Pw_crack_CS_pcarabas

1. #include <iostream>
2. #include <list>
3. #include <cstring>
4. #include <crypt.h>
5. #define MAX_LEN 5
6.  
7. using namespace std;
8.  
9. char null[] = {'\0'};
10. string SALT = "$6$XPmWkpus$";
11. string ENCRYPTED_PASS = "$6$XPmWkpus$jZiSDOKdMMRZQhaCLULUO9baoau4D3Vot7tKNFqJQkStExZp9afA9rHnZ6iih8khjfkZLUbgKWIvIKQUKr7dL1";
12.  
13. list<char*> pwlist;
14. list<char*> correct_pwlist;
15.  
16. char* available_chars = "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()";
17. char* prefix = ">>>:::sec20f:::<<<";
18. char* suffix = "@x(h";
19. int LEN_PREFIX = 18;
20. int LEN_SUFFIX = 4;
21.  
22. // check if the pw and salt are matching the hash
23. int check_password(char* pw, char* salt, char* hash)
24. {
25.     char* new_pw = new char[MAX_LEN + LEN_SUFFIX + LEN_PREFIX + 1];
26.     memcpy(new_pw, prefix, LEN_PREFIX);
27.     strcat(new_pw, pw);
28.     strcat(new_pw, suffix);
29.     printf("%s\n", new_pw);
30.     char* res = crypt(new_pw, salt);
31.     for (unsigned i = 0; i<strlen(hash); i++)
32.         if (res[i]!=hash[i])
33.             return 0;
34.     cout << "match !!!" << "\n";
35.     return 1;
36. }
37.  
38. // builds passwords from the given character set
39. // and verifies if they match the target
40. char* exhaustive_search(char* salt, char* target)
41. {
42.     char* current_password;
43.     char* new_password;
44.     char* pw;
45.     int current_len;
46.    
47.     // set first 3 chars of pw
48.     pw = new char[6];
49.     pwlist.push_back(pw);
50.     correct_pwlist.push_back(pw);
51.  
52.     while(true){
53.        
54.         // test if queue is not empty and return null if so
55.         if (correct_pwlist.empty())
56.             return null;
57.        
58.         // get the current current_password from queue
59.         current_password = correct_pwlist.front();
60.         current_len = strlen(current_password);
61.        
62.         //  check  if  current  password  is  the  target  password,  if  yes  return  the current_password
63.         if(current_len == MAX_LEN && check_password(current_password, salt, target))
64.             return current_password;
65.                 //  else  generates  new  passwords  from  the  current  one  by  appending each possible ASCII char
66.         current_len = strlen(pwlist.front());
67.         while(current_len < MAX_LEN){
68.             current_password = pwlist.front();
69.             current_len = strlen(current_password);
70.            for (int ch = 0; ch < strlen(available_chars); ch++){
71.                 new_password = new char[current_len + 2];
72.                 memcpy(new_password, current_password, current_len);
73.                 new_password[current_len] = char(available_chars[ch]);
74.                 new_password[current_len+1] = '\0';
75.                 pwlist.push_back(new_password);
76.                 if (strlen(new_password) == MAX_LEN){
77.                     correct_pwlist.push_back(new_password);
78.                 }
79.             }
80.             pwlist.pop_front();
81.             if(current_len == MAX_LEN - 1){
82.                 break;
83.             }
84.         }
85.         // now remove the front element as it didn't match the password
86.         correct_pwlist.pop_front();
87.     }
88. }
89.  
90. int main()
91. {
92.     char* salt;
93.     char* target;
94.     char* password;
95.    
96.     //convert the salt from string to char*
97.     salt = new char[SALT.length()+1];
98.     copy(SALT.begin(), SALT.end(), salt);
99.  
100.     //convert the hash from string to char*
101.     target = new char[ENCRYPTED_PASS.length()+1];
102.     copy(ENCRYPTED_PASS.begin(), ENCRYPTED_PASS.end(), target);
103.  
104.     //start the search
105.     password = exhaustive_search(salt, target);
106.     if  (strlen(password)!= 0)
107.         cout << "Password  successfuly  cracked: "  << password << "  \n";
108.     else
109.         cout << "Failure to find password \n";
110. }
111.