mysqlpassword.c

mysqlpassword.c: Posted Apr 9, 2001; Authored by Chris Given; MySQL brute force password cracker - Uses a dictionary attack against an encrypted mysql password.; tags | cracker; SHA-256 | d2d6a3f7496ba65f94690c6000b5539d0e0594cd880324e8e20d6d1758ca616f; Download | Favorite | View

mysqlpassword.c

////////////////////////////////////////////////////////////////////////////
///////////////////////////////
//
// MySQL brute force password crack
//
// to compile : gcc -omysqlpassword mysqlpassword.c -O6 -lm
//
#include <stdio.h>
#include <stdlib.h>
#include <math.h>

struct rand_struct {
  unsigned long seed1,seed2,max_value;
  double max_value_dbl;
};

void make_scrambled_password(char *,const char *);
char *scramble(char *,const char *,const char *, int);


////////////////////////////////////////////////////////////////////////////
///////////////////////////////
//
// Min / Max brute range. Min == ' ' Max == '~' see std ascii chart
//
#define MIN 32
#define MAX 126

int brute(char *to,const char* password) {
  
////////////////////////////////////////////////////////////////////////////
///////////////////////////////
  //
  // weak 1-9 MIN-MAX character brute
  //
  int i;
  unsigned long attempts=0;
  char hash[32]={MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN};
  char temp[32]={MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN,MIN};
  for(hash[9]=MIN;hash[9]<MAX;hash[9]++) {
  for(hash[8]=MIN;hash[8]<MAX;hash[8]++) {
  for(hash[7]=MIN;hash[7]<MAX;hash[7]++) {
  for(hash[6]=MIN;hash[6]<MAX;hash[6]++) {
  for(hash[5]=MIN;hash[5]<MAX;hash[5]++) {
  for(hash[4]=MIN;hash[4]<MAX;hash[4]++) {
  for(hash[3]=MIN;hash[3]<MAX;hash[3]++) {
  for(hash[2]=MIN;hash[2]<MAX;hash[2]++) {
  for(hash[1]=MIN;hash[1]<MAX;hash[1]++) {
  for(hash[0]=MIN;hash[0]<MAX;hash[0]++) {
    attempts++;
    sprintf(temp,"%s",hash);
    for(i=0;i<10;i++) {
      if(temp[i]==MIN) {
        temp[i]='\0';
      }
    }
    make_scrambled_password(to,temp);
    if(!strcmp(to,password)) {
      printf("MATCH [%s] [%s]==[%s]\n",temp,to,password);
      return(0);
    }
    if(attempts % 100000 == 0) {
      // Show status every 100,000 records
  
printf("(%li)\t[0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%0
2x,0x%02x]\t[%s]
[%s]!=[%s]\n",attempts,hash[0],hash[1],hash[2],hash[3],hash[4],hash[5],hash[
6],hash[7],hash[8],hash[9],temp,to,password);
    }
  }
  }
  }
  }
  }
  }
  }
  }
  }
  }
  return(-1);
}

int main(int argc, char* argv[]) {
  char *to;
  if(argc!=2) {
    fprintf(stderr,"usage : %s [ENCRYPTED MYSQL
PASSWORD]\nexample , 5d2e19393cc5ef67 is encrypted value 'password' : %s
5d2e19393cc5ef67\n",argv[0],argv[0]);
    return(0);
  }
  to=malloc(1024);
  return(brute(to,argv[1]));
}
////////////////////////////////////////////////////////////////////////////
///////////////////////////////
//
// thx mysql source ^_^
//
void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) {
  rand_st->max_value= 0x3FFFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  rand_st->seed1=seed1%rand_st->max_value ;
  rand_st->seed2=seed2%rand_st->max_value;
}
static void old_randominit(struct rand_struct *rand_st,ulong seed1) {
  rand_st->max_value= 0x01FFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  seed1%=rand_st->max_value;
  rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
}
double rnd(struct rand_struct *rand_st) {
  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) %
rand_st->max_value;
  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) %
rand_st->max_value;
  return(((double) rand_st->seed1)/rand_st->max_value_dbl);
}
void hash_password(ulong *result, const char *password) {
  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
  ulong tmp;
  for (; *password ; password++) {
    if (*password == ' ' || *password == '\t')
      continue;
    tmp= (ulong) (unsigned char) *password;
    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
    nr2+=(nr2 << 8) ^ nr;
    add+=tmp;
  }
  result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit
(str2int) */;
  result[1]=nr2 & (((ulong) 1L << 31) -1L);
  return;
}
void make_scrambled_password(char *to,const char *password) {
  ulong hash_res[2];
  hash_password(hash_res,password);
  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
}
static inline uint char_val(char X) {
  return (uint) (X >= '0' && X <= '9' ? X-'0' : X >= 'A' && X <= 'Z' ?
X-'A'+10 : X-'a'+10);
}
char *scramble(char *to,const char *message,const char *password, int
old_ver) {
  struct rand_struct rand_st;
  ulong hash_pass[2],hash_message[2];
  if(password && password[0]) {
    char *to_start=to;
    hash_password(hash_pass,password);
    hash_password(hash_message,message);
    if (old_ver)
      old_randominit(&rand_st,hash_pass[0] ^
hash_message[0]);
    else
      randominit(&rand_st,hash_pass[0] ^ hash_message[0],
    hash_pass[1] ^ hash_message[1]);
    while (*message++)
      *to++= (char) (floor(rnd(&rand_st)*31)+64);
    if (!old_ver) {
      char extra=(char) (floor(rnd(&rand_st)*31));
      while(to_start != to)
        *(to_start++)^=extra;
      }
    }
  *to=0;
  return to;
}

Top Authors In Last 30 Days

Red Hat 286 files
indoushka 161 files
Jay Turla 150 files
Ubuntu 71 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,128)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,774)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,823)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

mysqlpassword.c

mysqlpassword.c

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mysqlpassword.c

Share This

mysqlpassword.c

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems