UH - multi-threaded hash cracker

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

UH - multi-threaded hash cracker

Post by Jori13 on Thu Jan 19, 2012 5:01 am
([msg=63764]see UH - multi-threaded hash cracker[/msg])

I hope I post this in the right sub-forum, else please move it and notify me. Thanks.

Please comment on my program (and its source ofcource). Thanks in advance.

Description:
UH or [U]n [H]ash is a general purpose (no rainbow table) multi-threaded hash cracker written in C. You can extend it by writing dynamic plugins (e.g. new hash functions). Currently UH is Windows only, but I will program a X-platform version (see TODO in uh_source.rar).

EXE's
www.jori-koolstra.nl/downloads/uh.rar

Source:
www.jori-koolstra.nl/downloads/uh_source.rar


Jori.
Jori13
New User
New User
 
Posts: 2
Joined: Tue Oct 18, 2011 3:49 am
Blog: View Blog (0)


Re: UH - multi-threaded hash cracker

Post by tgoe on Fri Jan 20, 2012 2:43 am
([msg=63784]see Re: UH - multi-threaded hash cracker[/msg])

Hey, thanks for sharing!

I took a brief once-over on your code and a couple minor gripes come to mind:

Tabs == Fail

Keeping code line length to 79 chars may seem weird as you're writing, but while reading code it helps to have multiple windows open on the same screen spanning the same code-base without awkward line breaks.

Also, I think there might be a minor security problem. Assuming your program will be automated by another program, I could construct a hash that exploits your use of strcpy. Use strncpy every time.
User avatar
tgoe
Contributor
Contributor
 
Posts: 639
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: UH - multi-threaded hash cracker

Post by Jori13 on Fri Jan 20, 2012 11:56 am
([msg=63795]see Re: UH - multi-threaded hash cracker[/msg])

Thanks for your reply!

Tabs == win (:

Its just a matter of coding style, I like this, and I'm not the only one.

What about the security risk you are 100% right, I'll fix it. But if you use this program alone, there isn't any risk, because the only one you can exploit is yourself haha.

EDIT:
Also there is no check on the size of the double, will fix that too.

-- Sun Jan 29, 2012 5:15 am --

Updated. Fixed some minor security bugs and a bug with option -r (to specify ranges).

Btw,
Its pretty dead around here haha (:

Well have a good day.
Jori13
New User
New User
 
Posts: 2
Joined: Tue Oct 18, 2011 3:49 am
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests