1) Вообщем скачал я скрипт для пёрла который брутит хэш md5 Code: ############################################################ # MD5BFCPF 'MD5 Brute Force Cracker in Perl with Forking' # # Written by Michael Stankiewicz # # Brainstorming-help by Roberto D. Maggi # # Ver 0.1.0 # # 2002 01 31 # # Software under GNU General Public License (GPL)(II Ver.) # ############################################################ # For bugs and suggestions please e-mail me at # # [email protected] # ############################################################ #### FUNCTIONS DEFINITION ################################## #Function called when SIGNAL ALARM ('SIG{ALRM}') occurs sub timed_out { $total_probed+=$co; $co = $co / $user_probes; print "Probed $total_probed passwords \@ $co\/sec. Now probing: $probe_string\n"; $co=0; if ($probes_found) { alarm ($user_probes); } } #This prints the help, when '-h --help' switch is choosen sub help { print "MD5BFCPF \'MD5 Brute Force Cracker in Perl with Forking\' (Version 0.1.0)\n"; print "Usage: perl md5bfcpf-0.1.0.pl [OPTIONS] [FILE]\n"; print "Options:\n"; print "-h, --help Display this text and exit.\n"; print "-v, --version Print version number and exit.\n"; print "-k, --keys [integer] Specify the number of chars on which probe.\n"; print "-p, --probes [integer] Prints the probes every [integer] seconds.\n"; print "-d, --dictionary [filename] Uses given [filename] for generating probes.\n"; print "-u, --user Specify one or more users\n"; print "---- [i.e. 'perl md5bfcpf-0.1.0.pl -u root -u mike -u bill [FILENAME]'\n"; print "-c, --charset Specify one or more charsets BETWEEN:\n"; print " all [default]\n"; print " alpha\n"; print " alpha_lowercase\n"; print " alpha_uppercase\n"; print " numeric\n"; print " symbols\n"; print "---- [i.e. 'perl md5bfcpf-0.1.0.pl -c alpha_lowercase -c numeric [FILENAME]'\n"; print "###\n"; print "Remember: cracking others computer is illegal!!!\n"; print "Disclaimer: The author does NOT take responsabilities for what you do with this software!!!\n"; print "###\n"; print "---Have fun!\n"; } #This occurs when no arguments is given sub usage { print "Usage: perl md5bfcpf [OPTIONS] [FILENAME]\n"; print "Try `perl md5bfcpf --help' for more information.\n"; } #This adds to the @charset array the lowercase characters sub alpha_lowercase { push (@charset, "a"); push (@charset, "b"); push (@charset, "c"); push (@charset, "d"); push (@charset, "e"); push (@charset, "f"); push (@charset, "g"); push (@charset, "h"); push (@charset, "i"); push (@charset, "j"); push (@charset, "k"); push (@charset, "l"); push (@charset, "m"); push (@charset, "n"); push (@charset, "o"); push (@charset, "p"); push (@charset, "q"); push (@charset, "r"); push (@charset, "s"); push (@charset, "t"); push (@charset, "u"); push (@charset, "v"); push (@charset, "w"); push (@charset, "x"); push (@charset, "y"); push (@charset, "z"); } #This adds to the @charset array the uppercase characters sub alpha_uppercase { push (@charset, "A"); push (@charset, "B"); push (@charset, "C"); push (@charset, "D"); push (@charset, "E"); push (@charset, "F"); push (@charset, "G"); push (@charset, "H"); push (@charset, "I"); push (@charset, "J"); push (@charset, "K"); push (@charset, "L"); push (@charset, "M"); push (@charset, "N"); push (@charset, "O"); push (@charset, "P"); push (@charset, "Q"); push (@charset, "R"); push (@charset, "S"); push (@charset, "T"); push (@charset, "U"); push (@charset, "V"); push (@charset, "W"); push (@charset, "X"); push (@charset, "Y"); push (@charset, "Z"); } #This adds to the @charset array the numeric characters sub numeric { push (@charset, "0"); push (@charset, "1"); push (@charset, "2"); push (@charset, "3"); push (@charset, "4"); push (@charset, "5"); push (@charset, "6"); push (@charset, "7"); push (@charset, "8"); push (@charset, "9"); } #This adds to the @charset array the other characters (to be completed) sub symbols { push (@charset, "!"); push (@charset, "\""); push (@charset, "Ј"); push (@charset, "\$"); push (@charset, "%"); push (@charset, "\&"); push (@charset, "/"); push (@charset, "\("); push (@charset, "\)"); push (@charset, "="); } #### END OF FUNCTION DEFINITION ############################ #### COMMAND LINE PARSER ################################### #Every 'for' block parses the command line arguments, given by the @ARGV array if ($ARGV[0] ne "") { #This prints out the help for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-h") || ($ARGV[$argv_counter] eq "--help")) { &help(); exit; } } #This prints out the version for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-v") || ($ARGV[$argv_counter] eq "--version")) { print "MD5BFCPF \'MD5 Brute Force Cracker in Perl with Forking\'\n"; print "Version 0.1.0\n"; exit; } } #This checks if '-k --keys' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-k") || ($ARGV[$argv_counter] eq "--keys")) { $keys_found=1; $keys=$ARGV[$argv_counter+1]; #And if it is a valid choice (to do: regexp to check valid input) if ($keys == 0) { print "!!!\n"; print "Warning: Please enter an integer greater than 0\n"; exit; } } } #This checks if '-p --probes' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-p") || ($ARGV[$argv_counter] eq "--probes")) { $probes_found=1; $user_probes = $ARGV[$argv_counter+1] } } #This checks if '-d --dictionary' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-d") || ($ARGV[$argv_counter] eq "--dictionary")) { $dictionary_found=1; $dictionary_file = $ARGV[$argv_counter+1] } } #Default for probe printing time if no custom is given: half an hour if (!$probes_found) { $user_probes = 1800; print "Working... status will be printed every 30 minutes\n"; } #This checks if '-c --charset' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-c") || ($ARGV[$argv_counter] eq "--charset")) { #This block checks which kind of charset was choosen #And adds the relative charset to '@charset' array with functions above if ($ARGV[$argv_counter+1] eq "all") { $all_found=1; } if ($ARGV[$argv_counter+1] eq "alpha") { $alpha_found=1; &alpha_lowercase(); &alpha_uppercase(); } if ($ARGV[$argv_counter+1] eq "alpha_lowercase") { $alpha_lowercase_found=1; &alpha_lowercase(); } if ($ARGV[$argv_counter+1] eq "alpha_uppercase") { $alpha_uppercase_found=1; &alpha_uppercase(); } if ($ARGV[$argv_counter+1] eq "numeric") { $numeric_found=1; &numeric(); } if ($ARGV[$argv_counter+1] eq "symbols") { $symbols_found=1; &symbols(); } } } #This checks if '-u --user' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-u") || ($ARGV[$argv_counter] eq "--users")) { $users_found=1; push(@users, $ARGV[$argv_counter+1]); } } } #This prints out the usage if no argument is given if ($ARGV[0] eq "") { &usage(); exit; } #### END OF COMMAND LINE PARSER ############################ #### BEGIN OF CODE ######################################### #Controls if no user-defined charser is given if ((!$all_found) && (!$alpha_found) && (!$alpha_uppercase_found) && (!$alpha_lowercase_found) && (!$numeric_found) && (!$symbols_found)) { &alpha_uppercase(); &alpha_lowercase(); &numeric(); &symbols(); } #Controls if user-defined 'all' charser is given if (($all_found) && (!$alpha_found) && (!$alpha_uppercase_found) && (!$alpha_lowercase_found) && (!$numeric_found) && (!$symbols_found)) { &alpha_uppercase(); &alpha_lowercase(); &numeric(); &symbols(); } #Counts the items in the charset array $charset_items=$#charset; #Open the file containing shadows, taking from last command line argument open(shadow_file, "<$ARGV[-1]") or die "Error in reading \'$ARGV[-1]\' check if file exists!!!\n"; while($shadow_file_string=<shadow_file>) { #Regexp that gets usernames,salts and shadows if ($shadow_file_string =~ /^(.*?):(\$1\$.*?)\$(.*?):/i) { push(@file_users,$1); push(@salts,$2); push(@shadows,$3); } } close(shadow_file); #If no custom users is given, copy @file_users in @users if (!$users_found) { foreach (@file_users) { push (@users,$_); } } #If custom users is given, populate @custom_salts and #@custom_shadows with corrispective in @salts and @shadows if ($users_found) { #This checks if all given users are found in the shadow file $user_counter=0; while ($users[$user_counter]) { $file_counter=0; $user_ok=0; while ($file_users[$file_counter]) { if ($users[$user_counter] eq $file_users[$file_counter]) { $user_ok=1; } $file_counter++; } $user_counter++; if ($user_ok == 0) { print "Error: custom users not found, check file '$ARGV[-1]'\n"; exit; } } #This eliminates users not selected from @users, @salts and @shadows arrays, for speed up #Only if user custom users are given (i.e.: -u root) $user_counter=0; while ($users[$user_counter]) { $file_counter=0; while ($file_users[$file_counter]) { $counter=0; if ($file_users[$file_counter] eq $users[$user_counter]) { if ($salts[$file_counter] ne "") { push (@custom_salts,$salts[$file_counter]); } if ($salts[$file_counter] eq "") { print "Error: user $file_users[$file_counter] has bad salt format in file \'$ARGV[-1]\'\n"; exit; } if ($shadows[$file_counter] ne "") { push (@custom_shadows,$shadows[$file_counter]); } if ($shadows[$file_counter] eq "") { print "Error: user $file_users[$file_counter] has bad shadow format in file \'$ARGV[-1]\'\n"; exit; } } $file_counter++; } $counter++; $user_counter++; } $counter=0; #Destroy the '@salts' array and replace with '@custom_salts' array #In that way the probes is done only on given users while ($salts[$counter]) { $salts[$counter]=0; $salts[$counter]=$custom_salts[$counter]; $counter++; } $counter=0; #Destroy the '@shadows' array and replace with '@custom_shadows' array while ($shadows[$counter]) { $shadows[$counter]=0; $shadows[$counter]=$custom_shadows[$counter]; $counter++; } } #Define the action to perform when alarm event occurs (calls the 'timed_out' function) #Thanks to 'Tom Christiansen' and Oreilly's book 'Advanced Perl Programming' for this workaround $SIG{ALRM} = \&timed_out; alarm ($user_probes); #Counter of probes $co=0; #Here starts the show if ((!$keys_found) and (!$dictionary_found)) { #Loops as many times as the number of elements in the '@charset' array while ($#charset_step_inc <= $#charset) { push (@charset_step_inc, 0); $a=0; while ($charset_step_inc[$a]) { $charset_step_inc[$a]=0; $a++; } THE_LOOP: while () { $t=0; $modified=0; foreach (@charset_step_inc) { if (($charset_step_inc[$t] < $charset_items) && (!$modified)) { $probe_string=""; for ($i=0;$i<=$#charset_step_inc;$i++) { $probe_string.=@charset[$charset_step_inc[$i]]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; #This deletes the user of which we own the password from the list of users in the '@users' array $users[$pwd_track]=""; $aybabtu=0; #This checks if there are still users to probe on foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $charset_step_inc[$t]++; if ($charset_step_inc[$t] => $charset_items) { $d=0; while ($d != $t) { $charset_step_inc[$d]=0; $d++; } } $modified=1; } $t++; } $end_value=0; #If no more characters to be probe are found, $end_value will be void and THE_LOOP will exit foreach (@charset_step_inc) { if ($_ != $charset_items) { $end_value++; } } last THE_LOOP if $end_value==0; } $probe_string=""; foreach (@charset_step_inc) { $probe_string.=$charset[-1]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } } } #This block occurs if '-k --keys' switch is given if (($keys_found) and (!$dictionary_found)) { for ($v=1;$v<=$keys;$v++) { push(@charset_step_inc, 0); } THE_LOOP: while () { $t=0; $modified=0; foreach (@charset_step_inc) { if (($charset_step_inc[$t] < $charset_items) && (!$modified)) { $probe_string=""; for ($i=0;$i<=$#charset_step_inc;$i++) { $probe_string.=$charset[$charset_step_inc[$i]]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $charset_step_inc[$t]++; if ($charset_step_inc[$t] => $charset_items) { $d=0; while ($d != $t) { $charset_step_inc[$d]=0; $d++; } } $modified=1; } $t++; } $end_value=0; foreach (@charset_step_inc) { if ($_ != $charset_items) { $end_value++; } } last THE_LOOP if $end_value==0; } $probe_string=""; foreach (@charset_step_inc) { $probe_string.=$charset[-1]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $total_probed+=$co; print "\n\nProbed: $total_probed passwords\n"; } #This block occurs if '-d --dictionary' switch is given if ($dictionary_found) { open(dic_file, "<$dictionary_file") or die "Error in reading \'$dictionary\' check if file exists!!!\n"; #The use of chomp() function is to avoid the 'carriage return' characther to be part of the probe while (chomp($probe_string = <dic_file>)) { $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } } $total_probed+=$co; print "\n\nProbed: $total_probed passwords\n"; close(dic_file); } #### END OF CODE ########################################### 2)Скачал ActivePerl 5.8. Теперь подскажите как запустить скрипт md5.pl чтобы сбрутить этот хэш 3aca5b830872cb0d55a55a9301877a7c Всем спасибо кто внятно ответит)
ты еще напиши, с какими параметрами запускать.. я прочитал описание функций и так и не понял, что этот скрипт делает и как. пс: можно и не так геморно запускать, а проще: cmd md5.pl, вчера уже писал об этом.
ну вот пример c:\>perl\bin\perl.exe c:\perl\md5.pl Пишет Usage: perl md5bfcpf [OPTIONS] [FILENAME TRY 'perl md5bfcpf -- help' for more information. Куда сам хэш пихать непойму... По этапно распишите я же попросил.
Ты знаешь.. я почти на 100% уверен, что: 1. создаем текстовик 2. записываем туда 1 или несколько md5-хэшей 3. запускаем прогу с параметром таким... если текстовик у нас называется c.txt, то X:\> md5.pl c.txt У меня лично работает. Можно также перед именем текстовика указать дополнительные параметры вроде хеширования только цифровых/буквенных/символьных значений и т.п.
Ну сделал так пишет Working... status. will be printed every 30 minutes Error in reading 'c.txt' check if file exitst !!! Может что то со скриптом... Можешь вылошить рабочий скрипт вот полный хэш который мне надо раскодировать bblastvisit=1185212884; bblastactivity=1185214003; bbuserid=10442; bbpassword=3aca5b830872cb0d55a55a9301877a7c; bbsessionhash=ac08bf5f65da018ae2ced5322da22253; bbthread_lastview=ax1x-ix58953ysx10x"1185215641"y_ bbpassword я так понял это сам пароль... vbulletin
по идее, да, но в новых vB такая фишка как "соль" есть, советую почитать в статьях о ней. А вообще нужно создать файлик и поместить его в одну директорию со скриптом; я записал туда только один хеш и все - скрипт заработал.
сохрани с разрешение .pl в cmd введи perl C:\md5.pl если у тя этот файла в коре диска С валаяется. и не мучайся
Leningrad, 1. нафига брутить хеш каким-то сранным перл-скриптом, когда для этого существуют нормальные тулзы?? 2. хеш этот скорее всего не сбрутится, почему - уже написали..
