simple brute force password cracker 05-27-2022, 08:29 AM
#1
I wrote it for another post on the forum, i just don't remember where. but here it is in full. run it from the command line. this is for bcrypt passwords (the default password encryption for php's password_hash() and crypt() functions)
encrypted.txt
words.txt is the wordlist, a word on each line of the file. (https://github.com/dwyl/english-words)
Code:
<?php
#!/usr/bin/php
//sunjester
$wordlist = "words.txt";
$enc = "encrypted.txt";
if(startup($wordlist,$enc))
{
$fh = fopen($wordlist, "r");
$enc_pws = loadEncryptedPws($enc);
foreach($enc_pws as $epw)
{
echo "checking password: $epw";
//start checking with the dictionary
if($fh)
{
ob_start();
while(($line = fgets($fh)) !== false)
{
echo ".";
ob_flush();
$pw = password_hash($line, PASSWORD_DEFAULT);
if(password_verify($line, $epw))
{
printf("Found password: %s ", $line);
printf("(%s)\n", $epw);
}
}
fclose($fh);
}
}
} else {
die("startup failed");
}
function loadEncryptedPws($e)
{
$fh = fopen($e, "r");
$pws = [];
while(($line = fgets($fh)) !== false)
{
array_push($pws, $line);
}
fclose($fh);
return $pws;
}
function startup($w,$e)
{
if(php_sapi_name() != "cli")
{
return false;
}
if(!file_exists($w) || !file_exists($e))
{
return false;
}
return true;
}
?>encrypted.txt
Code:
$2y$10$pwidTVL1LS2S591TGc8FHeWcKrgNQgZA0Qhn8lp4TtFZal/K1aCXG
$2y$10$LugWXUyLx8Rx5TAuZq70LeyFIB9/ViN0mrZNakUKzI0T73qRSAdUiwords.txt is the wordlist, a word on each line of the file. (https://github.com/dwyl/english-words)
(This post was last modified: 06-02-2022, 09:29 PM by sunjester.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)