Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Java 16


ghost's Avatar
0 0

So i've arrived at challange 16 and know the following: -12 characters -charset is limited to: azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@ -word####word -checksum: 88692589 -this challenge needs to be brute forced

Now for my idea: Would there be too much of a time inhibition if i were to code a bruteforcer that would pull 3 strings from "3" files. and string them together then check that against the checksum? Like pull word1 + number + word2 and run that?

I think i might skip this challenge…


ghost's Avatar
0 0

Well, there was already an existing thread on this challenge, but sure, we can do another starting at the point the other left off. So, we know the format is word - number (4 digits) - word and it's a total of 12 chars. We can pretty much guess at what the number most likely is, so that just leaves the words.

Really, the most convenient way to do this would probably be to take a REALLY good wordlist (nice, big Argon one or something) and just strip out the words that fit the expected format into another file. Then, you could single-step through the file with one file handle and try every other word against it with another file handle. For instance:

a + a, a + an, a + ant, an + a, etc. …

(That's just an example of the logic if the wordlist had only those 3 words.)

Make sure you try it against the checksum before you write the output to any sort of result file. No sense in getting any more false positives than you already will. Good luck.


ghost's Avatar
0 0

Zephyr_Pure wrote: We can pretty much guess at what the number most likely is, so that just leaves the words. . hrm? how would you guess what the number is? I've been single stepping through 0000-9999


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

Apply some common sense maybe ?


ghost's Avatar
0 0

thanks @ pvt <3.


ghost's Avatar
0 0

Tak11 wrote: [quote]Zephyr_Pure wrote: We can pretty much guess at what the number most likely is, so that just leaves the words. . hrm? how would you guess what the number is? I've been single stepping through 0000-9999[/quote]

A brute forcer I tried I did the same thing; but he seems to be implying the number used in the middle is &* 0* 4 * **a, which would make this challenge 1000000X easier.


ghost's Avatar
0 0

I just started this challenge. I have a wordlist that's approximately 21Mb, and I'm trying to eliminate all of the words that have more than 7 characters. (PHP)

Here is my code

&lt;?php
$file = &quot;general.txt&quot;;
$lines = count(file($file));

$words = fopen(&quot;hello.txt&quot;, &#39;w&#39;) or die(&quot;Can&#39;t open &#39;hello.txt&quot;);
$fh = fopen($file, &#39;r&#39;) or die(&quot;Can&#39;t open $file&quot;);

for( $i = 0; $i &lt;= $lines; $i++ ){
$current = fgets($fh);
if ( strlen( $current ) &lt; 8 ){
fwrite( $words, $current );
}
}

fclose($fh);
fclose($words);
?&gt;

Whenever I open the page, it seems like it's working okay. I don't get any errors or anything, but when I look in the directory, there is no 'hello.txt'.

It only happens when I use this wordlist though. If I use smaller wordlists, it creates the directory and everything works fine.

Any ideas how I could resolve this without directly opening the file to split it up?


ghost's Avatar
0 0

s3klyma wrote:

Any ideas how I could resolve this without directly opening the file to split it up? does your file contain only 4 letter words? if not write a little script to filter out all but those,