#!/usr/bin/php
<?php
/* $Id: dicattack.php 30 2007-07-13 23:03:03Z zapotek $ */
/********************************************************************
 * Author Info
 * -----------
 * Author:       Zapotek
 * E-Mail:       zapotek@segfault.gr
 * Website:      http://www.segfault.gr
 * 
 * File Info
 * ---------
 * Name:         DicAttack
 * 
 * Comments
 * --------
 * DicAttack is a wordlist (dictionary) attacker.
 * It takes each word in the file and compares
 * it against the given hash.
 * Currently supported algorithms are MD5 and SHA1.
 ********************************************************************/

define( 'VERSION', 0.2 );

$supported = "MD5/SHA1";
$name      = array_shift( $argv );
$wordlist  = array_shift( $argv );
$hash      = array_shift( $argv );

// print te banner
banner( );

// in case of inadequate input exit
if( $argc != 3 ) {
    echo "Syntax: $name <wordlist file> <hash>\n\n";
    exit( );
}

if( !file_exists( $wordlist ) ){
    echo "Can't access wordlist file: $wordlist'\n";
    exit( );
}

// start the timer
$time_start = getmicrotime( );
    
// get the encryption algorithm
switch( strlen( $hash ) ) {

    // if the hash is 32 chars long it's a MD5 Hash
    case 32;
        echo "\nGuessing MD5...\n\n";
        $string = crack( $wordlist, "md5", $hash );
        break;

    // if the hash is 40 chars long it's a SHA1 hash
    case 40;
        echo "\nGuessing SHA1...\n\n";
        $string = crack( $wordlist, "sha1", $hash );
        break;

    // else print error msg
    default;
        echo "Could not determine the encryption algorithm.\n";
        echo "Ensure that the hash is correct and try again.\n";
        exit( );
}

if( $string ){
    // stop the timer, we've got a winner!
    $time_stop = getmicrotime( );
    echo "Crack Successful!\n"."-----------------\n";
    echo "$hash = $string\n"."-----------------\n";
    $time = $time_stop - $time_start;
    echo "[ Operation took $time seconds ]\n\n";
} else {
    echo "Could not find mach in $wordlist, maybe you should try" . 
         " a bigger wordlist file.\n";
}

// our litle banner
function banner( ) {
    global $supported, $name;
    echo "\nDicAttack v". VERSION .
         "\nSimple wordlist based password cracker\n" .
         "by Zapotek <zapotek [at] segfault.gr>\n" .
         "<http://www.segfault.gr>\n\n" .
         "Currently supported algorithms: $supported\n\n";
         
}

//Our little timer function
function getmicrotime( ) {
    list ( $usec, $sec ) = explode( " ", microtime( ) );
    return ( (float) $usec + (float) $sec );
}

/**
 * disctionary attack function
 * 
 * @param	string	wordlist file, words must be seperated by newlines
 * @param	string	the algorithm of the hash (md5 or sha1)
 * @param	string	the md5 or sha1 hash to crack
 * 
 * @return  string  the cracked string or 0
 */
function crack( $wordlist_file, $algo, $hash ) {
        
    $words = file( $wordlist_file );
    
    foreach( $words as $word) {
        switch( strtolower( $algo ) ) {

            case "md5";
                $word_hash = md5( $word );
                break;

            case "sha1";
                $word_hash = sha1( $word );
                break;
        }

        if( $word_hash == $hash ) {
            return $word;
        }
    }
}

?>