If you ever have to test password hashing strength, or just play to be a cracker for a bit, this class might help you get started with brute force attack methods.

// Based off: http://eternalrise.com/blog/brute-force-php-script/
class hash_brute_force {
  // Target password hash
  var $hash;
  // Map of characters used to generate test passwords
  var $charset;
  // Calculated lenght of charset map
  var $charset_length;
  // Found password
  var $password;

  function check($password) {
    // Using crypt() function to generate hashes
    // Alternatives are: md5(), sha1() and hash().
    $test_hash = crypt($password, $password);
    if ($test_hash == $this->hash) {
      $this->password = $password;
      return TRUE;
    }
    return FALSE;
  }

  function recurse($width, $position, $base_string) {
    for ($i = 0; $i < $this->charset_length; ++$i) {
      if ($position < $width - 1) {
        if ($this->recurse($width, $position + 1, $base_string . $this->charset[$i])) {
          return TRUE;
          break;
        }
      }
      $test_password = $base_string . $this->charset[$i];
      if ($this->check($test_password)) {
        return TRUE;
      }
    }
    return FALSE;
  }

  function find($hash, $max_length) {
    $this->hash = $hash;
    $this->charset = 'abcdefghijklmnopqrstuvwxyz';
    $this->charset .= '0123456789';
    $this->charset .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $this->charset .= '~`[email protected]#$%^&*()-_\/\'";:,.+=<>? ';
    $this->charset_length = strlen($this->charset);

    return $this->recurse($max_length, 0, '');
  }
}

How to use it?

function find_my_pass($hash) {
  $test = new hash_brute_force();
  $result = $test->find($hash, 5);
  if ($result !== FALSE) {
    print "Your password is: \n" . $test->password;
  }
  else {
    print 'No password found :(';
  }
}

Regards! (I guess…)

Cross-posted to Devtome