[RogueCoder]

I found myself in the need of extracting usernames and md5 hashed passwords from a database, so I decided to just write a very quick tool but in a way that makes it flexible. It also uses hashchecker.de as lookup service for MD5 hashes. I found it very useful so I didn't want to be greedy, so I decided to share it with you guys

The usage is simple.

1. Write the regex pattern using the regex group method. It takes 2 groups right now "user" and "hash"
2. Paste the content into the textarea
3. Run

Update: Added functionality to download the extracted data in either user:hash and hash only format to use with hashcat, cryptohaze, etc. The data is now also stored in a session, so I also added a "new session" link that will clear and destroy the current one.

PHP Code:

<?php
  session_start();
  if (isset($_GET['action']) && ($_GET['action'] == 'newsession') && (isset($_SESSION))) {
    unset($_SESSION);
    session_destroy();
    session_start();
  }
  if (!empty($_POST)) {
    extract($_POST);
    $_SESSION['format'] = $format;
    $_SESSION['content'] = $content;
    preg_match_all($format, $content, $matches);
    $_SESSION['matches'] = $matches;
  } else if (isset($_SESSION['matches'])) {
    preg_match_all($_SESSION['format'], $_SESSION['content'], $matches);
  }

  if (isset($_GET['action']) && $_GET['action'] == 'hashfile' && !empty($_SESSION['matches'])) {
    $format = (isset($_GET['format'])) ? $_GET['format'] : 'hashonly';
    $ceil = sizeof($_SESSION['matches'][0]);
    $content = '';
    switch ($format) {
      case 'userhash':
        for ($i = 0; $i < $ceil; $i++) {
          $user = $_SESSION['matches']['user'][$i];
          $hash = $_SESSION['matches']['hash'][$i];
          $content .= "{$user}:{$hash}\n";
        }
        break;

      case 'hashonly':
      default:
        for ($i = 0; $i < $ceil; $i++) {
          $hash = $_SESSION['matches']['hash'][$i];
          $content .= "{$hash}\n";
        }
    }
    file_put_contents('hashes.txt', $content);
    header('Content-type: application/txt');
    header('Content-Disposition: attachment; filename="hashes.txt"');
    readfile('hashes.txt');
    unlink('hashes.txt');
    die();
  }

?>
<!DOCTYPE html>
<html>
  <head>
    <title>Credentials extraction tool</title>
    <link href='//fonts.googleapis.com/css?family=Share+Tech+Mono' rel='stylesheet' type='text/css'>
    <style>
      body {background-color:#000;color:#00ff00;font-family:'Share Tech Mono';}
      a,a:link,a:active,a:visited,a:hover {color:#00ff00;text-decoration:none;}
      input[type=text] {background-color:#000;color:#00FF00;font-family:'Share Tech Mono';padding:4px;border:1px solid #222;}
      input[type=submit] {background-color:#000;color:#00FF00;font-family:'Share Tech Mono';padding:4px;border:1px solid #222;width:64px;margin-left:4px;}
      textarea {background-color:#000;color:#00FF00;font-family:'Share Tech Mono';padding:4px;border:1px solid #222;}
    </style>
  </head>
  <body>
    <table border="0" width="100%">
      <tr>
        <td width="820" valign="top">
          <form method="post">
          Format: <input type="text" name="format" value="<?php echo (isset($_SESSION['format'])) ? $_SESSION['format'] : ''; ?>" style="width:660px"><input type="submit" value="Run"><br />
          <textarea name="content" style="width:800px;height:800px"><?php echo (isset($_SESSION['content'])) ? $_SESSION['content'] : ''; ?></textarea>
          </form>
        </td>
        <td valign="top">
          <?php if (empty($matches[0])): ?>
          No matches found. Please check the parser format
          <?php else: ?>
          <?php $ceil = sizeof($matches[0]); ?>
          Total <?php echo $ceil; ?> matches found.
          <span style="float:right;">[
            <a href="?action=newsession">New session</a> | 
            Download: [
            <a href="?action=hashfile&format=userhash">user:hash</a> |
            <a href="?action=hashfile&format=hashonly">hash only</a>
            ] ]
          </span>
          <hr>
          <table width="100%">
            <?php
              for ($i = 0; $i < $ceil; $i++):
                $user = $matches['user'][$i];
                $hash = $matches['hash'][$i];
            ?>
            <tr style="background-color:<?php echo ($i % 2) ? '#222' : '#000'; ?>">
              <td><?php echo "{$user}:{$hash}"; ?></td>
              <td align="center"><?php echo "[ <a href=\"http://hashchecker.de/{$hash}\" target=\"_blank\">Check Hash</a> ]\n"; ?></td>
            </tr>
            <?php endfor; ?>
          </table>
          <?php endif; ?>
        </td>
      </tr>
    </table>
  </body>
</html> 


Any ideas for enhancement is much appreciated

[zomgwtfbbq]

Always +1 for sharing original self baked code. Not much to mention, however I'm not a fan of breaking out of php modus a lot just to spit out some html, but I guess that's just a personal preference.

[RogueCoder]

Thanks for the reply Yeah I've personally never been a fan of echoing html. Find it easier to both read and write, not having to think about the quote escaping, when it's separated like that

[RogueCoder]

Thanks for the reply Yeah I've personally never been a fan of echoing html. Find it easier to both read and write, not having to think about the quote escaping, when it's separated like that