EvilZone
		Programming and Scripting => Java => : The Alchemist  July 21, 2012, 02:04:27 PM
		
			
			- 
				MD5 Bruteforce Program
 
 Hello everyone...
 I've just created a MD5 bruteforce script using Java. It works pretty good till the length of the decrypted text is maximum 6 characters long... You can modify my code and increase the length easily...
 
 Its supports numbers, both uppercase and lowercase alphabets and some special symbols too that people use in their passwords...
 Here's the code :
 /*Program coded by The Alchemist
 * This is a MD5 brute force script
 * Works upto words that are 6 characters long
 * Supports numbers,characters(both uppercase and lowercase)
 * and special characters normally used in passwords
 */
 import java.security.*;
 import java.util.*;
 class Brute
 {
 String tester="",test;
 char ar[]={ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K',
 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3',
 '4', '5', '6', '7', '8', '9',',','.','<','>',';',':','-','_','=','+','!','@','#','$','%','^',
 '&','*','|','/','?'};
 int len=ar.length;
 public static String encrypt(String str)
 {
 byte[] defaultBytes = str.getBytes();
 try
 {
 MessageDigest algorithm = MessageDigest.getInstance("MD5");
 algorithm.reset();
 algorithm.update(defaultBytes);
 byte messageDigest[] = algorithm.digest();
 StringBuffer hexString = new StringBuffer();
 for (int i = 0; i < messageDigest.length; i++)
 {
 hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
 }
 str = hexString + "";
 } catch(NoSuchAlgorithmException e)
 {
 e.printStackTrace();
 }
 return str;
 }
 public boolean compareit(String s1, String s2)
 {
 return (s1.contains(s2));
 }
 public String decrypt1(String cry)//one character
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 tester=""+ar[a];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 return "";
 }
 public String decrypt2(String cry)//two characters
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 for(int b=0;b<len;b++)
 {
 tester=""+ar[a]+""+ar[b];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 }
 return "";
 }
 public String decrypt3(String cry)//three characters
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 for(int b=0;b<len;b++)
 {
 for(int c=0;c<len;c++)
 {
 tester=""+ar[a]+""+ar[b]+""+ar[c];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 }
 }
 return "";
 }
 public String decrypt4(String cry)//four characters
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 for(int b=0;b<len;b++)
 {
 for(int c=0;c<len;c++)
 {
 for(int d=0;d<len;d++)
 {
 tester=""+ar[a]+""+ar[b]+""+ar[c]+""+ar[d];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 }
 }
 }
 return "";
 }
 public String decrypt5(String cry)//five characters
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 for(int b=0;b<len;b++)
 {
 for(int c=0;c<len;c++)
 {
 for(int d=0;d<len;d++)
 {
 for(int e=0;e<len;e++)
 {
 tester=""+ar[a]+""+ar[b]+""+ar[c]+""+ar[d]+""+ar[e];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 }
 }
 }
 }
 return "";
 }
 public String decrypt6(String cry)//six characters
 {
 int i=cry.indexOf('0');
 String acry=cry;
 if(i!=-1)
 {
 acry=cry.substring(0,i)+cry.substring((i+1),cry.length());
 }
 for(int a=0;a<len;a++)
 {
 for(int b=0;b<len;b++)
 {
 for(int c=0;c<len;c++)
 {
 for(int d=0;d<len;d++)
 {
 for(int e=0;e<len;e++)
 {
 for(int f=0;f<len;f++)
 {
 tester=""+ar[a]+""+ar[b]+""+ar[c]+""+ar[d]+""+ar[e]+""+ar[f];
 test=encrypt(tester);
 if(compareit(cry,test) || compareit(acry,test))
 {
 return tester;
 }
 }
 }
 }
 }
 }
 }
 return "Not found";
 }
 public static void main()
 {
 Scanner in=new Scanner(System.in);
 String str;
 System.out.print("Please don't waste time entering encryptions other than md5\nEnter md5 encrypted text : ");
 str = in.nextLine();
 Brute ob=new Brute();
 String res = ob.decrypt1(str);
 if(res.equalsIgnoreCase(""))
 {
 
 System.out.print("Not 1 charactered\n");
 res=ob.decrypt2(str);
 }
 if(res.equalsIgnoreCase(""))
 {
 System.out.print("Not 2 charactered\n");
 res=ob.decrypt3(str);
 }
 if(res.equalsIgnoreCase(""))
 {
 System.out.print("Not 3 charactered\n");
 res=ob.decrypt4(str);
 }
 if(res.equalsIgnoreCase(""))
 {
 System.out.print("Not 4 charactered\n");
 res=ob.decrypt5(str);
 }
 if(res.equalsIgnoreCase(""))
 {
 System.out.print("Not 5 charactered\n");
 res=ob.decrypt6(str);
 }
 if(res.equalsIgnoreCase(""))
 {
 System.out.print("Not 6 charactered\n");
 }
 System.out.print("Result : "+res);
 }
 }
 
 Run it in your Java platform. Enter the MD5 encrypted text that you would like to 'decrypt'. And wait till the decrypted text appears...
 
 Thats it...
 Enjoy..
 
 DON'T FORGET TO GIVE FEEDBACK!!
 
- 
				I see it is not multi-threaded and has shitloads of nested if's and for's. I can imagine that nested "for" loops could be OK, but such a long list of if's is not acceptable.
			
- 
				The code is shit.
 
 Reasons:
 
 It is not flexible: You have numbered decrypt methods, one for each length. Use for-loops instead. Use them properly so you don't have to nest one loop or if-statement for every character. That is not necessary.
 You only need one decrypt method.
 
 It is slow: As Kulver said: Threading can be used, but that is something you can do as an exercise once you have made the code more clean.
 tester=""+ar[a]+""+ar[b]+""+ar[c]+""+ar[d]+""+ar[e];String concatenations within several for loops --> bad performance
 Use StringBuilder instead.
 
 public boolean compareit(String s1, String s2)
 {
 if(s1.contains(s2))
 return true;
 else
 return false;
 }
 
 You can just do:
 
 public boolean compareit(String s1, String s2) {
 return s1.contains(s2);
 }
 
 Which defeats the purpose of this method at all. Just use contains() as it is.
 
 int a,b,c,d,e,f;
 These are only used as indices in for loops. No need to make them fields. You should always make your variables as local as possible. Just do
 
 for(int a = 0; a < len; a++)
 Same for the other fields. All of them can be declared within the decrypt method.
 
 Also have a look at the Java code conventions: http://www.oracle.com/technetwork/java/codeconv-138413.html (http://www.oracle.com/technetwork/java/codeconv-138413.html)
 
 I think this is enough for now (it is still not everything). Repair your code and you get more feedback. Ask, if you need any help with this.
- 
				Ok guys... I'll remember these things... Next time I'll try and create a much efficient code...