code

Started this a lil while ago and didn't get to finish it (school suck's). It has been boring here lately so I figured I'd post it. All it does is check websites that provide reverse lookups of hashes. Its pretty fast but as of right now it only has three websites that it checks and the code isn't organized quite how I'd like it but once i get some more time I'll make it more snazzy. Any comments/remarks/questions/optimization tips are welcome about the code. Shit if you want add some code to it yourself an post it!

w3b_cr4ck started Tue Jun 21 13:45:35 2011

   +-++-++-+ +-+ +-++-++-++-++-+
   |w||3||b| |-| |C||r||4||c||k|
   +-++-++-+ +-+ +-++-++-++-++-+


     -h                 this screen
     -v                 be verbose
     -r                 randomize shit
     -s*                single hash
     -f*                file of hashes
     -t* [NUM(1-5)]     check NUM amount of sites for each hash

  * requires an argument

[0wn4ge@Operation-Titstorm test2]$ ./cr4ck -v -r -t2 -fhashes.txt

w3b_cr4ck started Tue Jun 21 13:46:10 2011

hashes.txtopened succesfully!


HASH TYPE : MD5
attempting to crack d47c174ed277bdf06cfc72763ab7970c

Checking http://md5crack.com/crackmd5.php
Checking http://hashcrack.com/index.php

d47c174ed277bdf06cfc72763ab7970c : COM


HASH TYPE : MD5
attempting to crack a2a551a6458a8de22446cc76d639a9e9

Checking http://md5crack.com/crackmd5.php
Checking http://hashcrack.com/index.php

a2a551a6458a8de22446cc76d639a9e9 : is


HASH TYPE : MD5
attempting to crack 6864f389d9876436bc8778ff071d1b6c

Checking http://md5crack.com/crackmd5.php
Checking http://hashcrack.com/index.php

6864f389d9876436bc8778ff071d1b6c : my


HASH TYPE : MD5
attempting to crack f04af61b3f332afa0ceec786a42cd365

Checking http://hashcrack.com/index.php

f04af61b3f332afa0ceec786a42cd365 : hero


HASH TYPE : MD5
attempting to crack f04af61b3f332afa0ceec786a42cd36e

Checking http://hashcrack.com/index.php
Checking http://md5crack.com/crackmd5.php
f04af61b3f332afa0ceec786a42cd36e : not found


HASH TYPE : MD5
attempting to crack f04af61b3f332afa0ceec786a42cd36c

Checking http://hashcrack.com/index.php
Checking http://md5crack.com/crackmd5.php
f04af61b3f332afa0ceec786a42cd36c : not found


cracked (4 / 6) valid hashes [ 66.67% ]```

main.cpp
http://pastebin.com/428d2sAQ
parse_args.hpp
http://pastebin.com/N38SpQLc
parse_args.cpp
http://pastebin.com/37hYvEGM
Literals.hpp
http://pastebin.com/5qpbSx7E
site_data.hpp
http://pastebin.com/kZK88RYL
site_data.cpp
http://pastebin.com/d05FGSdF
w3b_cr4ck.cpp
http://pastebin.com/SGkd4zRf
Makefile
http://pastebin.com/bgDanHYv
*EDIT*  Readme
http://pastebin.com/6CQPNDMJ

Just realized the help screen doesn't show the -r option which randomizes the order of the sites it checks but that feature is there.

Nice idea.

You could have just packaged it in an archieve and given it an incrimental version number, a bit easier than copy pasting code everything manually.

Perhaps just clarify a few details:

1. The expected file format of the input file Not described in the "Readme", I only say this to stop the developer (you) from tearing their (your) hairout being asked the same question time and time again.

2. Might be an idea to mention CURL is a required library, specify minimum compatability of library used if applicable.

A different approach might be for the speeding up option, to multi-thread, or otherwise process fork and use pipes to communicate, and "simulatneously" execute the lookup for each site and use a callback funcition to display any results.

A second idea would be to have a loadable / configurable list of hash sites, some may not use GET method to take input so maybe create another file format, take for example an INI or even a plaintext flat file:

INI analogy

[Websites]
Name1=Cracker Site 1
URL1=http://myfavecrakz0rsite.ext/path/to/crack0r/util.ext?GET=VARS&HERE=ETC
Method1=GET/POST
PostVars1=post=vars&here=etc

Flat file

Cracker Site 1
http://myfavecrakz0rsite.ext/path/to/crack0r/util.ext?GET=VARS&HERE=ETC
GET/POST
post=vars&here=

A third idea would be multiple hash type lookup support, doesn't have to magically identify hashes - though this can be coded I believe as other hash crackers manage to take a guess.

As I said, nice idea, keep working on it and I am sure it could become a useful tool.

Jim,

Thank's for the reply j4m32! Yeah I should have mentioned that lib-CURL is required. If I ever have enough time a to-do would be to remove that and just use standard sockets. Also my first crack at this used pthreads but the code was kinda of weird (http://pastebin.com/56kgv4N8) so I started from scratch. Threads would probably dramatically speed things up but network traffic would probably go up alot as-well. Also a config file would be excellent in-case the user has sites that he/she has that are private or not in my application and would just give better overall usability for the user. Again thanks for the reply buddy!

Shame I couldn't take a look at this before, but nice to see it up here. So, let's go through them files :D

main.cpp: In your set_hash_type function: it would not see a valid hash if the letters are capitalised. Furthermore, I dislike the use of FILE as a variable's name since it is the name of the struct for C style file operations. There are other things as well in the code that I personally would not use and it's mostly personal preference, but this one just really bugs me. I see a lot of checks for whether or not it is a single hash and thus what to do. An alternative would be to declare a function typedef and, for instance in your parse_args, assign the function that is to be used to a variable declared with that typedef. One function for file, other for single hash, then you just have to execute that variable, so to speak. I'd also never use float, we've got space, it's safe to use doubles. Seriously, fuck float.

parse_args.cpp: Another little thing that I personally dislike is when people set a static name for the program instead of using the argv[0] parameter. Granted, you can't have as fancy output as you want for this, but that way, the program could have any name and it'd be shown during execution as well. I would also not put an exit() call inside something to print usage, but that's really entirely personal preference. I just don't find it a good habit to make something that is there only to print information to force an exit. In set_top(), you do a lot of checking with string length and whatnot for atoi, it's unnecessary. Just send it the x, grab the return value and make the necessary checks. In the same function, you apparently only check for a value up to three, but the usage() indicates a value up to five. I presume that this is because it's still in the early stages since you only use three md5 sites in your literals.hpp and no sites for sha1 either. In parse_args(), you appear to use a non-standard function getopt, but I suppose that can be forgiven since you're very specifically targeting *nix and aren't looking for cross platform compatibility. However, you have a fucking long check at the end of it that could be shortened to this: markupif(ops.file_loc.empty()==ops.single_hash.empty())

With that in mind, it doesn't seem to me as if it would yet be worthy to be called v1.0. As j4m32 said, it would be nice to see you do some multithreading for this as well as perhaps leaving cURL behind and try it with some sockets yourself. I would love to take a look at the rest of it once it's in a much more finished stage. Normally I'd get in on it and help with the code, but I have projects of my own right now that I have to focus on. I suggest that you talk to stealth- about this, if I recall it right, he is learning not just C/C++ now, but is interested in messing about with socket programming. j4m32's suggestion of a configurable list for sites should definitely be considered. I would probably prefer a setup more along the lines of xml for it.

Woo thank's COM always appreciate your input! All your preferences are dually noted (and changed)! Yeah my history summer class ends in two weeks so after that I plan to kick ass and take names with this project. I got a bunch of other stuff in my code folder too. O and

if(ops.file_loc.empty()==ops.single_hash.empty()) derp… changed it and I can't believe my long as statement reduces to this XD good catch and logic!

Hmm… looks neat! Have you considered uploading this to GitHub? That would be far more effective than random pastebins, and people could fork it much more easily.

COM wrote: I would love to take a look at the rest of it once it's in a much more finished stage. Normally I'd get in on it and help with the code, but I have projects of my own right now that I have to focus on. I suggest that you talk to stealth- about this, if I recall it right, he is learning not just C/C++ now, but is interested in messing about with socket programming.

Yup, I've been tinkering around lately. I've vowed that I'm not going to accomplish anything at all this week except chilling out, as a relax time for having school over, but after that I might be interested in helping out if you wanted, skathgh. ^.^

stealth- wrote: but after that I might be interested in helping out if you wanted, skathgh. ^.^

I'd be delighted! I am free one week from now after my final so I'll have a good bit of spare time :D