Senin, 17 Mei 2010

[php] phpbb3 brute hash passwd

00.28 dansle No comments
hy all apa kbr.. ktmu lg sm gue.. hehehe (lebay2 dah gue )

oke kali ini gue akan cb sharing teknik brute force passwd phpbb version 3.x with php script...

sebelumnya untk menjalankan php script ini qm hrus download dlu php binaries trus di instal di PC qm , karena script php ini di jalanin dr command prompt.....
!!!!! kek gni contohnya



Code:
...
Usage: php phpbb3.php hash char
Example: php phpbb3.php '$H$9th2E96doaV4kIqYd8tH4kNdSdaXR4.' 4
...
script ini jalaninya dr command prompt.... dgn perintah kek diatas..

oh y ini script php nya
Code:
#!/usr/bin/php
set_time_limit(0);

echo "///////////////////////////////////////////////\r\n";
echo "// PHPBB3 Bruteforce //\r\n";
echo "// Original bruteforce script by Tux //\r\n";
echo "// Moded for Phpbb3 by Jeforce //\r\n";
echo "// http://www.jeforce.net //\r\n";
echo "////////////////////////////////////////////\r\n";

if ($argc<2 || $argv[1]=='--help') {
echo<<
USAGE: {$argv[0]} 'hash' chars
- hash : The hash to crack
- chars : Max length string to attempt to crack

HELP: {$argv[0]} --help


END;
exit;
}
//Fonction PHPBB3

function _hash_crypt_private($password, $setting, &$itoa64)
{
$output = '*';
// Check for correct hash
if (substr($setting, 0, 3) != '$H$')
{return $output;}

$count_log2 = strpos($itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
{return $output;}
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
{return $output;}

$hash = pack('H*', md5($salt . $password));
do
{
$hash = pack('H*', md5($hash . $password));
}
while (--$count);
$output = substr($setting, 0, 12);
$output .= _hash_encode64($hash, 16, $itoa64);
return $output;
}
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
{
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
{$iteration_count_log2 = 8;}
$output = '$H$';
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
$output .= _hash_encode64($input, 6, $itoa64);
return $output;
}

/**
* Encode hash
*/
function _hash_encode64($input, $count, &$itoa64)
{
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count)
{$value |= ord($input[$i]) << 8;}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
{break;}
if ($i < $count)
{$value |= ord($input[$i]) << 16;}
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
{break;}
$output .= $itoa64[($value >> 18) & 0x3f];
}
while ($i < $count);
return $output;
}
function phpbb_check_hash($password, $hash)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn opqrstuvwxyz';
if (strlen($hash) == 34)
{
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
}
return (md5($password) === $hash) ? true : false;
}

//if(isset($argv[4])) $charset=$argv[4];
//else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ0123456789';

$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ0123456789';
$charset_beginning = $charset{0};
$charset_end = $charset{strlen($charset)-1};

//$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';
// $SIZE = (int) $_GET['chars'];
$HASH = $argv[1];
$SIZE = (int) $argv[2];

$start = time()-1;
$curtotal=0;
$total=0;
for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);
$split=ceil(($total/strlen($charset))/5);


echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";
echo " *** TOTAL KEYS: $total\r\n";
echo " *** CHARSET: $charset\r\n";

for($i=1; $i<=$SIZE; $i++) {
$keyspace = pow(strlen($charset), $i);
echo "\r\nAttempting to crack with $i characters.\r\n";
echo " *** Total combinations: $keyspace\r\n";

$key = '';
for ($y=0; $y<$i; $y++) $key .= $charset_beginning;

for ($x=0; $x<$keyspace+1; $x++) {
$curtotal++;

if (phpbb_check_hash($key, $HASH)) {
$time=(time()-$start);
echo<<

Successfully key cracked after $time seconds. The cracker searched a total
of $curtotal keys out of a possible $total in $time seconds.

Found the clear text of '$HASH' is '$key'.\n
END;
exit;
}

if($x%$split == 0) {
$rate=ceil($curtotal/(time()-$start));
echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";
}

for ($y=0; $y<$i; $y++) {
if ($key[$y] != $charset_end) {
$key[$y] = $charset{strpos($charset, $key[$y])+1};

if ($y > 0) for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;
break;
}
}
}
}
$time=time()-$start;
echo<<
*** SORRY NO MATCHS FOUND
Time running : $time. Keys searched : $total.\n
END;
?>
save script ini dgn hash.php ato terserah qm yg pnting di save dengan extension .php

buat tmn2 yg udh tahu mhn di beri penjelsan jika ad yang salah trima kasih.

link download php binary
Code:
http://www.php.net/downloads.php#v5
http://windows.php.net/download/
by : bumble_be (IHT)
Posted in:

0 comments:

Posting Komentar

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Hot Sonakshi Sinha, Car Price in India