/////////////////////////////////////////////////////////////////// R00TSECURITY.ORG - YOUR SECURITY COMMUNITY // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -// [2008-07-15] PhpBB3 Hash Bruteforce// http://r00tsecurity.org/db/code/134// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -// GENERATED ON: 2010-06-13 | 17:52:35/////////////////////////////////////////////////////////////////CODE INFOUSAGE:
php script.php 'hash' charsSOURCE CODE#!/usr/bin/php
<?php
echo "///////////////////////////////////////////////\r\n";
echo "// PHPBB3 Bruteforce //\r\n";
echo "// Original bruteforce script by Tux //\r\n";
echo "// Moded for Phpbb3 by Jeforce //\r\n";
echo "// http://www.jeforce.net //\r\n";
echo "////////////////////////////////////////////\r\n";
if ($argc<2 || $argv[1]=='--help') {
echo<<<END
USAGE: {$argv[0]} 'hash' chars
- hash : The hash to crack
- chars : Max length string to attempt to crack
HELP: {$argv[0]} --help
END;
}
//Fonction PHPBB3
function _hash_crypt_private($password, $setting, &$itoa64)
{
$output = '*';
// Check for correct hash
if (substr($setting, 0, 3) != '$H$') {return $output;}
$count_log2 = strpos($itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30)
{return $output;}
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8); {return $output;}
$hash = pack('H*', md5($salt . $password)); do
{
$hash = pack('H*', md5($hash . $password)); }
while (--$count);
$output = substr($setting, 0, 12); $output .= _hash_encode64($hash, 16, $itoa64);
return $output;
}
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
{
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
{$iteration_count_log2 = 8;}
$output = '$H$';
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ?
5 : 3), 30)]; $output .= _hash_encode64($input, 6, $itoa64);
return $output;
}
/**
* Encode hash
*/
function _hash_encode64($input, $count, &$itoa64)
{
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]); $output .= $itoa64[$value & 0x3f];
if ($i < $count)
{$value |= ord($input[$i]) << 8;} $output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
{break;}
if ($i < $count)
{$value |= ord($input[$i]) << 16;} $output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
{break;}
$output .= $itoa64[($value >> 18) & 0x3f];
}
while ($i < $count);
return $output;
}
function phpbb_check_hash($password, $hash)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
{
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
}
return (md5($password) === $hash) ?
true : false; }
//if(isset($argv[4])) $charset=$argv[4];
//else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$charset_beginning = $charset{0};
$charset_end = $charset{strlen($charset)-1};
//$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';
// $SIZE = (int) $_GET['chars'];
$HASH = $argv[1];
$SIZE = (int) $argv[2];
$curtotal=0;
$total=0;
for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);
echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";
echo " *** TOTAL KEYS: $total\r\n";
echo " *** CHARSET: $charset\r\n";
for($i=1; $i<=$SIZE; $i++) {
echo "\r\nAttempting to crack with $i characters.\r\n";
echo " *** Total combinations: $keyspace\r\n";
$key = '';
for ($y=0; $y<$i; $y++) $key .= $charset_beginning;
for ($x=0; $x<$keyspace+1; $x++) {
$curtotal++;
if (phpbb_check_hash($key, $HASH)) {
echo<<<END
Successfully key cracked after $time seconds. The cracker searched a total
of $curtotal keys out of a possible $total in $time seconds.
Found the clear text of '$HASH' is '$key'.\n
END;
}
if($x%$split == 0) {
echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";
}
for ($y=0; $y<$i; $y++) {
if ($key[$y] != $charset_end) {
$key[$y] = $charset{strpos($charset, $key[$y])+1};
if ($y > 0) for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;
break;
}
}
}
}
echo<<<END
*** SORRY NO MATCHS FOUND
Time running : $time. Keys searched : $total.\n
END;
?>// http://r00tsecurity.org/db/code/134