Waraxe IT Security Portal
Login or Register
November 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Php -> Rainbow Table Query Script
Post new topicReply to topic View previous topic :: View next topic
Rainbow Table Query Script
PostPosted: Wed Jul 20, 2005 11:26 am Reply with quote
UrlGuy
Regular user
Regular user
Joined: Jul 20, 2005
Posts: 16
Location: Norway




Okay, probably someone in here who is interested in this..

I was looking for a script for this a couple days ago so I started programming my own lil script..

I have made 2 scripts to allow other users to query your rainbow tables from your webpage/server.

One of them needs MySQL support, and allows only 1 hash submittion at once, and have a simple login system, aswell as saving all hashes to the database, and updating the mainpage every 30 sec with meta tags, and it will say when its done querying, and output results. - So you dont have to edit php.ini and max execution time.

I will only post one script for now, a script that dont need database support, only PHP is required.
This allows submittion of 5 MD5 hashes at once, although I reccomend only 1-2 as it may take some time, and php.ini's max execution time should be set to maximum if you have large tables.

This script uses the system(); command to execute the query, then outputs the result in some premade .txt files.

If anyone interested I can supply you with source for the exact same purpose, only this made in VB/CPP and will same output results into a db/html or .txt but this dont allow execution remotely, unless you further use winsock control.

Anyways, you need to make a few changes to this script yourself, I will explain more of that in the end.

Heres the code:


Index.php

Code:

<center><HTML>
<HEAD>
<center><H2>Rainbow Tables - MD5</H2><bR></center>
</HEAD>
<BODY>
<br>
<CENTER>
<FORM action="crack.php" method="post">
HASH1:<BR>
<INPUT type="text" name="hash1_old"><BR>
HASH2:<BR>
<INPUT type="text" name="hash2_old"><BR>
HASH3:<BR>
<INPUT type="text" name="hash3_old"><BR>
HASH4:<BR>
<INPUT type="text" name="hash4_old"><BR>
HASH5:<BR>
<INPUT type="text" name="hash5_old"><BR>
<INPUT type="submit" value="Try">
</FORM></center><BR><BR>




crack.php

Code:

<center><?php

/*

Rainbow table querying in PHP
- Simple example
- No database required

Contact:
ap1803@gmail.com

*/

include("index.php");
echo "<B>OUTPUT:</B><BR><BR>";
$op_cont = file_get_contents("output.txt");

$filename = 'output.txt'; // Both these will have some
$file = 'temp.txt'; // output temporarily stored in them.

$_GET['hash1_old'];
$_GET['hash2_old'];
$_GET['hash3_old'];
$_GET['hash4_old'];
$_GET['hash5_old'];

$hash1 = escapeshellcmd($hash1_old); // Using this to avoid
$hash2 = escapeshellcmd($hash2_old); // exploits and vulnerable
$hash3 = escapeshellcmd($hash3_old); // code being passed.
$hash4 = escapeshellcmd($hash4_old); // Just some extra
$hash5 = escapeshellcmd($hash5_old); // security :)

if(empty($hash1)) {
$hashes=array($hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]"; // I know my code looks messy
}
if(empty($hash2)) {
$hashes=array($hash1, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]"; // This could have been done a easier way
}
if(empty($hash3)) {
$hashes=array($hash1, $hash2, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[3]\r\n$hashes[4]";
}
if(empty($hash4)) {
$hashes=array($hash1, $hash2, $hash3, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[4]";
}
if(empty($hash5)) {
$hashes=array($hash1, $hash2, $hash3, $hash4);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]";
} else {
$hashes=array($hash1, $hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]";
}

$fp = fopen($file, 'w');
fwrite($fp, $towrite);
fclose($fp);


echo "<pre>";
$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");
echo "</pre>";

if (is_writable($filename)) {
if (!$handle = fopen($filename, 'w+')) {
echo "Cant open ($filename)";
exit;
}

if (fwrite($handle, $crack) === FALSE) {
echo "Failed to write output to ($filename)";
exit;
}
}
fclose($handle);
?></center>



Make these files, and in the same folder make 2 empty textfiles.
Name these 'output.txt' and 'temp.txt'.
You will also need charset.txt in your script folder, aswell as in the folder with your rcrack.exe

Near the bottom of crack.php you will find this line:

$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");

Modify this to the directory of your rcrack. (I have not tested elsewhere) But remember to add two slashes in the directories.

I have added all the hashes to go thru escapeshellcmd(); before its being executed by shell, incase some clever ppl decide to try exploit your box, this is just for increased security. Although you should note that this script cant be 100% secure, its not well tested, this is working without any database support, and last I'm new to this whole rainbow table thing.

If anyone need the other more stable querying script in PHP which currently only allows 1 submittion at once, and stores everything in a database and autorefreshes until its completed. The Visual Basic or C++ version, give me a note.

If anyone got any improvements or better script, please share.
Hope this will be useful for someone
View user's profile Send private message Visit poster's website MSN Messenger
Rainbow Table Query Script
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.048 Seconds