我正在使用C创建一个简单的类似md5 bruteforce的程序。唯一的问题是,如果我替换if语句的一部分,Found String:
输出将完全更改。
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <time.h>
#include <stdbool.h>
#if defined(__APPLE__)
# define COMMON_DIGEST_FOR_OPENSSL
# include <CommonCrypto/CommonDigest.h>
# define SHA1 CC_SHA1
#else
# include <openssl/md5.h>
#endif
char *str2md5(const char *str, int length) {
int n;
MD5_CTX c;
unsigned char digest[16];
char *out = (char*)malloc(33);
MD5_Init(&c);
while (length > 0) {
if (length > 512) {
MD5_Update(&c, str, 512);
} else {
MD5_Update(&c, str, length);
}
length -= 512;
str += 512;
}
MD5_Final(digest, &c);
for (n = 0; n < 16; ++n) {
snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);
}
return out;
}
typedef struct md5data {
char* output;
char* strin;
} md5data;
md5data getrand() {
for (int i = 0; i < 10; ++i)
{
rand();
srand(rand());
}
unsigned char strin[50];
for (int i = 0; i < 50; i++)
{
strin[i] = (rand()%94)+32;
}
strin[49] = ' ';
char* string = &strin;
char *output = str2md5(string, strlen(string));
md5data out;
out.output = output;
out.strin = string;
return out;
}
bool starts_with(const char* a, const char* b)
{
if(strncmp(a, b, strlen(b)) == 0) return 1;
return 0;
}
int main() {
char input;
printf("%s","Enter Search String: ");
scanf("%s",&input);
srand(time(NULL));
while(1 == 1) {
md5data md5 = getrand();
if(starts_with(md5.output,&input)) {
printf("Found String: %snMD5: %sn",md5.strin,md5.output);
break;
}
}
return 0;
}
每当我编译和执行时,输出的第一行通常类似于Found String: 0????
然而,如果我将starts_with(md5.output,&input)
更改为类似1==1
或类似的内容,则输出类似Found String: qM39$dcX_ZqFM9]?>jKhxSl@m2xrAxaL*
是什么导致输出发生变化?为什么会发生变化?
问题出在线路上:
char input;
printf("%s","Enter Search String: ");
scanf("%s",&input);
input
应该是一个char数组(一个缓冲区),而不是单个char。例如:
char input[256];
printf("%s","Enter Search String: ");
scanf("%s",&input);
在当前状态下,scanf
会导致堆栈上的缓冲区溢出,从而导致未定义的结果。
我添加了一个全局变量,删除了md5data,并使用strcpy将值形式getrand复制到全局变量中,从而解决了这个问题。代码:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <time.h>
#include <stdbool.h>
#if defined(__APPLE__)
# define COMMON_DIGEST_FOR_OPENSSL
# include <CommonCrypto/CommonDigest.h>
# define SHA1 CC_SHA1
#else
# include <openssl/md5.h>
#endif
char *str2md5(const char *str, int length) {
int n;
MD5_CTX c;
unsigned char digest[16];
char *out = (char*)malloc(33);
MD5_Init(&c);
while (length > 0) {
if (length > 512) {
MD5_Update(&c, str, 512);
} else {
MD5_Update(&c, str, length);
}
length -= 512;
str += 512;
}
MD5_Final(digest, &c);
for (n = 0; n < 16; ++n) {
snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);
}
return out;
}
unsigned char stringglobal[50];
char* outputglobal;
void getrand() {
for (int i = 0; i < 10; ++i)
{
rand();
srand(rand());
}
unsigned char strin[50] = {0};
for (int i = 0; i < 50; i++)
{
strin[i] = (rand()%94)+32;
}
strin[49] = ' ';
char* string = &strin[0];
char *output = str2md5(string, strlen(string));
outputglobal = output;
strcpy(stringglobal,string);
}
bool starts_with(const char* a, const char* b)
{
if(strncmp(a, b, strlen(b)) == 0) return 1;
return 0;
}
int main() {
char input[256];
printf("%s","Enter Search String: ");
scanf("%s",&input);
srand(time(NULL));
while(1 == 1) {
getrand();
if(starts_with(outputglobal,&input)) {
printf("Found! String: %snMD5: %sn",stringglobal,outputglobal);
break;
}
}
return 0;
}