lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Nov 2010 16:18:11 +0000 From: Bob Smith <bobbyhadababyitsaboy@...glemail.com> To: full-disclosure@...ts.grok.org.uk Subject: MD5 "decrypter" PHP Script I use the word "decrypter" loosely, but it is what the site's advertising it to be. So I wrote a PHP script that takes hashes from a database (columns are as such: id, hash, unhashed) and checks them against md5-decrypter.com and md5decryption.com these sites have no captcha protection (and over 4.7mil stored hashes) <?php set_time_limit(0); $db_host = "localhost"; //if your port is different then default, add a colon : and the port number (ex localhost:1337) $db_user = "user"; $db_password = "pass"; $db_name = "db"; $db_table ="table"; $table_id_field = "id"; //change this if the unique ID field is called something else. (ie Id, ID) $table_hash = "hash"; //change this if the hash field is called something else $table_plaintext = "dehashed"; //change this for where the plain text version of the password will be updated to //dont change anything below here unless you know what you are doing mysql_connect($db_host, $db_user, $db_password); mysql_select_db($db_name) or die(mysql_error()); $query = "SELECT * FROM " . $db_table . " limit 1"; $result = mysql_query($query) or die(mysql_error()); function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return mysql_real_escape_string(substr($string,$ini,$len)); } function give_back($url, $post, $text){ $posted_vars = $post . "=" . $text; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_REFERER, $url); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $posted_vars); curl_exec($ch); curl_close($ch); unset($ch); } function do_except($num, $plaintext){ if($num !=1){ give_back("http://md5-encryption.com/", "data[Row][clear]", $plaintext); } if($num !=2){ give_back("http://md5encryption.com/", "submit=Encrypt%20It!&word", $plaintext); } } function fetch_md5($url, $post, $start, $end, $trim, $hash){ $posted_vars = $post . "=" . $hash; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_REFERER, $url); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $posted_vars); $fetched_page = curl_exec($ch); curl_close($ch); unset($ch); $password = get_string_between($fetched_page, $start, $end); if(isset($trim) && !empty($trim)){ $password = substr($password, $trim); } return $password; } function update_plaintext($table_name, $id_field, $row_id, $plaintext, $dehashed){ //table name, table id field, row id value, the table plaintext field, the dehashed password $sql = "update $table_name set $plaintext = '$dehashed' where $id_field = '$row_id'"; mysql_query($sql); } while($row = mysql_fetch_array($result)){ $password1 = fetch_md5("http://md5-decrypter.com/", "data[Row][cripted]", "Decrypted text:</b>", "</b>", "21", $row[$table_hash]); if(!empty($password1)){ update_plaintext($db_table, $table_id_field, $row[$table_id_field], $table_plaintext, $password1); if($giveback == "1"){ do_except("1", $password1); } continue; } $password2 = fetch_md5("http://md5decryption.com/", "submit=Decrypt%20It!&hash", "Decrypted Text: </b>", "</font><br/>", "", $row[$table_hash]); if(!empty($password2)){ update_plaintext($db_table, $table_id_field, $row[$table_id_field], $table_plaintext, $password2); if($giveback == "1"){ do_except("2", $password2); } continue; } } ?> http://pastebin.com/idGqmqAg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists