PHP class to brute force a password hash

If you ever have to test password hashing strength, or just play to be a cracker for a bit, this class might help you get started with brute force attack methods.

 // Based off: http://eternalrise.com/blog/brute-force-php-script/
 class hash_brute_force {
   // Target password hash
   var $hash;
   // Map of characters used to generate test passwords
   var $charset;
   // Calculated lenght of charset map
   var $charset_length;
   // Found password
   var $password;
 
   function check($password) {
     // Using crypt() function to generate hashes
     // Alternatives are: md5(), sha1() and hash().
     $test_hash = crypt($password, $password);
     if ($test_hash == $this->hash) {
       $this->password = $password;
       return TRUE;
     }
     return FALSE;
   }
 
   function recurse($width, $position, $base_string) {
     for ($i = 0; $i < $this->charset_length; ++$i) {
       if ($position < $width - 1) {
         if ($this->recurse($width, $position + 1, $base_string . $this->charset[$i])) {
           return TRUE;
           break;
         }
       }
       $test_password = $base_string . $this->charset[$i];
       if ($this->check($test_password)) {
         return TRUE;
       }
     }
     return FALSE;
   }
 
   function find($hash, $max_length) {
     $this->hash = $hash;
     $this->charset = 'abcdefghijklmnopqrstuvwxyz';
     $this->charset .= '0123456789';
     $this->charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
     $this->charset .= '~`!@#$%^&*()-_\/\'";:,.+=<>? ';
     $this->charset_length = strlen($this->charset);
 
     return $this->recurse($max_length, 0, '');
   }
 }

How to use it?

 function find_my_pass($hash) {
   $test = new hash_brute_force();
   $result = $test->find($hash, 5);
   if ($result !== FALSE) {
     print "Your password is: \n" . $test->password;
   }
   else {
     print 'No password found :(';
   }
 }

Regards! (I guess…)

Programming


QR Code
QR Code php_class_to_brute_force_a_password_hash (generated for current page)