API tools faq
paste
Guest User

POC

a guest
Feb 22nd, 2019
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 6.93 KB | None | 0 0
raw download clone embed print report
  1. #define _GNU_SOURCE
  2.  
  3. #include <stdio.h>
  4. #include <stdint.h>
  5. #include <stdlib.h>
  6. #include <unistd.h>
  7. #include <string.h>
  8. #include <getopt.h>
  9. #include <assert.h>
  10. #include <errno.h>
  11. #include <time.h>
  12. #include <limits.h>
  13.  
  14. typedef struct {
  15.     #define KEYLEN 256
  16.     uint32_t state[KEYLEN];
  17. } KEY;
  18.  
  19. typedef struct {
  20.     #define BUFLEN 16
  21.     uint32_t version;
  22.     unsigned char master_pass[BUFLEN];
  23. } HEADER;
  24.  
  25. typedef struct {
  26.     unsigned char site[BUFLEN * 2];
  27.     unsigned char user[BUFLEN];
  28.     unsigned char pass[BUFLEN];
  29. } ENTRY;
  30.  
  31. unsigned int startTime, timeElapsed;
  32. unsigned int startSeed;
  33. float seedsPerSecond;
  34. unsigned char master[BUFLEN] = "foo";
  35. unsigned int percentilModulo = (unsigned int)(UINT_MAX * .1);
  36.  
  37. enum
  38. {
  39.     SITE,
  40.     USER,
  41.     PASS
  42. };
  43.  
  44. char * const add_opts[] =
  45. {
  46.     [SITE] = "site",
  47.     [USER] = "username",
  48.     [PASS] = "password",
  49.     NULL
  50. };
  51.  
  52. static struct option longopts[] =
  53. {
  54.     { "help", no_argument,       0, 'h' },
  55.     { "crack", no_argument,       0, 'c' },
  56.     { "seqsize",  required_argument, 0, 's' },
  57.     { "vlevel",  required_argument, 0, 'v' },
  58.     { "sfrom",  required_argument, 0, 'f' },
  59.     { 0,      0,                 0,  0  }
  60. };
  61.  
  62. void help()
  63. {
  64.     fprintf(stderr,
  65.         "\nMilitary-Grade Password Cracker\n"
  66.         "Usage: ./passwd_cracker [options] [suboptions] <database>\n\n"
  67.         "--crack\n"
  68.         "\tBrute force the database\n\n"
  69.         "--sfrom 0-4294967295 (default 0)\n"
  70.         "\tSpecify where to begin in range of seed values. Useful for a distributed attack among multiple computers/cpus.\n\n"
  71.         "--seqsize 3-5 (default 5)\n"
  72.         "\tLess than 3 will result in too many false-positives, more than 5 may cause false-negatives.\n\n"
  73.         "--vlevel 1-5 (default 1)\n"
  74.         "\tVerbosity level. Shows progress at %%10, %%1, %%.1, %%.01, or %%.001 intervals.\n\n"
  75.     );
  76. }
  77.  
  78. void derive_key(KEY *key, uint32_t fakeSeed)
  79. {
  80.  
  81.     int i = 0;
  82.  
  83.     srand(fakeSeed);
  84.    
  85.     for (i = 0; i < KEYLEN; i++)
  86.         key->state[i] = rand() & 0xffff;
  87. }
  88.  
  89. void rc4_encrypt(KEY *key, unsigned char *data, const size_t len)
  90. {
  91.     uint32_t i = 0, t = 0, x = 0, y = 0;
  92.     uint32_t state[KEYLEN];
  93.  
  94.     memcpy(&state, key->state, sizeof(state));
  95.  
  96.     for (; i < len; i++)
  97.     {
  98.         x = (x + 1) % KEYLEN;
  99.         y = (y + state[x]) % KEYLEN;
  100.  
  101.         t = state[x];
  102.         state[x] = state[y];
  103.         state[y] = t;
  104.  
  105.         t = (state[x] + state[y]) % KEYLEN;
  106.         data[i] = state[t] ^ data[i];
  107.     }
  108. }
  109.  
  110. int crack(char *db, uint32_t fakeSeed, KEY key, HEADER hdr, ENTRY entry, char *byteSequence, int seqSize)
  111. {  
  112.  
  113.         derive_key(&key, fakeSeed);
  114.        
  115.         rc4_encrypt(&key, hdr.master_pass, BUFLEN);
  116.         rc4_encrypt(&key, entry.site, sizeof(entry.site));
  117.         rc4_encrypt(&key, entry.user, sizeof(entry.user));
  118.         rc4_encrypt(&key, entry.pass, sizeof(entry.pass));
  119.        
  120.         if(
  121.           ((memmem(hdr.master_pass,sizeof(hdr.master_pass),byteSequence,seqSize) != NULL)) ||
  122.           ((memmem(entry.site,sizeof(entry.site),byteSequence,seqSize) != NULL)) ||
  123.           ((memmem(entry.user,sizeof(entry.user),byteSequence,seqSize) != NULL)) ||
  124.           ((memmem(entry.pass,sizeof(entry.pass),byteSequence,seqSize) != NULL))
  125.           )
  126.         {
  127.             printf("\n%-32s\t%-16s\t%-16s\n", "SITE", "USERNAME", "PASSWORD");
  128.             printf("--------------------------------");
  129.             printf("--------------------------------");
  130.             printf("----------------\n");
  131.  
  132.             printf("%-32s\t%-16s\t%-16s\n", entry.site, entry.user, entry.pass);
  133.             printf("Seed value: %u\n", fakeSeed);
  134.             printf("Master Pass: %s\n", hdr.master_pass);
  135.         }
  136.         else if(fakeSeed > 1 && fakeSeed % percentilModulo == 0)
  137.         {
  138.             timeElapsed = time(0) - startTime;
  139.             seedsPerSecond = (float)(fakeSeed-startSeed)/timeElapsed;
  140.             printf("%u seeds of %u tried in %i seconds, %.2f seeds per second \n", fakeSeed - startSeed, UINT_MAX - startSeed, timeElapsed, seedsPerSecond);
  141.             printf("%.3f percent complete, ~%.2f hours left\n", ((float)(fakeSeed-startSeed)/UINT_MAX) * 100, ((UINT_MAX-(fakeSeed-startSeed))/seedsPerSecond) / 3600);
  142.         }
  143.        
  144.         return 0;
  145. }
  146. int main(int argc, char **argv)
  147. {
  148.     char *db = NULL, *site = NULL, *user = NULL, *pass = NULL;
  149.     char *subopt, *value;
  150.  
  151.     int opts = 0, idx = 0, ret = 0;
  152.     int _init = 0, _crack = 0, _add = 0;
  153.    
  154.     uint32_t fakeSeed = 0;
  155.     startSeed = 0;
  156.    
  157.     char *byteSequence;
  158.     int seqSize = 5;
  159.    
  160.     KEY key;
  161.     HEADER hdr;
  162.     ENTRY entry;
  163.     FILE *dbh;
  164.  
  165.     while (1)
  166.     {
  167.         if ((opts = getopt_long_only(argc, argv, "", longopts, &idx)) == -1)
  168.             break;
  169.  
  170.         switch (opts)
  171.         {
  172.             case 0:
  173.  
  174.                 if (longopts[idx].flag)
  175.                     break;
  176.  
  177.             case 'h':
  178.  
  179.                 help();
  180.                 return 0;
  181.  
  182.             case 'c':
  183.  
  184.                 _crack++;
  185.                 break;
  186.                
  187.             case 's':
  188.  
  189.                 seqSize = atoi(optarg);
  190.  
  191.                 break;
  192.                
  193.             case 'f':
  194.  
  195.                 startSeed = (unsigned int)strtoul(argv[1], NULL, 0);
  196.                 fakeSeed = startSeed;
  197.  
  198.                 break;
  199.                
  200.             case 'v':
  201.  
  202.                     switch (atoi(optarg))
  203.                     {
  204.                         case 1:
  205.                             percentilModulo = (unsigned int)(UINT_MAX * .1);
  206.                             break;
  207.                         case 2:
  208.                             percentilModulo = (unsigned int)(UINT_MAX * .01);
  209.                             break;
  210.                         case 3:
  211.                             percentilModulo = (unsigned int)(UINT_MAX * .001);
  212.                             break;
  213.                         case 4:
  214.                             percentilModulo = (unsigned int)(UINT_MAX * .0001);
  215.                             break;
  216.                         case 5:
  217.                             percentilModulo = (unsigned int)(UINT_MAX * .00001);
  218.                             break;
  219.                         default:
  220.                             percentilModulo = (unsigned int)(UINT_MAX * .1);
  221.                     }
  222.  
  223.                 break;
  224.                
  225.             default:
  226.                 abort();
  227.         }
  228.     }
  229.  
  230.     if (optind == argc)
  231.     {
  232.         fprintf(stderr, "Error: database required\n");
  233.  
  234.         return -1;
  235.     }
  236.  
  237.     assert(db = strdup(argv[optind]));
  238.  
  239.     if (_crack)
  240.     {
  241.        
  242.         if ((dbh = fopen(db, "r")) == NULL)
  243.         return errno;
  244.  
  245.         fread(&hdr, sizeof(hdr), 1, dbh);
  246.    
  247.         fread(&entry, sizeof(entry), 1, dbh);
  248.        
  249.         startTime = time(0);
  250.        
  251.         byteSequence = calloc(sizeof(char),seqSize);
  252.        
  253.         while( fakeSeed < UINT_MAX )
  254.         {
  255.             if ((ret = crack(db, fakeSeed, key, hdr, entry, byteSequence, seqSize)) != 0)
  256.                 fprintf(stderr, "Error: %s\n", strerror(ret));
  257.             fakeSeed++;
  258.         }
  259.        
  260.         fclose(dbh);
  261.  
  262.         return ret;
  263.     }
  264.  
  265.     return -1;
  266. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!