SHOW:
|
|
- or go back to the newest paste.
| 1 | #include <string> | |
| 2 | #include <map> | |
| 3 | #include <fstream> | |
| 4 | #include <iostream> | |
| 5 | #include <sstream> | |
| 6 | using namespace std; | |
| 7 | ||
| 8 | //Text file called pwlist.txt | |
| 9 | //Duncan,WANIS | |
| 10 | //James,OOIWDFV | |
| 11 | ||
| 12 | void main(){
| |
| 13 | map<string,string> pws; | |
| 14 | ||
| 15 | ifstream pf("pwlist.txt");
| |
| 16 | for(string pw, user, line; pf.good() && getline(pf,line);pws.insert(pair<string,string>(user,pw))) | |
| 17 | {
| |
| 18 | stringstream strm(line); | |
| 19 | getline(strm,user,','); | |
| 20 | getline(strm,pw,','); | |
| 21 | }; | |
| 22 | pf.close(); | |
| 23 | ||
| 24 | - | cout<<('D'^116);
|
| 24 | + | |
| 25 | cout<<"Please enter username:\n"; | |
| 26 | cin>>username; | |
| 27 | cout<<"Please enter password:\n"; | |
| 28 | cin>>password; | |
| 29 | ||
| 30 | for( unsigned int i = 0; i < password.size(); ++i ) | |
| 31 | {
| |
| 32 | //A little bit encrpyted just to spice things up | |
| 33 | password[i] = 'A'+(password[i]^username[i%username.size()])%26; | |
| 34 | } | |
| 35 | ||
| 36 | if ( pws.find(username) != pws.end() && pws.find(username)->second == password ) | |
| 37 | {
| |
| 38 | cout<<"Correct Login Well Done!\n"; | |
| 39 | } | |
| 40 | else | |
| 41 | cout<<"Incorrect please do not try again!\n"; | |
| 42 | ||
| 43 | //Now to see if we can create a cracker. | |
| 44 | //The encrypted password is what needs to be modified we want another password that will colide | |
| 45 | //Assume we know the first pw char is W and real pw is R and the username is Duncan | |
| 46 | //R^D = 82^68 = 22 | |
| 47 | //22%26 = 22 | |
| 48 | //22+'A' = 'W' | |
| 49 | //So we need something else that creates W | |
| 50 | //So we need something so that x%26 = 22 | |
| 51 | //x could be 22+26*anything lets try 48 | |
| 52 | //So what ^ with 'D' = 48 well 116 does | |
| 53 | //116 = 't' therefore t would work instead of 'R' | |
| 54 | //And sure enough that came out correct so we have a collision. | |
| 55 | ||
| 56 | //We can work out all possible passwords from the password list as follows. | |
| 57 | //Remember max char is 128 128/26 = ~4.9 | |
| 58 | //Assume passwords are in the range 32-126 ie special chars, chars, numerical | |
| 59 | ||
| 60 | username = "James"; | |
| 61 | string encryptedpw = pws.find(username)->second; | |
| 62 | ||
| 63 | for( unsigned int i = 0; i < encryptedpw.size(); ++i ) | |
| 64 | {
| |
| 65 | int beforemod = encryptedpw[i]-'A'; | |
| 66 | cout<<"Character "<<i<<" is one of: "; | |
| 67 | for( ; beforemod < 128; beforemod+=26 ) | |
| 68 | {
| |
| 69 | char possible = (char)beforemod^username[i%username.size()]; | |
| 70 | if ( possible > 31 && possible < 127 ){
| |
| 71 | cout<<possible<<", "; | |
| 72 | } | |
| 73 | } | |
| 74 | cout<<endl; | |
| 75 | } | |
| 76 | //From this response it is clear that it would still take a small amount of work to | |
| 77 | //calculate the original. Although ultimatly it doesn't matter as we have now a list | |
| 78 | //of valid passwords. | |
| 79 | ||
| 80 | //Pause until we are done | |
| 81 | cin>>username; | |
| 82 | } |
