Search the Community

Propun o noua problema, una care poate parea putin mai ciudata, dar este destul de interesanta. Dat orice interval orar (ora de pe ceas, efectiv), acesta se poate converti in cuvinte din limbaj natural, sub forma urmatoare: Pentru o valoare a minutului data, asta inseamna (notat cu m) cand m = 0, atunci se foloseste o' clock cand 1 <= m <= 30, atunci se foloseste past cand m > 30, atunci se foloseste to Se cere scrierea unei functii care returneaza timpul dat sub forma de text, in limbaj natural, respectand regulile de mai sus. Ca input, se dau doua valori intregi si naturale, notam h si m, unde h reprezinta ora, iar m reprezinta minutul. Constrangeri 1 <= h <= 12 0 <= m < 60 Exemple Pentru h = 5 si m = 47, rezulta "thirteen minutes to six" Pentru h = 3 si m = 00, rezulta "three o' clock" Pentru h = 7 si m = 15, rezulta "quarter past seven" Limbajul care va fi folosit este la alegere libera. Sunt acceptate toate solutiile, indiferent de complexitatea timp, dar trebuie incercat sa se rezolve in O(1). O solutie personala va fi pusa ulterior. Spor!

De data aceasta, propun un challenge care nu necesita prea multe cunostinte in structuri de date, ci o logica buna. O definitie necesara: In matematica, un numar Kaprekar, pentru o baza data, este un numar intreg si pozitiv, al carui valoare ridicata la patrat, in aceeasi baza, poate fi impartita in doua bucati, iar suma numerelor din aceste doua bucati rezulta efectiv in numarul original. Numarul se imparte in doua parti egale (sau +1 la una dintre parti, atunci cand este un numar impar de cifre), nu se fac "variante". Exemplu: 45 este un numar care respecta regula (numar Kaprekar), deoarece 45² = 2025 si 20+25 = 45. Alte exemple: 9 respecta regula, deoarece 9² = 81 si 8+1 = 9; 297 respecta regula, deoarece 297² = 88209 si 88 + 209 = 297. ATENTIE: Aceasta nu reprezinta definitia oficiala in totalitate, este o variatie, problema trebuie rezolvata pe baza la ce se spune aici. A se observa ca in ultimul exemplu, numarul ridicat la patrat se imparte intr-o bucata de lungime doi si celalalta de lungime trei, deoarece are un numar impar de cifre, fata de cazurile in care ar fi un numar par de cifre. De asemenea, trebuie avut grija, daca una dintre cele doua bucati incepe cu un 0. Se dau doua numere intregi, p si q, si se cere sa se afiseze toate numerele Kaprekar din respectivul interval (inclusiv p si q); 0 < p < q < 100000 Exemplu: p = 1, q = 100; se va afisa "1 9 45 55 99", acestea fiind numerele care respecta regula. Limbajul care va fi folosit este la alegere libera. Solutiile cu complexitate timp mai mare decat O(N) sunt respinse. O solutie personala va fi pusa ulterior. Spor!

Propun o noua problema care necesita o logica buna. Se da un array de numere intregi si pozitive. Singura alterare permisa a elementelor din array este incrementarea acestora, strict cu valoarea 1. Toate numerele din array trebuie sa devina pare, intr-un final, cu un numar minim de incrementari, dar respectand regula urmatoare: atunci cand se face o incrementare pe pozitia i din array, in mod obligatoriu se face incrementare fie pe pozitia i-1, fie pe pozitia i+1. Se cere returnarea numarului minim de incrementari, astfel incat, in final, toate numerele din array sa fie pare. In cazul in care input-ul nu este valid, deci nu se poate ajunge la un rezultat corect, se va returna -1. Constrangeri: Se considera N a fi numarul de elemente din array, iar 2 <= N <= 1000 1 <= V[i] <= 10, iar 0 <= i <= N-1 Exemplu #1: Se da V = [4,5,6,7]. Se face incrementare, la primul pas, pe i = 2 si respectiv i = 3, deci va rezulta array-ul V = [4,5,7,8]. Acum, la pasul urmator, se va face incrementare pe i = 1 si respectiv i = 2, deci va rezulta array-ul V = [4,6,8,8]. In final, se intoarce numarul de incrementari facute, mai exact 4. Exemplu #2: Se da V = [2,3,4,5,6]. Se face incrementare, la primul pas, pe i = 1 si respectiv i = 2, deci va rezulta array-ul V = [2,4,5,5,6]. Acum, la pasul urmator, se va face incrementare pe i = 2 si respectiv i = 3, deci va rezulta array-ul V = [2,4,6,6,6]. In final, se intoarce numarul de incrementari facute, mai exact 4. Exemplu #3: Se da V = [1,2]. Oricum s-ar face incrementare, una dintre valori va fi mereu para, iar cealalta impara. Prin urmare, nu se poate ajunge la un rezultat corect, deci se intoarce -1. Limbajul care va fi folosit este la alegere libera. Sunt acceptate toate solutiile, indiferent de complexitatea timp, dar trebuie incercat sa se rezolve in maxim O(N). O solutie personala va fi pusa ulterior. Spor!

Citeam articolul de pe wikipedia despre Markov Chain (Link) si am spus sa incerc sa il implementez repede in Python. Link catre script. Am sa pun si un asciinema cand am timp ca imi face niste mofturi acum si nu am timp sa il rezolv. Aici e 'algoritmul' : * It eats exactly once a day. * If it ate cheese today, tomorrow it will eat lettuce or grapes with equal probability. * If it ate grapes today, tomorrow it will eat grapes with probability 1/10, cheese with probability 4/10 and lettuce with probability 5/10. * If it ate lettuce today, tomorrow it will eat grapes with probability 4/10 or cheese with probability 6/10. It will not eat lettuce again tomorrow. EDIT: Link catre 'demonstratie' https://asciinema.org/a/sKiuIfAeoaelS1zotA5TOt6zZ

New Computer Algorithm Learns Rap Lyrics and Writes Its Own Rap Song Have you ever wondered how musicians write music? Do you think its possible to technically generate a composition and write lyrics to music? Like writing a program that could compose and simulate a song? Understanding and creating music by humans has always been a very mysterious concept owing to the complexity of the human brain. However, this certain genre of music called rap music was able to be simulated through an algorithm that gleans rap lyrics based on rhyming from a collective database of rap songs and produces a song on its own song – a project called “DeepBeat”. Rap music generally has a steady beat, a story line of some sort and a rhyming scheme. This led to a team of researchers to write an algorithm that is able to produce a song on its own. So these researchers, keeping in mind these collective rules, have done a widespread research on rap music and then put efforts to have a computer create its own rap songs. The research consisted of gathering more than a 10,000 rap songs, with over a 100 artists represented and putting the lyrics into a database. Then, routine was written and executed that looked at rhyming in the songs, most particularly , those called assonance, which is where similar vowel sounds are repeated. The researchers concluded that this rhythm and rhyming pattern was rampant in the rap lyrics and therefore, decided to make a feature of their song using algorithm. Before the algorithm could be written however, a neural network had to be created to examine the lyrics in the database and learn something about the rhyming that was present in them, and when it had to be placed etc. Then the algorithm was written, which works by scanning the lyrics, then using information from the neural network to pick a line that could be used – over and over until a complete song has been written. All that said and done, the rap song generated did resemble a rap song but it lacked emotion, something that any good song should have; despite the rhythm and lyrics. I mean, teach a computer emotions and it might just take a step ahead of humans! But I bet this rap song algorithm is much better than many rap artists today though. Recommended: Some of the Weirdest and Awesomest Music Genres You Probably Have Never Heard Of. New Computer Algorithm Learns Rap Lyrics and Writes Its Own Rap Song

Introduction In this mini-course, we will learn about various aspects of cryptography. We’ll start with cryptography objectives, the need for it, various types of cryptography, PKI, and we’ll look at some practical usage in our daily digital communication. In this mini-course, I will explain every detail with an example which end users can perform on their machines. What is cryptography and why it is required? Today, digital communication has become far more important than what it was a decade ago. We use internet banking, social networking sites, online shopping, and online business activities. Everything is online these days, but the internet is not the most secure means to conduct all those activities. Nobody would want to do an online transaction with communication from their machine to their bank through an open channel. With cryptography, the channel secured between different entities which helps to do business activity in a more secure fashion. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read it. Cryptography is a broad term which includes sub disciplines and very important concepts such as encryption. Let’s get into the main objectives of cryptography. Cryptography Objectives C-Confidentiality: Ensuring the information exchanged between two parties is confidential between them and is not visible to anyone else. I-Integrity: Ensuring that message integrity is not changed while in transit. A-Availability: Ensuring systems are available to fulfill requests all the time. Here are some additional concepts: Authentication: To confirm someone’s identity with the supplied parameters, such as usernames, passwords, and biometrics. Authorization: The process to grant access to a resource to the confirmed identity based on their permissions. Non-Repudiation: To make sure that only the intended endpoints have sent the message and later cannot deny it. Cryptography key definitions Here’s some cryptographic key terminology: Plaintext: The original raw text document onto which encryption needs to be applied. Ciphertext: When we apply encryption to a plaintext document, the output is ciphertext. Encryption: Encryption is the process of converting plaintext to ciphertext using an encryption algorithm. We have different types of encryption available today like symmetric, asymmetric and hybrid encryption. We will discuss them in depth later in the course. Encryption algorithm: An encryption algorithm is a mathematical procedure for converting plaintext into ciphertext with a key. Various examples of encryption algorithms include RSA, AES, DES, and 3DES. Key-length: Choosing an encryption algorithm with an appropriate keysize is an important decision to make. The strength of the key is usually determined by keysize, or the number of bits. Thus, the larger the bit size of a key, the more difficult it is to break the key. For example, with a key which has a bit length of 5, the key will have only 2^5 or 32 combinations. That’s pretty easy to break considering today’s computation methods. That’s why older algorithms like WEP (40 bits) & DES (56 bits) are considered obsolete and now much more powerful algorithms with larger key sizes, such as AES (128 bits), are now used. Hash: A hash value, also called a message digest, is a number generated from a string of text. As per the hash definition, no two different texts should produce the same hash value. If an algorithm can produce the same hash for a different string of text, then that algorithm is not collision free and can be cracked. Various examples of hash algorithm are MD2, MD5 and SHA-1 etc. Digital signature: Digital signature is the process of making sure that the two entities talking with each other can establish a trust relationship among them. We will take a look at its practical demonstration later in this document. Source Part2 Part3 Part4 Part5

The US National Security Agency (NSA) has offered some sort of apology for pushing insecure cryptography solutions to businesses, describing it as a "regrettable" move. Michael Wertheimer, director of research at the NSA, made the admission about the agency's support of the widely criticised Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in a letter published by the American Mathematical Society (PDF). Dual EC DRBG is a random number generator used by numerous encryption systems that was supported by the NSA throughout the 2000s. The NSA endorsement was a key factor that led the US National Institute of Standards and Technology (NIST) to list the generator as trustworthy. Security firm RSA subsequently integrated Dual EC DRBG into its widely used BSAFE toolkits, despite research from Microsoft and private experts, including cryptography expert Bruce Schneier, suggesting there were backdoors in the system. Reports subsequently broke alleging that the NSA paid RSA $10m to load the tool with the flawed algorithm. RSA has consistently denied this claim. The allegations gained new weight in 2014 when documents leaked by Edward Snowden suggested that ties between the NSA and RSA were deeper than first thought. Addressing these claims, Wertheimer said: "With hindsight, the NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. "In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable." He added that the reason for the continued support was a mistaken belief that deploying a new algorithm would be too costly. "The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm," read the letter. "Indeed, we support NIST's April 2014 decision to remove the algorithm. Furthermore, we realise that our advocacy for the Dual EC DRBG casts suspicion on the broader body of work the NSA has done to promote secure standards." Wertheimer went on to apologise to the maths research community and request that they "continue" to trust the NSA. "NSA mathematicians are fighters in the war on international terrorism, weapons of mass destruction proliferation, narcotics trafficking and piracy," read the report. "It is my sincerest hope that the American Mathematical Society will always see NSA mathematicians as an important part of its membership. "I further hope that dialogue on important issues will always be respectful, informed and focused on inclusivity." The claim has divided the security community, some expressing sympathy towards the NSA and others questioning its cries of innocence. Professor Alan Woodward, of the School of Computer Science at University of Surrey, told V3 that the dangers of pushing a faulty security system far outweigh the benefits for intelligence agencies, such as the NSA. "It is worth remembering that part of the NSA's role is to help secure US government communications as well as gathering foreign intelligence," he said. "It's a bit of a truism but worth repeating: if you deliberately weaken encryption for one set of people whom you consider adversaries, you will weaken it for those you seek to protect as well. "I can imagine that the NSA and every single other signals interception organisation are looking for ways to decrypt internet-based communications. "But I think most realise the dangers of trying to deliberately weaken what is in use. At least I really hope they do." Matthew Green, assistant research professor at the Information Security Institute of Johns Hopkins University, was less positive, pointing out that the NSA still hasn't said why it pushed the standard in the first place, given its technical expertise. "On closer examination, the letter doesn't express regret for the inclusion of Dual EC DRBG in national standards," he noted in a public post. "The transgression Dr Wertheimer identifies is merely that the NSA continued to support the algorithm after major questions were raised. That's bizarre. "It troubles me to see such confusing statements in a publication of the American Mathematical Society. As a record of history, Dr Wertheimer's letter leaves much to be desired, and could easily lead people to the wrong understanding. "Given the stakes, we deserve a more exact accounting of what happened with Dual EC DRBG. I hope someday we'll see that." Wertheimer's comments come during a heated debate about encryption. UK prime minister David Cameron announced plans on 13 January to block encrypted services as a part of a wave of new surveillance laws. Source

In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. Then, in 2007, well into the life of Dual EC, researchers at Microsoft delivered a talk at a conference that detailed the potential for a backdoor in the algorithm. Still, both the NSA and NIST, which approves technical standards for the United States government, stood by the algorithm. Dual EC was mostly forgotten until late 2013 when allegations emerged that the NSA may have had a secret $10 million contract with RSA Security that prompted the vendor to make Dual EC–which was then known to be weak–the default random number generator in some of its key crypto products. NIST last year removed Dual EC from its guidance on random number generators. “I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” crypto pioneer Bruce Schneier told Threatpost in September 2013. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified.” The NSA came under heated criticism for the Dual EC episode, and now one of the agency’s top officials has said it was a mistake for the NSA not to have withdrawn its support for the algorithm after the weaknesses were raised years ago. “With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable,” Wertheimer wrote in a piece in Notices’ February issue. “The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to ‘undermine Internet encryption.'” Wertheimer said that the agency is trying to combat that perception by changing the way that it contributes to standards efforts in order to be more transparent and accountable. “One significant, and correct, change is that all NSA comments will be in writing and published for review. In other words, we will be open and transparent about our cryptographic contributions to standards. In addition, we will publish algorithms before they are considered for standardization to allow more time for public scrutiny,” Wertheimer wrote. “With these measures in place, even those not disposed to trust NSA’s motives can determine for themselves the appropriateness of our submissions, and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android.” Source

Arata bine, incepe astazi. Hello everyone! Felicity, the annual festival of IIIT Hyderabad, brings to you Felicity Threads 2014, the tenth annual edition of the celebration of spirit of computing and engineering. We bring to you a wide range of online contests in various fields of programming and mathematics. Our series of online events includes contests on algorithmic programming (Codecraft), parallel programming (Kernel Cruise), combinatorial search and game playing bot design (Strange Loop), and an unconventional programming challenge (Time Limit Exceeded). Our second event, after Gordian Knot, a math contest, is Break In. Break In, is a Jeopardy-style Capture The Flag (CTF) contest, starting on 1800 IST (1230 UTC), January 11, Saturday for 36 hours. It will be filled with challenges from diverse areas of systems programming and security (description here [1]). Participants will have to crawl the depths of the web, pry open encrypted exchanges and reverse engineer binaries to finally emerge victorious. The only prerequisite to participate is the urge to learn. Let us learn and rejoice the spirit of computing and engineering together. There are exciting prizes for the event too! So be prepared for some and to know more about Threads, visit us at : Threads | Felicity [2] Sincerely, Threads 2014 Team Links: ------ [1] Break In | Threads [2] Threads | Felicity

Description: MorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. As of version 1.1 MorxCrack supports the following algorithms: MD5 MD5 (Twice) MD5 (PasswordSalt) MD5 (SaltPassword) SHA1 SHA1 (Twice) SHA1 (PasswordSalt) SHA1 (SaltPassword) SHA2 (256 Bits) SHA2 (512 Bits) MySQL (4.1+) Crypt UNIX (Shadow) And the following CMS: Joomla Wordpress (PHPass) VBulletin InvisionPowerBoard Author: Simo Ben youssef <Simo_at_morxploit_dot_com> MorXploit Research Version: MorXCrack V1.1 Beta MD5: 14d0295d3c9b7fd96f5ff2e8b9ca43a8 Release date: April 08 2013 Download: #!/usr/bin/perl -w # # Tool: MorxCrack v1.1 # Author: Simo Ben youssef # Contact: simo_at_morxploit_dot_com # Release date: 24 March 2013 # MorXploit Research # http://www.morxploit.com # # Download: # http://www.morxploit.com/morxcrack # # v1.1 Changes: # Added crack stats. # # Description: # Tool written in perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. # # Currently supports the following algorithms: # MD5 # MD5 (twice) # SHA1 # SHA2 (256/512) # MySQL (4.1+) # Crypt UNIX (Shadow) # # Currently supports the following CMS: # Joomla # Wordpress (PHPass) # VBulletin # InvisionPowerBoard # # Usage: # perl morxcrack.pl <algorithm> <hash> <wordlist> <salt> # perl morxcrack.pl sha hash wordlist # perl morxcrack.pl crypt 'hash' wordlist # perl morxcrack.pl wordpress 'hash' wordlist # perl morxcrack.pl mysql hash wordlist # perl morxcrack.pl md5twice hash wordlist # # For CMS hashes, a salt is required. # # Usage: # perl morxcrack.pl joomla hash wordlist salt # perl morxcrack.pl vb hash wordlist salt # perl morxcrack.pl ipb hash wordlist salt # # Except for wordpress # perl morxcrack.pl wordpress 'hash' wordlist # # Important note: # Shadow file and Wordpress hashes need to be put between single quotes to avoid shell interpretation of $ character # # Modules: # Requires SHA, MD5 and PHPass modules. # # Install if missing: # perl -MCPAN -e 'install Authen::Passphrase::PHPass' # perl -MCPAN -e 'install Digest::SHA' # perl -MCPAN -e 'install Digest::MD5' # # Test on a Pentium® Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist: # # perl morxcrack.pl md5 83583d2b5ea4078b9b83f82254e5d564 all.txt # # [*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564 # [*] Algorithm/CMS set to md5 # [*] Wordlist set to all.txt # # [+] Cracking ... # ############################################################ # [+] Your password is morxploit # [+] found at line 3917096 # [+] Job took 16 seconds ############################################################ # # # Author discolaimer: # This code and all information contained in this entire document is for educational and demonstration purposes only. # Modification, use and publishing this information is entirely on your own risk. # I cannot be held responsible for any malicious use. Use at your own risk. use strict; use Digest::SHA; use Digest::MD5; use Authen::Passphrase::PHPass; system ('clear'); if(!defined ($ARGV[0]&& $ARGV[1]&& $ARGV[2])) { usage(); } sub usage{ print "\n--- MorxCrack Multi-Algorithm/CMS password cracking tool\n"; print "--- By Simo Ben youssef\n"; print "--- www.morxploit.com\n\n"; print "[-] An algorithm, a hash and a wordlist are required\n\n"; print "Usage: perl $0 <algorithm> <hash> <wordlist> <salt>\n\n"; print "Example:\n"; print "perl $0 sha hash wordlist\n"; print "perl $0 sha256 hash wordlist\n"; print "perl $0 sha512 hash wordlist\n"; print "perl $0 md5 hash wordlist\n"; print "perl $0 mysql hash wordlist\n"; print "perl $0 crypt 'hash' wordlist\n"; print "perl $0 wordpress 'hash' wordlist\n"; print "perl $0 md5twice hash wordlist\n"; print "\nFor CMS salt-hashed passwords:\n"; print "perl $0 joomla hash wordlist salt\n"; print "perl $0 vb hash wordlist salt\n"; print "perl $0 wordpress 'hash' wordlist\n"; print "perl $0 ipb hash wordlist salt\n\n"; exit; } sub saltusage{ print "\n--- MorxCrack Multi-Algorithm/CMS password cracking tool\n"; print "--- By Simo Ben youssef\n"; print "--- www.morxploit.com\n\n"; print "[-] You need to specifiy a salt\n\n"; print "Usage: perl $0 <algorithm> <hash> <wordlist> <salt>\n"; print "perl $0 joomla hash wordlist salt\n"; print "perl $0 vb hash wordlist salt\n"; print "perl $0 ipb hash wordlist salt\n\n"; exit; } my $algo = $ARGV[0]; my $hash = $ARGV[1]; my $wordlist = $ARGV[2]; my $salt = $ARGV[3]; my $algoname = $algo; my $subalgo = \&$algoname; my $password; my $digest; my $timestart; $SIG{'INT'} = \&sigIntHandler; $SIG{TSTP} = \&sigTSTPHandler; if (grep { $algo eq $_ && $salt eq ""} qw{joomla vb ibp}) { saltusage(); } elsif (!grep { $algo eq $_} qw{md5 mysql crypt sha sha256 sha512 joomla md5twice wordpress vb ibp}) { usage(); } else { &crack(); } sub crack{ system ('clear'); open (LIST, $wordlist) || die "\n[-] Can't find/open $wordlist\n"; print "\n[*] Hashed password set to $hash\n"; print "[*] Algorithm/CMS set to $algo\n"; print "[*] Wordlist set to $wordlist\n"; print "[*] Control+c to check stats\n"; print "[*] Control+z to exit the program\n\n"; sleep(2); print "[+] Cracking ...\n\n"; $timestart = time(); while ($password = <LIST>) { chomp ($password); &$subalgo(); if ($digest eq $hash) { my $timeend = time(); my $runtime = $timeend - $timestart; print "############################################################\n"; print "[+] Your password is $password\n"; print "[+] Found at line $. of $wordlist\n"; print "[+] Cracked in $runtime seconds\n"; print "############################################################\n\n"; close(LIST); exit; } } my $timeend = time(); my $runtime = $timeend - $timestart; print "############################################################\n"; print "[-] Failed: Couldn't crack the password!\n"; print "[+] Processed $. passwords in $runtime seconds\n"; print "############################################################\n\n"; exit; } sub sha{ use Digest::SHA; my $sha = Digest::SHA->new; $sha->add($password); $digest = $sha->hexdigest; } sub sha256{ my $sha = Digest::SHA->new(256); $sha->add($password); $digest = $sha->hexdigest; } sub sha512{ my $sha = Digest::SHA->new(512); $sha->add($password); $digest = $sha->hexdigest; } sub mysql{ # round 1 hashing my $sha1 = Digest::SHA1->new; $sha1->add($password); my $digest1 = $sha1->digest; # round 2 hashing my $sha1_2 = Digest::SHA1->new; $sha1_2->add($digest1); $digest = $sha1_2->hexdigest; } sub crypt{ $digest = crypt($password, $hash); } sub md5{ my $md5 = Digest::MD5->new; $md5->add($password); $digest = $md5->hexdigest; } sub joomla{ my $key = $password.$salt; my $md5 = Digest::MD5->new; $md5->add($key); $digest = $md5->hexdigest; } sub md5twice{ #round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; #round 2 my $md52 = Digest::MD5->new; $md52->add($digest1); $digest = $md52->hexdigest; } sub vb { # round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; # round 2 my $key = $digest1.$salt; my $md52 = Digest::MD5->new; $md5->add($key); $digest = $md5->hexdigest; } sub ibp { #round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; #round 2 my $md52 = Digest::MD5->new; $md52->add($salt); my $digest2 = $md52->hexdigest; my $key = $digest2.$digest1; # round 3 my $final = Digest::MD5->new; $final->add($key); $digest = $md5->hexdigest; } sub wordpress{ my ($h, $wpsalt, $hash2)=$hash=~m/^(.{4})(.{8})(.+)/; my $ppr = Authen::Passphrase::PHPass->new( cost => 11, salt => "$wpsalt", passphrase => "$password"); my $userpassword = $ppr->as_rfc2307; $digest = substr ($userpassword, 7); } sub sigIntHandler { my $sigtime = time(); my $cctime = $sigtime - $timestart; my $speed = $. / $cctime; print "\n############################################################\n"; print "[*] Current pwd: $password\n"; print "[*] Line number: $.\n"; print "[*] Time elapsed: $cctime\n"; print "[*] Speed: $speed pwd per second\n"; print "############################################################\n"; print "\n[+] Cracking ...\n"; } sub sigTSTPHandler { print "\n############################################################\n"; print "[+] Exiting at line $.\n"; print "[+] Aurevoir!\n"; print "############################################################\n\n"; sleep(2); close(LIST); exit; } Requirements: Perl 5 or older Additional modules: Authen::Passphrase::PHPass Usage: Usage for non-salted passwords: perl morxcrack.pl <algorithm> <’hash’> <wordlist> perl morxploit md5 ’83583d2b5ea4078b9b83f82254e5d564? wordlist.txt Usage for salted passwords: perl morxcrack.pl <algorithm> <’hash’> <wordlist> <salt> perl morxploit.pl joomla ‘a87248e5fc69972804f5bb93c873ee9d’ wordlist.txt 9W11uZafPxbe9xpL Demo: Test on a Pentium® Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist (43.4 MB): perl morxcrack.pl md5 ’83583d2b5ea4078b9b83f82254e5d564? all.txt [*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564 [*] Algorithm/CMS set to md5 [*] Wordlist set to all.txt [+] Cracking … ############################################################ # [+] Your password is morxploit # [+] found at line 3917096 # [+] Job took 16 seconds ############################################################ TODO: Get rid of PHPass module Support for more CMS Contribute: Your contribution is needed! Please submit your CMS password hashing methods to simo_at_morxploit_com Make sure to include software details such as name and version number. Also please feel free to submit all your suggestions and bugs. Thanks. Source: MorXCrack Multi-Algorithm/CMS password cracking tool | MorXploit Research