[ Log In | Register ]       
Resource Database Index -> Source Code -> PhpBB3 Hash Bruteforce
Description // Info



Source Code

  1. #!/usr/bin/php
  2. <?php
  4.  
  5. echo "///////////////////////////////////////////////\r\n";
  6. echo "//         PHPBB3 Bruteforce             //\r\n";
  7. echo "//  Original bruteforce script by Tux      //\r\n";
  8. echo "//     Moded for Phpbb3 by Jeforce     //\r\n";
  9. echo "//     http://www.jeforce.net            //\r\n";
  10. echo "////////////////////////////////////////////\r\n";
  11.  
  12. if ($argc<2 || $argv[1]=='--help') {
  13.     echo<<<END
  14. USAGE: {$argv[0]} 'hash' chars
  15.     - hash        : The hash to crack
  16.     - chars        : Max length string to attempt to crack
  17.  
  18. HELP: {$argv[0]} --help
  19.  
  20.  
  21. END;
  22.     exit;
  23. }
  24. //Fonction PHPBB3
  25.  
  26. function _hash_crypt_private($password, $setting, &$itoa64)
  27. {
  28. $output = '*';
  29. // Check for correct hash
  30. if (substr($setting, 0, 3) != '$H$')
  31. {return $output;}
  32.  
  33. $count_log2 = strpos($itoa64, $setting[3]);
  34. if ($count_log2 < 7 || $count_log2 > 30)
  35. {return $output;}
  36. $count = 1 << $count_log2;
  37. $salt = substr($setting, 4, 8);
  38. if (strlen($salt) != 8)
  39. {return $output;}
  40.  
  41. $hash = pack('H*', md5($salt . $password));
  42. do
  43. {
  44. $hash = pack('H*', md5($hash . $password));
  45. }
  46. while (--$count);
  47. $output = substr($setting, 0, 12);
  48. $output .= _hash_encode64($hash, 16, $itoa64);
  49. return $output;
  50. }
  51. function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
  52. {
  53. if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
  54. {$iteration_count_log2 = 8;}
  55. $output = '$H$';
  56. $output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
  57. $output .= _hash_encode64($input, 6, $itoa64);
  58. return $output;
  59. }
  60.  
  61. /**
  62. * Encode hash
  63. */
  64. function _hash_encode64($input, $count, &$itoa64)
  65. {
  66. $output = '';
  67. $i = 0;
  68. do
  69. {
  70. $value = ord($input[$i++]);
  71. $output .= $itoa64[$value & 0x3f];
  72. if ($i < $count)
  73. {$value |= ord($input[$i]) << 8;}
  74. $output .= $itoa64[($value >> 6) & 0x3f];
  75. if ($i++ >= $count)
  76. {break;}
  77. if ($i < $count)
  78. {$value |= ord($input[$i]) << 16;}
  79. $output .= $itoa64[($value >> 12) & 0x3f];
  80. if ($i++ >= $count)
  81. {break;}
  82. $output .= $itoa64[($value >> 18) & 0x3f];
  83. }
  84. while ($i < $count);
  85. return $output;
  86. }
  87. function phpbb_check_hash($password, $hash)
  88. {
  89. $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  90. if (strlen($hash) == 34)
  91. {
  92. return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
  93. }
  94. return (md5($password) === $hash) ? true : false;
  95. }
  96.  
  97. //if(isset($argv[4])) $charset=$argv[4];
  98. //else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  99.  
  100. $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  101. $charset_beginning = $charset{0};
  102. $charset_end = $charset{strlen($charset)-1};
  103.  
  104. //$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';
  105. // $SIZE = (int) $_GET['chars'];
  106. $HASH = $argv[1];
  107. $SIZE = (int) $argv[2];
  108.  
  109. $start = time()-1;
  110. $curtotal=0;
  111. $total=0;
  112. for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);
  113. $split=ceil(($total/strlen($charset))/5);
  114.  
  115.  
  116. echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";
  117. echo " *** TOTAL KEYS: $total\r\n";
  118. echo " *** CHARSET: $charset\r\n";
  119.  
  120. for($i=1; $i<=$SIZE; $i++) {
  121.     $keyspace = pow(strlen($charset), $i);
  122.     echo "\r\nAttempting to crack with $i characters.\r\n";
  123.     echo " *** Total combinations: $keyspace\r\n";
  124.  
  125.     $key = '';
  126.     for ($y=0; $y<$i; $y++) $key .= $charset_beginning;
  127.  
  128.     for ($x=0; $x<$keyspace+1; $x++) {
  129.         $curtotal++;
  130.  
  131.         if (phpbb_check_hash($key, $HASH)) {
  132.             $time=(time()-$start);
  133.             echo<<<END
  134.  
  135. Successfully key cracked after $time seconds. The cracker searched a total
  136. of $curtotal keys out of a possible $total in $time seconds.
  137.  
  138. Found the clear text of '$HASH' is '$key'.\n
  139. END;
  140.             exit;
  141.         }
  142.  
  143.         if($x%$split == 0) {
  144.             $rate=ceil($curtotal/(time()-$start));
  145.             echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";
  146.         }
  147.  
  148.         for ($y=0; $y<$i; $y++) {
  149.             if ($key[$y] != $charset_end) {
  150.                 $key[$y] = $charset{strpos($charset, $key[$y])+1};
  151.              
  152.                 if ($y > 0)  for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;
  153.                 break;
  154.             }
  155.         }
  156.     }
  157. }
  158. $time=time()-$start;
  159. echo<<<END
  160. *** SORRY NO MATCHS FOUND
  161.     Time running : $time. Keys searched : $total.\n
  162. END;
  163. ?>

Comments

You must be logged in to post comments.

 Network Access...
USER ID
PASSWORD

 Code Information
Language:
PHP

Version:
1


Submitted:
2008-07-15 - 09:46:24


Author:
Jeforce
E-Mail
Website

Greetz:
Tux

[ Download | Report Issue ]

 Code Search
Search by Language
+ Assembly
+ ASP
+ ASP.NET
+ C#
+ C/C++
+ Cobol
+ Delphi
+ Java
+ Javascript
+ Pascal
+ Perl
+ PHP
+ Python
+ VB6
+ VB.NET

Advanced Search




 
 
By continuing past this page, and by your continued use of this site, you agree to be bound by and abide by the User Agreement.

© 2008 r00tsecurity network. All rights reserved.
[ About Us | Contact Us | Support Us | Legal | Advertise | User Agreement | Privacy Policy ]