Simple PHP solution

[Jawdyn]

My friend has this problem, it needs a solution. I have no PHP experience, I don't know how to work with MD5 hash. A programming unit was compulsory on her course, but she completely fails on it. So let's be unethical and help her survive it.

 

thanks in advance

 

=====================

 

You are the website administrator for a website that requires a low level password

for entry. The previous owner of the website forget to code in a password recovery feature

and as such you now have to recover the passwords for a number of users of the website.

 

You do have acess to the website databse BUT you are NOT allowed to manually change the

passswords for users in the database as those passwords are heavily used in defining

what permissions a user of the website has. e.g Moderators for the website forum all have a password begining with the lower case letter "m" in lower case. ALL letters are lowercase.

 

Passwords were allocated to all users and the method of choice was to create a password which was built on two parts - a lowercase letter "m" and a number between 1 and 10000. An md5 hash was then created to form a 32 digit string.

 

e.g the user with password

 

"m1234" is represented in the database as the md5 hash: 77c12394ef7d4f23a8fa07d87309afd9

 

You have five users who need their orignal password. You know that the passwords all

start with the letter "m". You decide that the simplest thing to do is to write some PHP

code that uses a while loop to increment through the numbers 0 to 10000, concatenate that number with the "m" and then compare the md5 hash to that you recovered from the database. If the two hashes are the same then you have "cracked" the password.

 

This technique is known as a "brute force" method of cracking passwords.

 

You have a number of hashes to "crack" and you must enter the unique password into the answer box for each.

 

As a starting point, the following PHP snippet will produce all of the lowercase letters:

___________________________________

 

for ($i=97; $i<=122; $i++){
$x = chr($i);
echo $x;
}
?>

[ialsoagree]

The last part of the "problem" is confusing. "You have a number of hashes "to crack""? Okay, what number? 0? 10,000? I assume 5 because that's what was stated earlier?

 

As for the snippet, why do I need to write a function to echo the alphabet? That seems entirely unrelated to the problem.

 

So, ignoring that, you want to do something like this...

 

Assuming $array_of_passwords is an array of the databases's md5 hashes, with indexes 1-5 (that is, $array_of_passwords[1], $array_of_passwords[2], etc.)

 

foreach ($array_of_passwords as $key => $value) {
   $i=0;
   do {
      $i++;
      $possible_password = md5('m'.$i);
   } while ($possible_password != $value && $i < 10000)
   $decrypted_password[$key] = 'm'.$i;
}

 

$decrypted_password will be an array (with indexes 1-5) of the decrypted passwords, where the indexes in $decrypted_password correspond to the encrypted passwords in the indexes 1-5 of $array_of_passwords.

 

My solution doesn't deal with the possibility that the password is not of the form 'm' + a number between 1 and 10000, but from the problem description this is not a possibility.

[ddubs]

<?php
// Assuming $hashes is an array of 5 hashed passwords
for($i=0;$i<10000;$i++) {
  $test = md5('m'.$i);
  for($c=0;$c<count($hashes);$c++) {
    if($test == $hashes[$c]) {
      $passwords[] = $test;
    }
  }
}
var_dump($passwords);
?>

 

When the code finishes, all 5 passwords will be in the $passwords array.

 

Edit: That last part of the problem with the snippet seems to serve 2 purposes. 1 - Remind you of how a for loop is constructed. 2 - distract you into thinking the actual code itself was somehow useful for this application.