[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] MD5 "decrypter" PHP Script
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] MD5 "decrypter" PHP Script
- From: Bob Smith <bobbyhadababyitsaboy@xxxxxxxxxxxxxx>
- Date: Sun, 28 Nov 2010 16:18:11 +0000
I use the word "decrypter" loosely, but it is what the site's
advertising it to be.
So I wrote a PHP script that takes hashes from a database
(columns are as such: id, hash, unhashed)
and checks them against md5-decrypter.com and md5decryption.com
these sites have no captcha protection (and over 4.7mil stored hashes)
<?php
set_time_limit(0);
$db_host = "localhost"; //if your port is different then default, add
a colon : and the port number (ex localhost:1337)
$db_user = "user";
$db_password = "pass";
$db_name = "db";
$db_table ="table";
$table_id_field = "id"; //change this if the unique ID field is called
something else. (ie Id, ID)
$table_hash = "hash"; //change this if the hash field is called something else
$table_plaintext = "dehashed"; //change this for where the plain text
version of the password will be updated to
//dont change anything below here unless you know what you are doing
mysql_connect($db_host, $db_user, $db_password);
mysql_select_db($db_name) or die(mysql_error());
$query = "SELECT * FROM " . $db_table . " limit 1";
$result = mysql_query($query) or die(mysql_error());
function get_string_between($string, $start, $end){
$string = " ".$string;
$ini = strpos($string,$start);
if ($ini == 0) return "";
$ini += strlen($start);
$len = strpos($string,$end,$ini) - $ini;
return mysql_real_escape_string(substr($string,$ini,$len));
}
function give_back($url, $post, $text){
$posted_vars = $post . "=" . $text;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $posted_vars);
curl_exec($ch);
curl_close($ch);
unset($ch);
}
function do_except($num, $plaintext){
if($num !=1){
give_back("http://md5-encryption.com/";, "data[Row][clear]",
$plaintext);
}
if($num !=2){
give_back("http://md5encryption.com/";,
"submit=Encrypt%20It!&word",
$plaintext);
}
}
function fetch_md5($url, $post, $start, $end, $trim, $hash){
$posted_vars = $post . "=" . $hash;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $posted_vars);
$fetched_page = curl_exec($ch);
curl_close($ch);
unset($ch);
$password = get_string_between($fetched_page, $start, $end);
if(isset($trim) && !empty($trim)){
$password = substr($password, $trim);
}
return $password;
}
function update_plaintext($table_name, $id_field, $row_id, $plaintext,
$dehashed){ //table name, table id field, row id value, the table
plaintext field, the dehashed password
$sql = "update $table_name set $plaintext = '$dehashed' where
$id_field = '$row_id'";
mysql_query($sql);
}
while($row = mysql_fetch_array($result)){
$password1 = fetch_md5("http://md5-decrypter.com/";,
"data[Row][cripted]", "Decrypted text:</b>", "</b>", "21",
$row[$table_hash]);
if(!empty($password1)){
update_plaintext($db_table, $table_id_field,
$row[$table_id_field],
$table_plaintext, $password1);
if($giveback == "1"){
do_except("1", $password1);
}
continue;
}
$password2 = fetch_md5("http://md5decryption.com/";,
"submit=Decrypt%20It!&hash", "Decrypted Text: </b>", "</font><br/>",
"", $row[$table_hash]);
if(!empty($password2)){
update_plaintext($db_table, $table_id_field,
$row[$table_id_field],
$table_plaintext, $password2);
if($giveback == "1"){
do_except("2", $password2);
}
continue;
}
}
?>
http://pastebin.com/idGqmqAg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/