cybersecurity · beginner · ~15 min · safe pentest lab
Implement the dictionary-attack loop and feel why fast hashes + weak passwords are crackable.
Given a target digest and a wordlist, implement a dictionary attack:
int crack(unsigned long target, const char **words, int n, char *out)
Hash each candidate with the provided unsigned long thash(const char *) (declared for you by the grader); if a word's hash equals target, copy it into out and return 1. If none match, return 0. This is the core mechanic of offline password cracking — fast hashes fall to a wordlist instantly.
#include <stddef.h>
/* Provided by the grader: a (toy) hash of a NUL-terminated string. */
unsigned long thash(const char *s);
int crack(unsigned long target, const char **words, int n, char *out) {
/* TODO: hash each word; on match, copy to out and return 1; else 0. */
(void)target;(void)words;(void)n; out[0]='\0'; return 0;
}
Not returning 0 on no match; writing to out before confirming a match; off-by-one on the loop bound.
Target not in the list (return 0). First and last word matching.
O(n × word length).
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.