Hi,
I am developing a piece of software which is not in any way being designed to hack into my schools proxy server using HTTP auth :P
At the moment I have got it to generate random passwords of a random length, however using this method it is sometimes repeating passwords and there is no logical order to follow. Is there any way to get my PHP app to generate passwords in sequence (I know the passwords contain letters a-z A-Z and numbers 0-9)
a -> A -> b ->B etc.
Then move on to
aa -> aA -> ab -> aB etc.
then
ba -> bA etc
or something like that as in it trys each possible character then adds another character to the string and loops.
Regards,
Sam Rudge
P.S. Never try to hack the admin password for your school proxy, it can get you in a lot of trouble lol :D

php simply isn't meant for this kind of thing, regardless of its intention, albeit yours is a pretty useless one. On the basis of an 8 character password, where each letter can be 1 of 62 possibilities (a-zA-Z0-9) that is 9.807971461541689e+55 possibilities.

Good luck with that.

OK no need to get stroppy, and btw i was able to get 650 attempts per second with my laptop alone and I have 5 exactly the same + a load of friends with laptops who have said they will run the application. Im running it from a command window not through apache or IIS etc. I also know the password begins with H and is 7-10 characters long. I can also access the proxy with my home servers using VPN. Also i dont know any other languages that can process 650 requests per second and not slow or crash the laptops.

If you want a random password for general purposes then simply just do a hash of the current date, time and microtime. The following is an example:

echo substr(hash('sha1',date('d F Y G i s u')),0,10);

But if you are trying to hack into a school network like you have mentioned then try the following:

//settings
$chars="ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz";
$minchars=8;
$maxchars=10;

//rest of script
$escapecharplus=0;
$repeat=mt_rand($minchars,$maxchars);
while ($escapecharplus<$repeat)
    {
    $randomword.=$chars[mt_rand(1, strlen($chars)-1)];
    $escapecharplus+=1;
    }
//display random word
echo $randomword;

The above code is what I used in my sha1 cracker.

Hmm, thanx but I already have it generating random passwords. I just wanted it to do an incremental attack. I think I will add all the letters to an array and work from there.
Regds,
Sam Rudge

Well if you are trying to get an admin password then wouldn't the most logical thing be to first work out how to communicate with their proxy server (probably sockets). Then to do a password injection into their system so there is a new account then when you go to use their computers simply use the admin password you injected into their system. I hear that is how most online hackers hack into websites.

Yer but im 16 and the only languages I know are PHP, Perl, Python and C# I also think that creating a new user might make them find out. Or proxy is highly monitored.

Yer but im 16 and the only languages I know are PHP, Perl, Python and C# I also think that creating a new user might make them find out. Or proxy is highly monitored.

I have not yet mentioned to use a different language. What sockets are is just another part of php which can be found out at http://au2.php.net/manual/en/function.socket-create.php Although I have never used php sockets before, from what I have read, the opening connection will look something like the following:

$ipaddress='';// server ip address
$socket = socket_create (AF_INET, SOCK_STREAM, tcp);
socket_connect($socket,$ipaddress, 80);

Then after that connection established you can do whatever communications with the server using php sockets.

On the basis of an 8 character password, where each letter can be 1 of 62 possibilities (a-zA-Z0-9) that is 9.807971461541689e+55 possibilities.

Or 62^8, or 218,340,105,584,896 possibilities...

i was able to get 650 attempts per second with my laptop alone and I have 5 exactly the same

Ok, 5 of them, assuming you figure a way to start at a certain position and not just do the exact same on all 5 would be 3,250/second.
or 3,639,001,759,748.26 Seconds,
or 60,650,029,329.13 Minutes,
or 1,010,833,822.15 Hours
or 50,541,691.10 Days
or 138,470.38 Years
(please correct me if my math is wrong, its the end of a long day :))

Either way, it will take a long time with a PC (or PCs) like yours.

Oh, and in response to your actual question:

Is there any way to get my PHP app to generate passwords in sequence

Yes.

Or 62^8, or 218,340,105,584,896 possibilities...

Actually the math is 8^62 8 positions with 62 possibilities in each, special characters excluded 62 positions where each will only be 1 of 8 options yields significantly less possibilities.

Not to nitpick your math, because ultimately, our points were the same as the one you made, it would take to long to generate them all.

Funny side tangent, I was reading about security somewhere and there was a discussion on how frequently if ever a password should be changed and the usual answers showed up. Then someone pointed the thread to a url regarding where changing passwords originated from.

Turns out in the days of the first "super computers" some mathematicians determined if a "hacker" could have full access of the computer, every 30 days or so, they probability wise would generate a successful login attempt.

Hence they set forward to make users change their passwords every 30 days...

alright back on topic.

Actually the math is 8^62 8 positions with 62 possibilities in each, special characters excluded 62 positions where each will only be 1 of 8 options yields significantly less possibilities.

Not to nitpick your math, because ultimately, our points were the same as the one you made, it would take to long to generate them all.

Whoops, should have checked that, I always get them mixed up :( knew I should have paid more attention in Math :D

So add alot more zero before the decimal point in my last post and you'll have a closer figure (as if the numbers I 'worked out' weren't big enough)

Turns out in the days of the first "super computers" some mathematicians determined if a "hacker" could have full access of the computer, every 30 days or so, they probability wise would generate a successful login attempt.

Hence they set forward to make users change their passwords every 30 days...

alright back on topic.

That will soon change in year 2011. IBM will be releasing a supercomputer the size of a large house with 20 petaflops, 1.6 million processors, 1.6 TB of memory with Linux. Check out the article at http://www.pcworld.com/article/159150/ibm_readies_monster_supercomputer.html I wonder how this new supercomputer would work on my new computer games. It is said that it will be 20 times faster than any supercomputer that exists today. That would mean instead of taking 31 days to find the correct password it would only take 2 days. What would the world do without supercomputers.

indeed i believe that was referenced recently on slashdot, but I might be mistaken.

Some how though, I don't think "hacking my school's proxy server" falls into the national interest of science.

btw in case the op is still hanging around this thread, if your proxy is highly monitored, then what makes you think your network admin isn't noticing your 650 failed logins/second on their admin account?

This question has already been answered. Start a new discussion instead.