unsigned char*)login.uri, strlen( login.uri )); MD5_Final(md5_bin_hash, &md5_ctx); bin_to_hex(bin2hex_table, md5_bin_hash, MD5_LEN, static_hash, MD5_LEN_HEX); /* Constructing first part of dynamic hash: 'USER:REALM:' */ salt->dynamic_hash_data = salt->Buf; snprintf(salt->dynamic_hash_data, DYNAMIC_HASH_SIZE, "%s:%s:", login.user, login.realm); salt->dynamic_hash_data_len = strlen(salt->dynamic_hash_data); /* Construct last part of final hash data: ':NONCE(:CNONCE:NONCE_COUNT:QOP):<static_hash>' */ /* no qop */ salt->static_hash_data = &(salt->Buf[salt->dynamic_hash_data_len+1]); if(!strlen(login.qop)) snprintf(salt->static_hash_data, STATIC_HASH_SIZE, ":%s:%s", login.nonce, static_hash); /* qop/conce/cnonce_count */ else snprintf(salt->static_hash_data, STATIC_HASH_SIZE, ":%s:%s:%s:%s:%s", login.nonce, login.nonce_count, login.cnonce, login.qop, static_hash); /* Get lens of static buffers */ salt->static_hash_data_len = strlen(salt->static_hash_data); /* Begin brute force attack */ #ifdef SIP_DEBUG printf("Starting bruteforce against user '%s' (%s: '%s')\n", login.user, login.algorithm, login.hash); #endif strcpy(salt->login_hash, login.hash); return salt; }