PHP MD5-SHA1 Cracker

zomgwtfbbq · 04-05-2013, 03:26 PM

(04-05-2013, 01:30 PM)1llusion Wrote: Added:
Array of pre-defined wordlists named $files (add wordlist locations there)

SELECT tag where user chooses the wordlist (This tag is automatically generated from the $files array).

Secured passing of values. Now only integer values can be submitted as wordlist

Unfortunately, it looks like I broke the design a bit. I'm sorry for that!
The script right now is not vulnerable to XSS nor file location brute-force

Great to see members here helping each other that much. I like your approach, however I would do it a bit different:

- get the files from a folder eg /wordlists

PHP Code:
<?php
function GetFilesByDirectory($sDir){

    if(!$rHandle = @opendir($sDir)){
        return(false);
    }
    $aFileBuffer = array();
    while(false!==($sFile = @readdir($rHandle))){
        // buffer all files
        if($sFile!="." && $sFile!=".."){
            if(!is_dir($sDir."/".$sFile)){
                $aFileBuffer[] .= $sFile;
            }
        }
    }
    @closedir($rHandle);
    return $aFileBuffer;
}
?>

..then you can check if the file name is in the array.

- you don't have to use regular expressions to filter for integers

PHP Code:
<?php
$iVal = "11";
if(@is_int(intval($iVal))){
    echo"casted to int";
}
else{
    echo"not an int value";
}
?>

BTW I just noticed the thread's title is md5/sha1 cracker. I assume you know that md5 is different from sha1?

1llusion · 04-05-2013, 04:10 PM

(04-05-2013, 03:26 PM)zomgwtfbbq Wrote: - you don't have to use regular expressions to filter for integers

PHP Code:
<?php $iVal = "11"; if(@is_int(intval($iVal))){ echo"casted to int"; } else{ echo"not an int value"; } ?>

Note added! Thanks for pointing this out Smile

I'll update my code later.

About the function, I tried to make as little changes as possible, your approach would be ofc better Smile

zomgwtfbbq · 04-05-2013, 05:12 PM

(04-05-2013, 04:10 PM)1llusion Wrote: About the function, I tried to make as little changes as possible

Lol I understand that. With my first edit of his code, I just wanted to make it working, didn't realize he was going to put it online. Biggrin

noize · 04-05-2013, 08:28 PM

(04-05-2013, 05:12 PM)zomgwtfbbq Wrote:
(04-05-2013, 04:10 PM)1llusion Wrote: About the function, I tried to make as little changes as possible
Lol I understand that. With my first edit of his code, I just wanted to make it working, didn't realize he was going to put it online.

Well, I mainly put it online so that people passing by may also view the result. Wink

And also, shouldn't I know that MD5 is different from SHA1?

zomgwtfbbq · 04-06-2013, 08:16 AM

(04-05-2013, 08:28 PM)noize Wrote: And also, shouldn't I know that MD5 is different from SHA1?

Ohw never mind, I see you put it separate. You can make it a lot easier for yourself if you put it in one file. Just a add a select field in the form where you can switch between sha1 and md5. Then you can handle it easy like:

PHP Code:
<?php
$sFunction = ($_POST['sEnc']=="md5" ? "md5" : "sha1");

// look up the line
if(md5($line)==$hash){}
// change into
if($sFunction($line)==$hash){}
?>

noize · 04-06-2013, 08:47 AM

(04-06-2013, 08:16 AM)zomgwtfbbq Wrote:
(04-05-2013, 08:28 PM)noize Wrote: And also, shouldn't I know that MD5 is different from SHA1?
Ohw never mind, I see you put it separate. You can make it a lot easier for yourself if you put it in one file. Just a add a select field in the form where you can switch between sha1 and md5. Then you can handle it easy like:

PHP Code:
<?php $sFunction = ($_POST['sEnc']=="md5" ? "md5" : "sha1"); // look up the line if(md5($line)==$hash){} // change into if($sFunction($line)==$hash){} ?>

Yeah, I had thought to do it like that, which would be easier as by editing code I'd edit it in one file only, and not two.
But actually, I think I like the design better this way.
Thanks, anyhow Wink

PHP MD5-SHA1 Cracker
Author Message