Dictionnary attack | Defend the Web

Phrodom
10 years ago | edited 10 years ago

0

for the hash like in “real level 3”. This is a copy/paste of one of my previous post, as asked by paulau to put it here.

I finished that level yesterday when I found that I looked way to deep. I was trying to bruteforce with a C# program but it was way too long for the password and I had too much possibilities in both the username and the password. One of my friend found an algo to reverse the hash (pretty brilliant btw!) and again, too much possibilities and too long (but shorter then brute force). That’s when i found the thing that made me look stupid

Anyway, I came back on my left over code to finish it and I had the Idea to make a dictionary attack on it. I combined about all the dictionnary I could find on http://www.insidepro.com/dictionaries.php in one big file. My algo to crack it is pretty simple:

setting = 7 for username and 9 for password:
```
static void Main(string[] args)
{
StreamReader r = File.OpenText(“completeEnglish.txt”);
string password = “”;
do
{
password = “”;
if (makehash(password = r.ReadLine(), setting) == hash)
Console.WriteLine(password);
} while (!r.EndOfStream);
Console.WriteLine(“Not found”);
Console.ReadLine();
}

     public static long makehash(string str, int mult)  
    {  
        long hash = 0;  

        for (int j = 0; j < str.Length; j++)  

            hash = hash * mult + alpha.IndexOf(str.Substring(j, 1)) + 1;  

        return hash;  
    }

```

Anyway, I manage to get trough all with that! Usernames and password! And it does'nt event take 10 minutes! I am really proud!! :P

PS: I also have the reverse hash algo if you want to.
PPS: And the bruteforce one. Both are not finished though, but almost. This one is working perfectly.

[deleted user]
10 years ago

0

Is the above code only for Real Level 3?

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

I haven’t checked it yet; but you really need to brute-force the password if want to solve Real Level 3 in hard mode.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

[IAmDevil]
10 years ago

0

Well brute forcing should be the last option. At least i use brute force as a last weapon. True as @freewind1012 said if one needs the hard way then go for it. I don’t think the level takes more than 10~15 minutes to complete and you also learn alot about the common security flaws.
By a quick glance on the program it seems be good. :)

- @IAmDevil
Its good to be back! :D

Phrodom
10 years ago

0

@tlotr, it’s an algo to bruteforce from a dictionnary attack anything that uses the same hash algo than the “real level 3”. You can always put any algo of hash you want and use it.

@freewing, i passed the level without brute forcing, only by going logic. You’ll know when you do it. But I did this algo for the practice and it works in matter of minutes with a good dictionnary (mine is 1.5GB) for both username and password. One thing tough, using this technique you wont find the same username as the real one but you find one that you can use to get trough.

@IAmDevil, I’ve test it again and again, all is working perfectly ;) (according that you have a good dictionnary).

[IAmDevil]
10 years ago

0

Hmm? What do you mean by,
“One thing tough, using this technique you wont find the same username as the real one but you find one that you can use to get trough.”
I don’t get it! So if it doesn’t give the exact username or password that’s of no use then. :/

- @IAmDevil
Its good to be back! :D

Phrodom
10 years ago

0

Well the hash is a mathematical operation. You can get the same answer with multiple calculation. 2+2=4 as 1+3=4 also. Thats the same thing here. So you could theorically get multiple username or password in the end. For me, what happenned is that in the real username there is a space (“ ”) in it and my dictionnary only contain single words, no 2 words or more. So i got a username that give the same hash result but its not the same. Anyway, its the same hash in the end so when you put it in the web site it works as it is the same thing as the site have when it compares. The site in the real lvl 3 has the usernames non hash somewhere and when the request is madefor the page, the username are hassed and stored in m[][]. When you submit, it hasses what you give and compare the hashed answer with the m [][] to see if its the same thing.

Phrodom
10 years ago | edited 10 years ago

0

I’ve just runned it again to get it and the username I used is >> “Joa187”[/spoiler] with the real password. This is the list of username I got that all works fine:

[spoiler]
-Joa187
-copanek
-C345G7
-difo190

and the link to the real level 3 so you can try ;) :
https://www.hackthis.co.uk/levels/extras/real/3/login.htm

one hint: if you put only the username and no password (blank) and it’s a good username, you will get “Incorrect password”. If it’s a bad username you will get “Member not found”. No need to enter the password also to see if I’m right ;)

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

I already completed Real Level 3 long time ago. I know there are two ways to do that: easy or hard. But well, I was not enough interested to solve it in hard mode like you. :p

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Phrodom
10 years ago

0

@freewind1012 Ahaha yeah I understand you, I finished it the easy way before, but I needed something more to do as I finished all the levels (except Crypt 6 and 7 wich I am too lazy to do for the moment :P ) and as I am a programmer IRL (Job and school), I wanted to do something in my expertise :P it’s actually the first time I program a dictionnary or brute force program and it was really good knowledge and practice! :)

[IAmDevil]
10 years ago

0

So @Phrodom you a programmer. You can help out the site making some Coding levels. As far as i remember there are only two and comparatively easy than other levels.
You can just develop the logic for the level and the rest of html coding can be done by us! :)

- @IAmDevil
Its good to be back! :D