Merge branch 'donnajharris-master'

.gitignore

@@ -0,0 +1,2 @@
+cli
+.DS_Store

README.md

@@ -6,22 +6,30 @@
 
 ## How to compile
 1. Make sure you install the libssl-dev package. On Ubuntu ``sudo apt-get install libssl-dev``.
-2. Run gcc: ``gcc -std=c99 cli.c -o cli -lcrypto``
+2. Run gcc: ``gcc cli.c -o cli -lcrypto``
 
 ## How to compile with Docker
-1. Run gcc within a container: ``docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:4.9 gcc -std=c99 cli.c -o cli -lcrypto``
+1. Run gcc within a container: 
+
+``docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:4.9 gcc -std=c99 cli.c -o cli -lcrypto``
 
 ## How to run dictionary attack:
-``./cli --dictionary /some/path --password $(echo -n 'test' | sha256sum) --verbose``
+``./cli --dictionary ./some/path --password $(echo -n 'test' | sha256sum) --verbose``
+
 or using short option names:
-``./cli -d /some/path -p $(echo -n 'test' | sha256sum) -v``
+
+``./cli -d ./some/path -p $(echo -n 'test' | sha256sum) -v``
 
 ## How to run brute force attack:
 ``./cli --bruteforce --lowercase --uppercase --numbers --symbols -p $(echo -n 'test' | sha256sum) --verbose``
+
 or using short option names:
+
 ``./cli -bluns -p $(echo -n 'test' | sha256sum) -v``
 
 ## Authors
 Donna Harris
+
 Ma Luo
+
 Will Anderson

bruteforce.c

@@ -8,18 +8,19 @@ int bruteforce_crack(char* password_hash, char * characters, int password_max_le
     static unsigned char buffer[65];
     printf("Calculating to a length of %d\n", password_max_length);
 
-    for(int i=1; i <= password_max_length; i++) {
+    int i,j,k;
+    for(i=1; i <= password_max_length; i++) {
         long possibilities = (long) pow(number_of_characters, i);
         if(verbose)
         {
             printf("Now calculating password length of %d, it has %d possibilities\n", i, possibilities);
         }
         char passwordToTest[i];
-        for (int j = 0; j < possibilities; j++)
+        for (j = 0; j < possibilities; j++)
         {
             strcpy(passwordToTest, "");
             int val = j;
-            for (int k = 0; k < i; k++)
+            for (k = 0; k < i; k++)
             {
                 passwordToTest[k] = characters[val % number_of_characters];
                 val = val / number_of_characters;       

dictionary.c

@@ -1,31 +1,86 @@
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/types.h>
 #include "hash.c"
 
+/* 
+    remove_new_line()
+    - utility function to remove new line character from each entry in the given file 
+*/
+int remove_new_line(char *input, char **output)
+{
+    int len = strlen(input);
+
+    if(input[len-1] == '\n')
+    {
+        *output = (char*)malloc(sizeof(char)*(len-1));
+        strncpy(*output, input, len-1);
+    }
+    else
+    {
+        *output = (char*)malloc(sizeof(char)*(len-1));
+        strncpy(*output, input, len);
+    }
+
+    return 0;
+}
+
+
 int dictionary_crack(char* password_hash, char *dictionary_path, int verbose)
 {
-    printf("Using dictionary path %s.\n", dictionary_path);
-    static unsigned char buffer[64];
+    static unsigned char candidate_hash[64];
+
+    FILE *file;
+    char *line = NULL;
+    char *candidate_buffer = NULL;
+	size_t len = 0;
+	ssize_t read;
+
+	file = fopen(dictionary_path, "r");
+	if (file == NULL)
+    {
+        printf("Error reading dictionary file: %s\n", dictionary_path);
+        printf("Exiting with error code %d.\n", EXIT_FAILURE);
+		exit(EXIT_FAILURE);
+    }
+
+    printf("\n>>> Using dictionary path: %s\n\n", dictionary_path);
+
+    //hash(password_hash, password_buffer);
     if(verbose) 
     {
-            printf("Hash to compare: %s\n", password_hash);
+        printf("---------------------------------------------------------------------------------------------------------------------------------\n");
+        printf("Looking for this password:\t\t\t\t\t%s\n", password_hash);
+        printf("---------------------------------------------------------------------------------------------------------------------------------\n");
+        printf("\n");
     }
 
-    for(int i=0; i < 1; i++)
+  	while ((read = getline(&line, &len, file)) != -1)
     {
-        // should read in these from a file...
-        char passwordToTest[] = "test";
-        hash(passwordToTest, buffer);
+        remove_new_line(line, &candidate_buffer);        
+        hash(candidate_buffer, candidate_hash);
+
         if(verbose) 
         {
-            printf("`%s` -> %s\n", passwordToTest, buffer);
+            printf("Password candidate from file:\t%16s\t--->\t%s\n", candidate_buffer, candidate_hash);
         }
 
-        if (!strcmp(password_hash, buffer))
+        if (!strcmp(password_hash, candidate_hash))
         {
-            printf("Password found: %s\n", passwordToTest);
+            printf("\nSUCCESS!!\tPassword found: %s\n", candidate_buffer);
+
+            free(candidate_buffer);
+	        fclose(file);
             return 0;
         }        
+
+        free(candidate_buffer);    
     }
+
+    fclose(file);
+
+    printf("\n");
+
     return 1;
 }

dictionary_files/100_pass.txt

@@ -0,0 +1,100 @@
+123456
+password
+12345678
+qwerty
+123456789
+12345
+1234
+111111
+1234567
+dragon
+123123
+baseball
+abc123
+football
+monkey
+letmein
+696969
+shadow
+master
+666666
+qwertyuiop
+123321
+mustang
+1234567890
+michael
+654321
+pussy
+superman
+1qaz2wsx
+7777777
+fuckyou
+121212
+000000
+qazwsx
+123qwe
+killer
+trustno1
+jordan
+jennifer
+zxcvbnm
+asdfgh
+hunter
+
+buster
+soccer
+harley
+batman
+andrew
+tigger
+sunshine
+iloveyou
+fuckme
+2000
+charlie
+robert
+thomas
+hockey
+ranger
+daniel
+starwars
+klaster
+112233
+george
+asshole
+computer
+michelle
+jessica
+pepper
+1111
+zxcvbn
+555555
+11111111
+131313
+freedom
+777777
+pass
+fuck
+maggie
+159753
+aaaaaa
+ginger
+princess
+joshua
+cheese
+amanda
+summer
+love
+ashley
+6969
+nicole
+chelsea
+biteme
+matthew
+access
+yankees
+987654321
+dallas
+austin
+thunder
+taylor