How to Double Dutch (PHP)

[SyntaXmasteR]

I have never defaced a site either.

I did however find an exploit in Microsoft Windows 2000 (2002 Pre-Service pack 2) that would allowed me to access any computer that was not behind a firewall. I logged onto Goodyears server, Some hotel chain in Florida, A lawyers office in Arkansas, etc... I did however contact them and let them know that their computers needed to be *******. It kinda freaks them out when you read their entire employee roster to them from across the country.

[Ezekiel]

I did however find an exploit in Microsoft Windows 2000 (2002 Pre-Service pack 2) that would allowed me to access any computer that was not behind a firewall. I logged onto Goodyears server, Some hotel chain in Florida, A lawyers office in Arkansas, etc... I did however contact them and let them know that their computers needed to be *******. It kinda freaks them out when you read their entire employee roster to them from across the country.

You must have sounded totally badass revealing all their private information and internal network details from hundreds of miles away. Like in Bourne when he's looking at Landy through his sniper scope and says "get some rest, Pam, you look tired", but in electronic form.

You should have remote desktoped in and opened up a notepad window on their computer to talk to them, adding to the awesomeness.

Mike, that entire post is made of win and pwn.

Sleep deprivation leads to weird posts like that, for me.

[URL="http://www.divshare.com/img/*7*0*4*-cb7.jpg"]Attention: this thread has officially been hijacked. Stay in your seats and no one will get hurt![/URL]

[SyntaXmasteR]

* hour and counting down. Either my office building will be toasted or I will have a password cracked!

[Moonbat]

Well, I'll be waiting...

[SyntaXmasteR]

Well... I have some news

[SyntaXmasteR]

Unfortunately, when I arrived at the office building this morning there was nothing left to it. Ash & rubble covered what was left of the **000 ft^2 building's floor. It was evident that I lost the competition. I burned down the office in an attempt to prove a simple point, that I could pwn moonbat. Well everyone, there is a very important lesson to be learned here! When you get so obsessed over things that matter so little, people can get hurt, lives can be lost, forever changed. But there is an even deeper moral to this story! View Below ...













Syntax****** is a crazy liar, [url=http://www.syntax******.info/img/proof_2.jpg]Proof I own Moonbat[/url]. Ha!

Well that was fun, and I've only had my first cup of coffee today. I know I know you want to see the code. Well here the first script I used to crack his hashing sequence. I let 0's represent MD5 hash and *'s represent SHA* hash.
[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations);
$pointer=($wordlength-*);
settype($word,"string");
settype($combinations,"string");
//COUNTER FOR TOTAL COMBINATION TRIES
$counter=0;
///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++)
{
$custom_array[$i]=0;
}

while($pointer>=0)
{
$pointer=($wordlength-*);
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

$hashedword="aa";

$z=strlen($testword)-*;
while(isset($testword[$z])){
if($testword[$z]==0){
$hashedword=md5($hashedword);
}else{
$hashedword=sha*($hashedword);
}
$z--;
}

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}

$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=20;
$word="bd*de5d78f*ecf75*0f885edf7a7f*ef";
$possible_characters="0*";
$stats=0;
$statcounter=0;

// Start TIMER
// SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
// -----------
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////

for($i=$maxlength;$i>0 && $stats==0;$i--)
{
$stats=combinations($i,$word,$possible_characters);
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i);
}
}
$statcounter=$statcounter+$stats;

// End TIMER
// ---------
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: &#*7;f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

That wasn't so difficult to understand was it? What made this script so easy to work with is the floating array pointer I created. Anyways, here is the second part of the script that I used to crack moonbats passwords after I found his hashing sequence:

[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations);
$pointer=($wordlength-*);
settype($combinations,"string");
settype($word,"string");
//COUNTER FOR TOTAL COMBINATION TRIES
$counter=0;
///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++)
{
$custom_array[$i]=0;
}

while($pointer>=0)
{
$pointer=($wordlength-*);
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

$hashedword=md5(sha*(sha*(md5(md5(sha*($testword))))));

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}/*else{
echo "\nHASHWORD: " . $hashedword;
}*/
$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=5;
$word="*e0*fb4**70da6adb7a*2a*d54e48ac2";
$possible_characters="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0*2*45678*";
$stats=0;
$statcounter=0;

// Start TIMER
// SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
// -----------
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////

for($i=$maxlength;$i>0 && $stats==0;$i--)
{
$stats=combinations($i,$word,$possible_characters);
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i);
}
}
$statcounter=$statcounter+$stats;

// End TIMER
// ---------
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: %f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

Enjoy~ and Moonbat! Your password is stfuk. I win. Start making your youtube video! Can't wait to see it. If anyone has any questions about the script, post them here and I'll explain. (except the timer - I added that in just to see how long it takes to run.)

[Moonbat]

I hate you....

J/k, you won fair and square, time for dead animals and a YouTube vid...

[SyntaXmasteR]

For some odd reason I removed the comments to post it. I'll add more than enough comments and repost.

[SyntaXmasteR]

Ok first take a good look at this picture which I tried to explain how everything is actually working. [url=http://www.syntax******.info/img/explaination.jpg] VIEW IMAGE[/url]

After you view the image look at the code again with the comments I added. Hopefully it will help. It REALLY HURT my brain to write this. I have lost several childhood memories because of this, so please do not feel lost if you can not fully understand it the first time you look at it. I think I will recode it using better variable names so everyone can better understand it. The first time I wrote it, it was hard enough to keep the theory in my head so I wasn't worried about making the code user friendly.

[php]
<?
function combinations($maxlength,$word,$a)
{

$wordlength=$maxlength;
$combinations=$a;
$combinations_length=strlen($combinations); // GETS THE LENGTH OF COMBINATIONS - IF $combinations="0*" $combinations_length WILL EQUAL 2
$pointer=($wordlength-*); // IN THIS CASE THE WORDLENGTH=20 SO IT WILL SET $pointer TO ** BECAUSE IN 00000000000000000000 THE LOCATION OF THE RIGHT MOST ZERO IS **
$counter=0; // BASIC COUNTER FOR EACH COMBINATION TRY
settype($word,"string");
settype($combinations,"string");
//COUNTER FOR TOTAL COMBINATION TRIES

///////////////////////////////////////////////////



for($i=0;$i<$wordlength;$i++) // THIS BUILDS MY COUNTER ARRAY - THIS IS THE PART YOU REALLY NEED TO UNDERSTAND
{ // $wordlength=20 becuase there are a MAX of 20 possible hash tries for the sequence
$custom_array[$i]=0; // IT WILL SET AN ARRAY 00000000000000000000 WHICH ACTUALL REPRESENTS md5(md5(md5(md5( etc 20 times
}

while($pointer>=0) // HERE IS THE TRICK TO THE SCRIPT - THIS IS THE POINTER FOR THE CUSTOM ARRAY AND WILL ONLY BE LESS THAN ZERO ONLY WHEN IT HAS TRIED EVERY POSSIBLE COMBINATION
{
$pointer=($wordlength-*); // THIS RESETS THE ARRAY POINTER TO THE FARMOST ZERO TO RESTART THE INCREMENT PROCESS
while($custom_array[$pointer]<$combinations_length)
{
$counter++;
$testword=$combinations[$custom_array[0]];
for($i=*;$i<$wordlength;$i++)
{
$testword=$testword . $combinations[$custom_array[$i]];
}

echo "\n$testword";

$hashedword="aa";

$z=strlen($testword)-*;
while(isset($testword[$z])){
if($testword[$z]==0){
$hashedword=md5($hashedword);
}else{
$hashedword=sha*($hashedword);
}
$z--;
}

if($hashedword==$word)
{
// End TIMER
// ---------
echo "Checking: " . $testword . "=" . $word . "\n\n";
echo "Location: " . implode($custom_array,":");
return($counter);
// ---------
}

$custom_array[$pointer]=(($custom_array[$pointer])+*);
}
$custom_array[$pointer]=0;
$pointer--;
if($custom_array[$pointer]==($combinations_length-*))
{
while($custom_array[abs($pointer)]==($combinations_length-*))
{
$custom_array[$pointer]=0;
$pointer--;
}
}
$custom_array[$pointer]=(($custom_array[abs($pointer)])+*);
}
return(0);
}


///////////////////////////////////////////////
///////////////////////////////////////////////
/* BEGINNING OF SCRIPT */
$maxlength=20; // MAXIMUM POSSIBLE LENGTH OF HASH SEQUENCES (EX: md5(sha*(sha*(md5( ... up to twenty)
$word="bd*de5d78f*ecf75*0f885edf7a7f*ef"; // THIS IS THE HASH I WILL BE TRYING TO FIND THE "HASH SEQUENCE" FOR.
$possible_characters="0*"; // THE TWO POSSIBLE CHARACTERS ARE 0 and *. 0 WILL REPRESENT MD5, * WILL REPRESENT SHA*
$stats=0;
$statcounter=0;

// Start TIMER - SCRIPT FOUND HERE: http://www.desilva.biz/php/timer.html
$stimer = explode( ' ', microtime() );
$stimer = $stimer[*] + $stimer[0];
////////////////////////////////////////


for($i=$maxlength;$i>0 && $stats==0;$i--) // BASICALLY THIS IS SETTING THE LOOP TO RUN UNTIL (STATS!=0 which means password is found) OR UNTIL ALL POSSIBLE COMBINATIONS HAVE BEEN TRIED
{
$stats=combinations($i,$word,$possible_characters); // STATS WILL EQUAL ZERO UNLESS PASSWORD MATCH IS FOUND IN FUNCTION combinations() IF PASSWORD IS FOUND THE VARIABLE COUNTER IS RETURNED
if($stats==0)
{
$statcounter=$statcounter+pow(strlen($possible_characters),$i); // I SHOULD HAVE SIMPLY MADE $statcounter A GLOBAL, BUT I USED THIS TO CONTINUOUSLY ADD TO THE TOTAL COUNT OF TRIES IF PASSWORD IS NOT FOUND FOR THE CURRENT LOOP. THIS IS A BASIC COUNTER OF THE NUMBER OF TRIES.
}
}
$statcounter=$statcounter+$stats; // AFTER LOOP IF FINISHED - THE TOTAL OF TRIES IF CALCULATED

// End TIMER // PRINTS THE TIMER AT THE END OF SCRIPT
$etimer = explode( ' ', microtime() );
$etimer = $etimer[*] + $etimer[0];
printf( "\n\nTime: %f seconds.", ($etimer-$stimer) );
printf( "\n\nCombinations: $statcounter" );
// ---------

?>
[/php]

[Ezekiel]

[URL="http://www.divshare.com/img/*7*6670-*f7.png"]Are you gonna give me a problem? You just said you're gonna give me a fucking problem![/URL]

Serious response: good work Syntax, although this entire exercise was kind of pointless.

[SyntaXmasteR]

Serious response: good work Syntax, although this entire exercise was kind of pointless.

Pointless! We get to see Moonbat on Youtube raping dead animals.

I kind of get where you're going with the script, but the problem is I don't know what was going through your mind when you wrote it, which is the real roadblock.

If I made a video step by step coding this, would it help? I will need to put myself in the same state of mind I was in when I wrote it, but I can do it again. I've done it twice, thrice will not kill me. I'll record my desktop while I rewrite it.

[Moonbat]

Lol, don't expect too much from the vid, I gave up enough of my dignity already

[Ezekiel]

Are you kidding? I'm sure this got us to think a good amount. I'd say this was one of the best threads we've had here.

It was an interesting thread, but the only point to the crack challenge was for Syntax****** and Moonbat to try to beat each other. Not that I disapprove of that -- we need more stuff like this in the forum.

[Moonbat]

Yep, this has been the most interesting thing (on this forum) since that time that guy (trinoid) came and asked us to pentest his site, which led to us getting his email, ebay acct, paypal, etc. Of course, we didn't do anything bad, and we told him to change his pass for all his stuff (his password was 'puppies' for everything).

[Ezekiel]

Yep, this has been the most interesting thing (on this forum) since that time that guy (trinoid) came and asked us to pentest his site, which led to us getting his email, ebay acct, paypal, etc. Of course, we didn't do anything bad, and we told him to change his pass for all his stuff (his password was 'puppies' for everything).

I think we've had more interesting threads than that, but they don't come often.