Friday, October 26, 2012

md5 cracking

md5 是很常遇到的 hash ... 用來加密一般的明文密碼

不過處理起來不算是很棘手(對於簡單的密碼字串)

以下幾個簡單的方法

1. 直接丟 google

2. 讓別人幫你丟

http://www.md5crack.com/crackmd5.php

https://github.com/juuso/BozoCrack

3. 從別人算好的 rainbow table 挖

site:http://www.md5this.com/ 912ec803b2ce49e4a541068d495ab570


4.在線解密,不過有的不給看就是 =..=

http://www.cmd5.org/

http://www.xmd5.org/


5. 自己算

身為一個 hacker ,寫出一個猜 md5 的 brute force cracking 應該不是問題

hashcat 是一款優良的工具,不過他的 manual  不好懂...

http://hashcat.net/oclhashcat-plus/

6. 請示ㄉㄉ

http://www.infosec.sdu.edu.cn/person_wangxiaoyun.htm

http://zh.wikipedia.org/wiki/%E7%8E%8B%E5%B0%8F%E9%9B%B2

http://baike.baidu.com/view/350813.htm

中國山東的王小雲博士提出過 md5 的碰撞猜解方法,可以去研究他的論文XD
at No comments:
Labels: , ,

Tuesday, October 23, 2012

Archlinux install package via AUR

https://wiki.archlinux.org/index.php/Arch_User_Repository

AUR (Arch User Repository) 類似於 Ubuntu 底下的 PPA,由用戶自行開發的程式會放在這邊

如果經由 Archers 投票票數夠高的話有機會進去官方 repo


到 https://aur.archlinux.org/ 抓想要的 tarball 和 PKGBUILD


$ cd ~/builds 
$ tar xvzf foo.tar.gz
$ cd foo 
$ vim PKGBUILD          # check if there's any evil things in the scripts
$ vim foo.install
$ makepkg -s            #  call sudo to solve the dependency
# pacman -U foo-0.1-1-i686.pkg.tar.xz
at No comments:
Labels: , , , ,

Monday, October 22, 2012

change fonts on linux


每次都要回去翻其他地方的筆記...

這邊備份一下




 sudo cp -r 字型資料夾 /usr/share/fonts/

sudo fc-cache -f -v && sudo fc-list : file
at No comments:
Labels: , , ,

Archlinux installation

I just move my notes to gist



https://gist.github.com/xatier/5dc88654738845fc5fea

at No comments:
Labels: , ,

Friday, October 19, 2012

some rsync options

筆記一下常用的 rsync options,備份東西用

rsync -avzPe ssh src des

 # a: archive mode,  -rlptgoD (no -H,-A,-X)
# v: verbose
# z: compressed
# P: --partial --progress
# e ssh: over ssh
at No comments:
Labels: , , , , ,

Tuesday, October 16, 2012

Parallel Programming in Perl using Parallel::ForkManager

最簡單的  Perl 平行處理

使用 Parallel::ForkManager 這個 CPAN module

https://metacpan.org/module/Parallel::ForkManager


use Parallel::ForkManager;
 
$pm = new Parallel::ForkManager($MAX_PROCESSES);
 
foreach $data (@all_data) {
  # Forks and returns the pid for the child:
  my $pid = $pm->start and next;
 
   # do some work with $data in the child process ...
 
  $pm->finish; # Terminates the child process
}


寫了一個 Parallel 的 MD5 Bruteforce Cracker

#!/usr/bin/perl

use 5.012;
use warnings;

# MD5 Hash Bruteforce Kit
# original version by Iman Karim (iman.karim@smail.inf.fh-bonn-rhein-sieg.de)
# http://home.inf.fh-rhein-sieg.de/~ikarim2s/

# modified by xatier (xatierlike @gmail.com)
# Date : 10/15 2012
# This Cracker is by far not the fastest! only used to find "lost" passwords ;)
# run on my ubuntu server :P

my $ver = "02";

use Digest::MD5 qw(md5_hex);
use Time::HiRes qw(gettimeofday);
use Parallel::ForkManager;

# for parallel cracking
our $MAX_PROCESS_NUMBER = 25;

# charset
my $alpha = "";
$alpha .= "abcdefghijklmnopqrstuvwxyz" if ($ARGV[0] =~ "a");
$alpha .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ" if ($ARGV[0] =~ "A");
$alpha .= "1234567890"                 if ($ARGV[0]=~"d");
$alpha .= "~!@#\$%^&*()_+`-=[]\\{}|;':\",./<>?"  if ($ARGV[0]=~"x");


usage() if ($alpha eq "" or $ARGV[3] eq "");

if (length($ARGV[3]) != 32) {
    die "Sorry but it seems that the MD5 is not valid!\n";
};

say "Selected charset for attack =>  '$alpha'";
say "Going to Crack '$ARGV[3]'";
say "length from $ARGV[1] to $ARGV[2]...";
say "Press Enter to continue...";
my $key = <>;
system("mv key.txt key.txt.old");

# go!
for (my $t = $ARGV[1]; $t <= $ARGV[2]; $t++) {
    crack ($t);
}

sub usage {
    say<<EOF;   
    Charset can be: [aAdx]
    a = {'a','b','c',...}
    A = {'A','B','C',...}
    d = {'1','2','3',...}
    x = {'!','\"',' ',...}

    EXAMPLES:
       ./md5crack.pl ad 1 3 900150983cd24fb0d6963f7d28e17f72
            all lowercase Alphas and all digits
            length from 1 and 3 characters.
        ------------------------------
       ./md5crack.pl aA 3 3 900150983cd24fb0d6963f7d28e17f7;
            all lowercase Alphas and all uppercase Alphas;
            exactly 3 characters.
        ------------------------------
       ./md5crack.pl aAdx 1 10 900150983cd24fb0d6963f7d28e17f7;
            nearly every characte;
            length from 1 to 10 character;
EOF
    die "Quitting...\n";
}

sub crack {
    my $CharSet = shift;
    my @RawString = ();
    my @testdata = ();
    my @realbuf = ();
    my $BUFSIZ = $MAX_PROCESS_NUMBER;
    my $data_BUFSIZ = 100;
    my $data_count = 0;
    my $real_count = 0;
    push @RawString, 0 for (0 .. $CharSet - 1);

    do {
        for (my $i = 0; $i < $CharSet; $i++) {
            if ($RawString[$i] > length($alpha)-1) {
                if ($i == $CharSet-1) {
                    crack_parallel([@realbuf]);
                    say "Bruteforcing done with $CharSet Chars. No Results.";
                    return;
                }
                $RawString[$i+1]++;
                $RawString[$i] = 0;
            }
        }

        my $ret = "";
        $ret .= substr($alpha,$RawString[$_], 1) for (0 ..$CharSet-1);

        if ($data_count < $data_BUFSIZ) {
            push @testdata, $ret;
            $data_count++;
        }

        if ($data_count == $data_BUFSIZ) {
            push @realbuf, [@testdata];
            @testdata = ();
            $data_count = 0;
            $real_count++;
        }

        if ($real_count == $BUFSIZ) {
            crack_parallel([@realbuf]);
            @realbuf = ();
            $real_count = 0;
        }

        $RawString[0]++;

    } while ($RawString[$CharSet-1] < length($alpha));
}


sub crack_parallel {
    my $realbuf_ref = shift;

    my $pm = new Parallel::ForkManager($MAX_PROCESS_NUMBER);

    $pm->run_on_finish (
        sub {
            my ($pid, $exit_code, $ident, $exit_signal, $core_dump, $ref) = @_;
            if (defined $ref) {
                say "$ref->[0] ==> $ref->[1]";
                open F, ">", "key.txt";
                say F "$ref->[0] ==> $ref->[1]";
                close F;
                $@ = "";   # shut up, error message!
                die "\n**** Password Cracked! ";
            }
        }
    );

    for my $r (@$realbuf_ref) {
        # paralleize the cracking md5s
        $pm->start and next;
        for my $text (@$r) {
            my $hash = md5_hex($text);
            say "$ARGV[3] != $hash ($text)";
            if ($ARGV[3] eq $hash) {
                $pm->finish(0, [$text, $hash]);
            }
        }
        $pm->finish(0);
    }
    $pm->wait_all_children;
}
at No comments:
Labels: , , ,

Monday, October 15, 2012

cpanp and cpanm note

CPAN

$ sudo cpanp

s reconfigure

7 Select mirrors

No

Mirror => Asia => Taiwan


Quit

Save and exit




# req

s conf prereqs 1
s save




# skip test
s conf skiptest 1
s save




s selfupdate all

i Bundle::CPAN




CPANM

 https://github.com/miyagawa/cpanminus/

$ wget http://xrl.us/cpanm

$ chmod +x cpanm

 $ mv ./cpanm /usr/bin

$ cpanm --self-upgrade --sudo

$ sudo cpanm Parallel::ForkManager
at No comments:
Labels: ,

ReText - a live text editor for Markdown and rST


http://sourceforge.net/p/retext/home/ReText/

powered by Python & Qt

gslin 學長 blog 上看到的介紹文 在 Ubuntu 下即時編輯 Markdown 語法:ReText



基本上是個不錯用的 tool

試用心得是他 live editor 的地方還是做的不夠好,只要有更改到,live 視窗會自動捲到最上面,這點來講使用很不便


不過大抵來講拿來當作是一個 markup language 的預覽程式很好用啦XD (小弟初學者)
at No comments:
Labels: , ,

Friday, October 12, 2012

R.I.P. dmr

dmr 大師逝世一週年

Brian Kernighan : 牛頓說他是站在巨人的肩膀上,而我們是站在 Dennis 的肩膀上

感謝您,Dennis ,帶給了我們如此美好的資訊世界。 : )



#include<stdio.h>

int main (void) {
    printf("Goodbye, world");
    return 0;
}


Dennis Ritchie,

    father of the C programming language and the Unix operating system


"Tribute Dennis Ritchie at Bell Labs" youtube 上面有一系列的紀念演講...熱淚瀅框




恐龍本作者給 dmr 的紀念


http://en.wikipedia.org/wiki/Dennis_Ritchie
http://www.cs.bell-labs.com/who/dmr/index.html



大家都說 Steve Jobs 的蘋果改變了全世界

但倘若這個世界沒有 C programming language 和 UNIX

Steve Jobs 要拿什麼來能種出又大又甜的蘋果呢?

10/5 全世界都為改變世界的 Steve Jobs R.I.P.

誰來為改變 computer science 世界的 dmr 大師哀悼呢?




                                                                             
brainyquote.com 摘下幾句 dmr 的名言

以此致哀


At least for the people who send me mail about a new language that they're
designing, the general advice is: do it to learn about how to write a compiler.


At the same time, much of it seems to have to do with recreating things we or
others had already done; it seems rather derivative intellectually; is there a
dearth of really new ideas?


C is peculiar in a lot of ways, but it, like many other successful things, has
a certain unity of approach that stems from development in a small group.


C was already implemented on several quite different machines and OSs, Unix was already being distributed on the PDP-11, but the portability of the whole
system was new.
                                                                         

C++ and Java, say, are presumably growing faster than plain C, but I bet C will
still be around.


For infrastructure technology, C will be hard to displace.


I can't recall any difficulty in making the C language definition completely
open - any discussion on the matter tended to mention languages whose inventors
tried to keep tight control, and consequent ill fate.


I'm just an observer of Java, and where Microsoft wants to go with C# is too
early to tell.


I'm not a person who particularly had heros when growing up.


I've done a reasonable amount of travelling, which I enjoyed, but not for too

long at a time.


Obviously, the person who had most influence on my career was Ken Thompson.


Over the past several years, I've been more in a managerial role.


The kind of programming that C provides will probably remain similar absolutely
or slowly decline in usage, but relatively, JavaScript or its variants, or XML,
will continue to become more central.


UNIX is basically a simple operating system, but you have to be a genius to
understand the simplicity.
Dennis Ritchie


When I read commentary about suggestions for where C should go, I often think
back and give thanks that it wasn't developed under the advice of a worldwide
crowd.



at No comments:
Labels: ,

家書


約一年前母親寫給我的





等到真正置身雲間. 才發現不過如在霧裡.


人生的一切追求也都是如此. 遙遠而不可及的事物才會令人渴望. 一旦成為每天要面對的現
實. 也就不過爾爾. 等日後回首望向來時路. 你又會看到當初夢想的風景.
at No comments:
Labels:

change Terminal title

剛剛睡醒看到這影片...笑翻




改桌布, pstree, 和 ping 大家都會就不說了

要比較炫的 pstree 還可以裝一下 htop XD



改標題也有很 g33k 的作法:


echo -ne "\033]2;hack\007"


好了,我看起來像個駭客了,對吧
at No comments:
Labels: ,

Tuesday, October 9, 2012

update bash version on Mac

用到今天我才發現原來 Mac 上面 default 的 bash 竟然是骨灰級的版本

$ bash --version
GNU bash, version 3.2.48(1)-release (x86_64-apple-darwin12)
Copyright (C) 2007 Free Software Foundation, Inc.


更新步驟

$ brew install bash

$ /usr/local/bin/bash --version
GNU bash, version 4.2.37(2)-release (i386-apple-darwin12.2.0)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


# 在最後加上裝好的 bash 新版
sudo vim /private/etc/shells
/usr/local/bin/bash

# 換過來
chsh -s /usr/local/bin/bash

$ echo $SHELL
/usr/local/bin/bash

$ echo $BASH_VERSION
4.2.37(2)-release


done.
at No comments:
Labels: , ,

Monday, October 8, 2012

Catalan Number

http://en.wikipedia.org/wiki/Catalan_number

組合數學上很重要的數列

1, 1, 2, 5, 14, 42, 132, 429 ...

這個特殊的遞迴式很好用





#!/usr/bin/python

c = [1, 1, 1]
for _ in range (3, 10+1):
    # f(n+1) = f(n) * (4n-6 / n)
    c.append(c[_-1] * (4*(_-1) - 6) / (_-1))

print c[2:]

# [1, 1, 2, 5, 14, 42, 132, 429, 1430]
at No comments:
Labels: ,
Subscribe to: Posts (Atom)