krzysiu Posted June 28, 2009 Share Posted June 28, 2009 there is. Brute: Tool: /* This program is public domain. Share and enjoy. * * Example: * $ gcc -O2 -fomit-frame-pointer mysqlfast.c -o mysqlfast * $ mysqlfast 6294b50f67eda209 * Hash: 6294b50f67eda209 * Trying length 3 * Trying length 4 * Found pass: barf * * The MySQL password hash function could be strengthened considerably * by: * - making two passes over the password * - using a bitwise rotate instead of a left shift * - causing more arithmetic overflows */ #include <stdio.h> typedef unsigned long u32; /* Allowable characters in password; 33-126 is printable ascii */ #define MIN_CHAR 33 #define MAX_CHAR 126 /* Maximum length of password */ #define MAX_LEN 12 #define MASK 0x7fffffffL int crack0(int stop, u32 targ1, u32 targ2, int *pass_ary) { int i, c; u32 d, e, sum, step, diff, div, xor1, xor2, state1, state2; u32 newstate1, newstate2, newstate3; u32 state1_ary[MAX_LEN-2], state2_ary[MAX_LEN-2]; u32 xor_ary[MAX_LEN-3], step_ary[MAX_LEN-3]; i = -1; sum = 7; state1_ary[0] = 1345345333L; state2_ary[0] = 0x12345671L; while (1) { while (i < stop) { i++; pass_ary = MIN_CHAR; step_ary = (state1_ary & 0x3f) + sum; xor_ary = step_ary*MIN_CHAR + (state1_ary << Cool; sum += MIN_CHAR; state1_ary[i+1] = state1_ary ^ xor_ary; state2_ary[i+1] = state2_ary + ((state2_ary << Cool ^ state1_ary[i+1]); } state1 = state1_ary[i+1]; state2 = state2_ary[i+1]; step = (state1 & 0x3f) + sum; xor1 = step*MIN_CHAR + (state1 << Cool; xor2 = (state2 << Cool ^ state1; for (c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) { newstate2 = state2 + (xor1 ^ xor2); newstate1 = state1 ^ xor1; newstate3 = (targ2 - newstate2) ^ (newstate2 << Cool; div = (newstate1 & 0x3f) + sum + c; diff = ((newstate3 ^ newstate1) - (newstate1 << Cool) & MASK; if (diff % div != 0) continue; d = diff / div; if (d < MIN_CHAR || d > MAX_CHAR) continue; div = (newstate3 & 0x3f) + sum + c + d; diff = ((targ1 ^ newstate3) - (newstate3 << Cool) & MASK; if (diff % div != 0) continue; e = diff / div; if (e < MIN_CHAR || e > MAX_CHAR) continue; pass_ary[i+1] = c; pass_ary[i+2] = d; pass_ary[i+3] = e; return 1; } while (i >= 0 && pass_ary >= MAX_CHAR) { sum -= MAX_CHAR; i--; } if (i < 0) break; pass_ary++; xor_ary += step_ary; sum++; state1_ary[i+1] = state1_ary ^ xor_ary; state2_ary[i+1] = state2_ary + ((state2_ary << Cool ^ state1_ary[i+1]); } return 0; } void crack(char *hash) { int i, len; u32 targ1, targ2, targ3; int pass[MAX_LEN]; if ( sscanf(hash, "%8lx%lx", &targ1, &targ2) != 2 ) { printf("Invalid password hash: %s\n", hash); return; } printf("Hash: %08lx%08lx\n", targ1, targ2); targ3 = targ2 - targ1; targ3 = targ2 - ((targ3 << Cool ^ targ1); targ3 = targ2 - ((targ3 << Cool ^ targ1); targ3 = targ2 - ((targ3 << Cool ^ targ1); for (len = 3; len <= MAX_LEN; len++) { printf("Trying length %d\n", len); if ( crack0(len-4, targ1, targ3, pass) ) { printf("Found pass: "); for (i = 0; i < len; i++) putchar(pass); putchar('\n'); break; } } if (len > MAX_LEN) printf("Pass not found\n"); } int main(int argc, char *argv[]) { int i; if (argc <= 1) printf("usage: %s hash\n", argv[0]); for (i = 1; i < argc; i++) crack(argv); return 0; } But how to compile it? its look like C/C++, try download pelles and compile it Link to comment Share on other sites More sharing options...
QuiqueFloreS Posted June 28, 2009 Share Posted June 28, 2009 Dev c++ program can compile in windows... get fun! Link to comment Share on other sites More sharing options...
nickchaos20 Posted June 28, 2009 Share Posted June 28, 2009 Omg guys ... i have asked lot of ppls that know how to do it to explain me a little or help me through PM ... w/e im trying 12 hours now without stop and i didnt made it . .. . nones want to help me .. . :'( :'( :'( Link to comment Share on other sites More sharing options...
krzysiu Posted June 28, 2009 Share Posted June 28, 2009 Dev c++ program can compile in windows... get fun! wow u r awesome i wrote exactly the same. Link to comment Share on other sites More sharing options...
QuiqueFloreS Posted June 28, 2009 Share Posted June 28, 2009 wow u r awesome i wrote exactly the same. really? Devc++ is a program to compile... you just say the type of test kkthxbb Link to comment Share on other sites More sharing options...
ĐarkSlayer Posted June 28, 2009 Share Posted June 28, 2009 Lol darkslayer you ask if i can advertive your server in overdose server, and i m doing bullsh1ts? kkthxbb.. Vote For Ban ExTrEmEDwarf YES -> 1029 PPL NO -> 2 PPL ok i go ask ban I NEVER ASKED TO ADVERTISE MY SERVER IDIOT Link to comment Share on other sites More sharing options...
krzysiu Posted June 28, 2009 Share Posted June 28, 2009 really? Devc++ is a program to compile... you just say the type of test kkthxbb its logic if code is in C u will use PASCAL to compile it ? just think sometimes, Link to comment Share on other sites More sharing options...
Emrys Posted June 28, 2009 Author Share Posted June 28, 2009 Yes i can see because TheEnd show me by msn... that is why i post it! NOOB go translater before you post your english sux! I never show it to you ..... Link to comment Share on other sites More sharing options...
ĐarkSlayer Posted June 28, 2009 Share Posted June 28, 2009 I never show it to you ..... dont worry he tells same shits for everybody he tell that i told him to advertise my srv in overdose topic wtf he suck balls i asked from nitrous to ban him .. i wait for an answer Link to comment Share on other sites More sharing options...
panchio Posted June 28, 2009 Share Posted June 28, 2009 This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Emrys Posted June 28, 2009 Author Share Posted June 28, 2009 This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
xXSkillerXx Posted June 28, 2009 Share Posted June 28, 2009 [hide][/hide] So, if we find an open port, and we know the pass and the username of the connection, will we be able to connect to the Database? Or we can only connect via Port 3306? Link to comment Share on other sites More sharing options...
Emrys Posted June 28, 2009 Author Share Posted June 28, 2009 [hide] So, if we find an open port, and we know the pass and the username of the connection, will we be able to connect to the Database? Or we can only connect via Port 3306? nO YUO HAVE TO FIND mYSQL port.. Deafaut is 3306 Link to comment Share on other sites More sharing options...
xXSkillerXx Posted June 28, 2009 Share Posted June 28, 2009 nO YUO HAVE TO FIND mYSQL port.. Deafaut is 3306 So, would anyone bother to change the MySQL port? Most admins keep the default port, right? Link to comment Share on other sites More sharing options...
Emrys Posted June 28, 2009 Author Share Posted June 28, 2009 So, would anyone bother to change the MySQL port? Most admins keep the default port, right? yeah. Link to comment Share on other sites More sharing options...
Recommended Posts