Hey all!
This is my last resort after having tried for days to figure it out.
An assignment asked me to create a program that would crack, with brute force, a password hashed in SHA1 (assuming it isnt salted, etc. its just basic)
I found an algorithm for generating strings of lower case letters and worked with it to check for matches to given SHA1 hashes.
What the program does, is takes in a SHA1 hash, and tries combinations of letters, hashing them, and matching them with the original.
Heres my code:
I need it to also use numbers 0-9 in addition to lowercase letters but I cannot for the life of me understand how to do itCode:import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Scanner; public class BruteForce { // a variable to remember the start time, use the following methods long timer = 0; void timeStart() { timer = System.currentTimeMillis(); } void timeStop(String s) { timer = System.currentTimeMillis() - timer; if (s.equals("showMs") || s.equals("")) { System.out.println("Time taken is " + timer + " milliseconds"); } else if (s.equals("showSec")) { System.out.println("Time taken is " + timer / 1000 + " seconds"); } else if (s.equals("showMin")) { System.out.println("Time taken is " + timer / 60000 + " munites and " + (timer % 60000) / 1000 + " seconds"); } } public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException { //user enters SHA1 hash string Scanner scanner = new Scanner(System.in); System.out.println("enter SHA1 hash string: "); String password = scanner.nextLine(); //cracker only uses lower case alpha letters char[] charset = "abcdefghijklmnopqrstuvwxyz".toCharArray(); //instantiate bruteforce object BruteForce bf = new BruteForce(charset, 1); //start the timer bf.timeStart(); String hashAttempt = ""; String attempt = bf.toString(); while (true) { if (hashAttempt.equals(password)) { bf.timeStop("showSec"); System.out.println("Password Found: " + attempt); break; } attempt = bf.toString(); hashAttempt = Conversion.SHA1(attempt); //System.out.println("Tried: " + attempt); bf.increment(); } } private char[] cs; // Character Set private char[] cg; // Current Guess public BruteForce(char[] characterSet, int guessLength) { cs = characterSet; cg = new char[guessLength]; Arrays.fill(cg, cs[0]); } public void increment() { int index = cg.length - 1; while (index >= 0) { if (cg[index] == cs[cs.length - 1]) { if (index == 0) { cg = new char[cg.length + 1]; Arrays.fill(cg, cs[0]); break; } else { cg[index] = cs[0]; index--; } } else { cg[index] = cs[Arrays.binarySearch(cs, cg[index]) + 1]; break; } } } public String toString() { return String.valueOf(cg); } }
Is it just an easy fix or is it a case of having to rework the whole algorithm to work with a character set including numbers???
Thanks ever so much in advance for any insight!
Bookmarks