How to Double Dutch (PHP)

Nope, just php at *00% - Its an older AMD processor but will eventually get the job done.

[QUOTE=SyntaX******;22654]It will take a maximum of 27 hours to crack the password using 6 hash over hashes, so I will post back once my CPU catches fire, or the password is cracked. I have the computer opened up with fans blowing directly on the processor so hopefully it will make it that through the night running at *00&#*7; CPU.[/QUOTE]

Are you sure that [b]you[/b] will make it through the night? It's an obvious fire risk.

What if you had a cat/dog in your house, and it licked the open computer mother***rd? What if it spilled the [copious amounts of] coffee on your desk onto the open computer?

Well, don't say we didn't warn you. You might want to write out a will though.

I have to say, when someone challenges you, you never seem to give up.

SyntaX is stubborn :rolleyes:

I told him I'd admit defeat if he just gave out the code for generating every possible Double Dutch combo (from 2 times to 20) of a ASCII string, cus after all I just wanna learn in the end, but he insists on winning fair and square.

But by some miracle he doesn't win, he'll have wasted all his time, wasted electricity, and I'll be seeing a nice little sticky from him named "PWNED BY MOONBAT" and dead animals

P.S. - The reason I <* dead animal pics so much is because the first time I ever defaced a site (milw0rm 'sploit, PHP-Fusion CMS site for some Counter-Strike clan) I posted a pic of a dead dog hanging from a tree. Yes, it's morbid. No, I don't care how sick you think I am. :)

I would consider myself more persistent. Stubborn hangs on to a negative connotation. The only reason I'm really being "persistent" with this case is because I have never actually tried to crack a password. I have no reason to, nor will every have any reason to. In theory, it works out in my head so I not only am proving it to you, but also to myself. I have lots of theories that should work, but have never been tested.

Well, nevermind thats a bunch of BS. I just cant wait to see Moonbats version of justgotowned.com posted on youtube. I cant let him get out of this one!

[QUOTE=Moonbat;22666]
P.S. - The reason I <* dead animal pics so much is because the first time I ever defaced a site (milw0rm 'sploit, PHP-Fusion CMS site for some Counter-Strike clan) I posted a pic of a dead dog hanging from a tree. Yes, it's morbid. No, I don't care how sick you think I am. :)[/QUOTE]

I've just realised that I've never defaced a site. Perhaps that's a good thing, or perhaps a bad thing.

See here:

[url]http://tinyurl.com/yvsxh[/url]























If you looked at that pic and thought "there's ol' goatse again" without being offended at all, or even admired the great feat of anus-stretching, you are desensitised to the internet.

I'm desensitised, but I don't think I'm 'sick'.

I don't know what qualifies as sick. Perhaps you are sick.

I'm in such a weird mood that I feel like posting some Youtube videos:

My favourite music video (serious):

[url]http://*****************/watch?v=ABqh*N-Mw5E[/url]

My favourite 'spot the difference' video (non-serious):

[url]http://*****************/watch?v=xCvhDPq6mBI[/url]

Meme *:

[url]http://*****************/watch?v=upvweQDrd5c[/url]

Meme 2:

[url]http://*****************/watch?v=oHg5SJYRHA0[/url]

Meme *:

[url]http://*****************/watch?v=EwTZ2xpQwpA[/url]
[url]http://*****************/watch?v=caIBKOztlAo[/url]
[url]http://*****************/watch?v=*oFS-q8BIps[/url]
[url]http://*****************/watch?v=JNEgr6ua6VQ[/url]

Welcome to the internet.

By the way, if it's time to concede defeat (actual purpose of thread):

[url]http://moonbat.justgotowned.com/[/url]

Edit: justgotowned is down.

I have never defaced a site either.

I did however find an exploit in Microsoft Windows 2000 (2002 Pre-Service pack 2) that would allowed me to access any computer that was not behind a firewall. I logged onto Goodyears server, Some hotel chain in Florida, A lawyers office in Arkansas, etc... I did however contact them and let them know that their computers needed to be *******. It kinda freaks them out when you read their entire employee roster to them from across the country.

[QUOTE=SyntaX******;2267*]
I did however find an exploit in Microsoft Windows 2000 (2002 Pre-Service pack 2) that would allowed me to access any computer that was not behind a firewall. I logged onto Goodyears server, Some hotel chain in Florida, A lawyers office in Arkansas, etc... I did however contact them and let them know that their computers needed to be *******. It kinda freaks them out when you read their entire employee roster to them from across the country.[/QUOTE]

You must have sounded totally badass revealing all their private information and internal network details from hundreds of miles away. Like in Bourne when he's looking at Landy through his sniper scope and says "get some rest, Pam, you look tired", but in electronic form.

You should have remote desktoped in and opened up a notepad window on their computer to talk to them, adding to the awesomeness.

[QUOTE]Mike, that entire post is made of win and pwn.[/QUOTE]

Sleep deprivation leads to weird posts like that, for me.

[URL="http://www.divshare.com/img/*7*0*4*-cb7.jpg"]Attention: this thread has officially been hijacked. Stay in your seats and no one will get hurt![/URL]

* hour and counting down. Either my office building will be toasted or I will have a password cracked!

Well, I'll be waiting... :D

Well... I have some news

Unfortunately, when I arrived at the office building this morning there was nothing left to it. Ash & rubble covered what was left of the **000 ft^2 building's floor. It was evident that I lost the competition. I burned down the office in an attempt to prove a simple point, that I could pwn moonbat. Well everyone, there is a very important lesson to be learned here! When you get so obsessed over things that matter so little, people can get hurt, lives can be lost, forever changed. But there is an even deeper moral to this story! View Below ...













Syntax****** is a crazy liar, [url=http://www.syntax******.info/img/proof_2.jpg]Proof I own Moonbat[/url]. Ha!

Well that was fun, and I've only had my first cup of coffee today. I know I know you want to see the code. Well here the first script I used to crack his hashing sequence. I let 0's represent MD5 hash and *'s represent SHA* hash.
[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations);
$pointer=($wordlength-*);
settype($word,"string");
settype($combinations,"string");
//COUNTER FOR TOTAL COMBINATION TRIES
$counter=0;
///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++)
{
$custom_array[$i]=0;
}

while($pointer>=0)
{
$pointer=($wordlength-*);
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

$hashedword="aa";

$z=strlen($testword)-*;
while(isset($testword[$z])){
if($testword[$z]==0){
$hashedword=md5($hashedword);
}else{
$hashedword=sha*($hashedword);
}
$z--;
}

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}

$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=20;
$word="bd*de5d78f*ecf75*0f885edf7a7f*ef";
$possible_characters="0*";
$stats=0;
$statcounter=0;

// Start TIMER
// SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
// -----------
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////

for($i=$maxlength;$i>0 && $stats==0;$i--)
{
$stats=combinations($i,$word,$possible_characters);
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i);
}
}
$statcounter=$statcounter+$stats;

// End TIMER
// ---------
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: &#*7;f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

That wasn't so difficult to understand was it? What made this script so easy to work with is the floating array pointer I created. Anyways, here is the second part of the script that I used to crack moonbats passwords after I found his hashing sequence:

[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations);
$pointer=($wordlength-*);
settype($combinations,"string");
settype($word,"string");
//COUNTER FOR TOTAL COMBINATION TRIES
$counter=0;
///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++)
{
$custom_array[$i]=0;
}

while($pointer>=0)
{
$pointer=($wordlength-*);
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

$hashedword=md5(sha*(sha*(md5(md5(sha*($testword))))));

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}/*else{
echo "\nHASHWORD: " . $hashedword;
}*/
$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=5;
$word="*e0*fb4**70da6adb7a*2a*d54e48ac2";
$possible_characters="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0*2*45678*";
$stats=0;
$statcounter=0;

// Start TIMER
// SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
// -----------
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////

for($i=$maxlength;$i>0 && $stats==0;$i--)
{
$stats=combinations($i,$word,$possible_characters);
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i);
}
}
$statcounter=$statcounter+$stats;

// End TIMER
// ---------
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: %f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

Enjoy~ and Moonbat! Your password is stfuk. I win. :cool: Start making your youtube video! Can't wait to see it. If anyone has any questions about the script, post them here and I'll explain. (except the timer - I added that in just to see how long it takes to run.)

I hate you....

J/k, you won fair and square, time for dead animals and a YouTube vid...:(

For some odd reason I removed the comments to post it. I'll add more than enough comments and repost.

Ok first take a good look at this picture which I tried to explain how everything is actually working. [url=http://www.syntax******.info/img/explaination.jpg] VIEW IMAGE[/url]

After you view the image look at the code again with the comments I added. Hopefully it will help. It REALLY HURT my brain to write this. I have lost several childhood memories because of this, so please do not feel lost if you can not fully understand it the first time you look at it. I think I will recode it using better variable names so everyone can better understand it. The first time I wrote it, it was hard enough to keep the theory in my head so I wasn't worried about making the code user friendly.

[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations); // GETS THE LENGTH OF COMBINATIONS - IF $combinations="0*" $combinations_length WILL EQUAL 2
$pointer=($wordlength-*); // IN THIS CASE THE WORDLENGTH=20 SO IT WILL SET $pointer TO ** BECAUSE IN 00000000000000000000 THE LOCATION OF THE RIGHT MOST ZERO IS **
$counter=0; // BASIC COUNTER FOR EACH COMBINATION TRY
settype($word,"string");
settype($combinations,"string");
//COUNTER FOR TOTAL COMBINATION TRIES

///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++) // THIS BUILDS MY COUNTER ARRAY - THIS IS THE PART YOU REALLY NEED TO UNDERSTAND
{ // $wordlength=20 becuase there are a MAX of 20 possible hash tries for the sequence
$custom_array[$i]=0; // IT WILL SET AN ARRAY 00000000000000000000 WHICH ACTUALL REPRESENTS md5(md5(md5(md5( etc 20 times
}

while($pointer>=0) // HERE IS THE TRICK TO THE SCRIPT - THIS IS THE POINTER FOR THE CUSTOM ARRAY AND WILL ONLY BE LESS THAN ZERO ONLY WHEN IT HAS TRIED EVERY POSSIBLE COMBINATION
{
$pointer=($wordlength-*); // THIS RESETS THE ARRAY POINTER TO THE FARMOST ZERO TO RESTART THE INCREMENT PROCESS
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

echo "\n$testword";

$hashedword="aa";

$z=strlen($testword)-*;
while(isset($testword[$z])){
if($testword[$z]==0){
$hashedword=md5($hashedword);
}else{
$hashedword=sha*($hashedword);
}
$z--;
}

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}

$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=20; // MAXIMUM POSSIBLE LENGTH OF HASH SEQUENCES (EX: md5(sha*(sha*(md5( ... up to twenty)
$word="bd*de5d78f*ecf75*0f885edf7a7f*ef"; // THIS IS THE HASH I WILL BE TRYING TO FIND THE "HASH SEQUENCE" FOR.
$possible_characters="0*"; // THE TWO POSSIBLE CHARACTERS ARE 0 and *. 0 WILL REPRESENT MD5, * WILL REPRESENT SHA*
$stats=0;
$statcounter=0;

// Start TIMER - SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////


for($i=$maxlength;$i>0 && $stats==0;$i--) // BASICALLY THIS IS SETTING THE LOOP TO RUN UNTIL (STATS!=0 which means password is found) OR UNTIL ALL POSSIBLE COMBINATIONS HAVE BEEN TRIED
{
$stats=combinations($i,$word,$possible_characters); // STATS WILL EQUAL ZERO UNLESS PASSWORD MATCH IS FOUND IN FUNCTION combinations() IF PASSWORD IS FOUND THE VARIABLE COUNTER IS RETURNED
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i); // I SHOULD HAVE SIMPLY MADE $statcounter A GLOBAL, BUT I USED THIS TO CONTINUOUSLY ADD TO THE TOTAL COUNT OF TRIES IF PASSWORD IS NOT FOUND FOR THE CURRENT LOOP. THIS IS A BASIC COUNTER OF THE NUMBER OF TRIES.
}
}
$statcounter=$statcounter+$stats; // AFTER LOOP IF FINISHED - THE TOTAL OF TRIES IF CALCULATED

// End TIMER // PRINTS THE TIMER AT THE END OF SCRIPT
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: %f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

[URL="http://www.divshare.com/img/*7*6670-*f7.png"]Are you gonna give me a problem? You just said you're gonna give me a fucking problem![/URL]

Serious response: good work Syntax, although this entire exercise was kind of pointless.

[quote=mike*5*]Serious response: good work Syntax, although this entire exercise was kind of pointless.[/quote]
[b]Pointless![/b] We get to see Moonbat on Youtube raping dead animals.


[quote=DANIEL248]I kind of get where you're going with the script, but the problem is I don't know what was going through your mind when you wrote it, which is the real roadblock.[/quote]
If I made a video step by step coding this, would it help? I will need to put myself in the same state of mind I was in when I wrote it, but I can do it again. I've done it twice, thrice will not kill me. I'll record my desktop while I rewrite it.

Lol, don't expect too much from the vid, I gave up enough of my dignity already :p

[QUOTE=DANIEL2488;227**]Are you kidding? I'm sure this got us to think a good amount. I'd say this was one of the best threads we've had here.[/QUOTE]

It was an interesting thread, but the only point to the crack challenge was for Syntax****** and Moonbat to try to beat each other. Not that I disapprove of that -- we need more stuff like this in the forum.

Yep, this has been the most interesting thing (on this forum) since that time that guy (trinoid) came and asked us to pentest his site, which led to us getting his email, ebay acct, paypal, etc. Of course, we didn't do anything bad, and we told him to change his pass for all his stuff (his password was 'puppies' for everything).

[QUOTE=Moonbat;22725]Yep, this has been the most interesting thing (on this forum) since that time that guy (trinoid) came and asked us to pentest his site, which led to us getting his email, ebay acct, paypal, etc. Of course, we didn't do anything bad, and we told him to change his pass for all his stuff (his password was 'puppies' for everything).[/QUOTE]

I think we've had more interesting threads than that, but they don't come often.

this thread owns in so many levels... haha i read it from pst * through now lol haha this is great

Hehe, this thread does bring back memories. I thought I actually had a chance against the powers of SyntaX******. They don't call him that just for fun, you know :D

EDIT: Just read through SyntaX's code again, and realized that I could actually 'read' most of the code, not just stare at it in amazement like I did the last time I opened this thread. :)

[quote]Just read through SyntaX's code again, and realized that I could actually 'read' most of the code, not just stare at it in amazement like I did the last time I opened this thread.[/quote]

Well I never had any formal programming training. I just do it for the challenge when I have some extra time. Thanks to JayT I actually have started commenting all of my code. Now others can actually Read/Use the code I write. Wow, no more headaches. Go figure!

[QUOTE=SyntaX******;27*6*]Well I never had any formal programming training. I just do it for the challenge when I have some extra time. Thanks to JayT I actually have started commenting all of my code. Now others can actually Read/Use the code I write. Wow, no more headaches. Go figure![/QUOTE]
I didn't mean my last post in this sense.

What I meant was, before I really didn't know alot of PHP so it was just a bunch of code, but now after learning a good deal of PHP I can actually understand most of the code. :)

Security by obscurity is OK sometimes.

Securing login data by using SHA* or MD5 is good.
If done carefully, brute force guessing can be essentially neutralized.

For example, code like
[code]
md5(sha*(sha*(md5(md5(sha*("aa"))))))
[/code]
seems excessive.

A simpler way is simply to use an arbitrary, but consistent, rule to modify the hash in a way known ONLY to you and no other. Without this secret info, no amount of ordinary brute force will crack the hash in any practical time period. Mission accomplished.


[code]
$hash = md5("John");
[/code]
When I execute this, it returns

$hash = "6*40*aa*fd47d4a5**2de2*cbf5*a*6f"



Instead of leaving it that way, you could apply a 'private rule', such as swapping the **th character with the final character of the hash string before storing it.

In the above example

$hash = "6*40*aa*fd47d4a5**2de2*cbf5*a*6f"

would become:

"6*40*aa*fd47f4a5**2de2*cbf5*a*6d"

Brute force will NOT find 'John' from this hash.

The **th character 'f' was swapped with the final character 'd' to break the brute force method.

Before comparing, we repeat the swap, to restore the hash to normal.


ANY SIMPLE RULE WILL DO
It can be ANY simple convenient rule that transparently alters the hash from its original sequence but can be easily undone to restore the original hash.

To use the hash, simply reverse the process before comparing it. If someone stole your password list encrypted in this manner, would it simply occur to them to swap the **th and the final characters prior to attempting to crack it by brute force? Not likely.

The change is essentially invisible and without that special prior knowledge of the required minor change, nobody is likely to crack the hash. It's like the secret ingredient your mum uses in a recipe. Even if Russian spies steal her recipe, they still don't know about the secret ingredient not mentioned and will not get exactly the same result without it.

This is a case where security by obscurity is OK, very simple and quite effective.

The programming of this method is not difficult and its power and effectiveness lies in making sure that ONLY YOU know the secret of the hash.

I do the same with PGP encryption too. I have to change * characters before PGP can be decrypted. Knowing the pass phrase is not enough in itself if you don't know which * characters to change first prior to decryption.

Knowledge is power, and secret knowledge is even greater power.

While this is a good idea JayT, applying a salt to a password is just as effective, and IMO easier to implement. But nevertheless, it's a cool idea and it's original as far as I know.

[QUOTE=Moonbat;27***]While this is a good idea JayT, applying a salt to a password is just as effective, and IMO easier to implement. But nevertheless, it's a cool idea and it's original as far as I know.[/QUOTE]

The doctor told me to cut down on salt.
LOL

However, I don't think that salting a hash is any simpler to program than simply swapping 2 characters within a hash string.

That was a simple method I used with PGP before I heard of salting. One or two secretely altered characters and PGP and several other kinds of text-based encryptions are effectively immunized against brute force.

So simple, a Geico Salesman can do it!

Yadayadayada

:)