PHP MD5-SHA1 Cracker

1llusion · 04-05-2013, 01:30 PM

I've secured the script a bit:

PHP Code:
<?php
//Enter in the array locations of the wordlists
$files = array('tools/wordlist.txt');
?>

<html>
<head>

<div align="center" style="position: absolute; top: 37px; left: 7px; width: 187px; color: red; font-family: helvetica; font-size: 14px;">
Coded by Noize at<br>
HackCommunity.com<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
MD5 Hash Cracker
</div>

<link rel="stylesheet" type="text/css" href="http://noizethehacker.altervista.org/style.css" />
<title>MD5 Hash Cracker</title>
<script type="text/javascript">
window.onload = function() {
    document.getElementById('hash').focus();
}
</script>
</head>

<body bgcolor="black">
<div id="center_body">
<font color="#00ff00">

#########################################################<br>
<font face="sans-serif" size="4" color="white"><b>Noize's MD5 Hash Cracker</b></font><br>
#########################################################<br>

<form method='post' action='' style="position: relative; left: 6px;">
<br>
Hash:&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="hash" id="hash" placeholder="MD5 Hash" /><br>
Wordlist: <select name="wordlist">
            <?php
                //Writing out the options based on our array:

                foreach($files as $key => $file){
                    echo "<option value=$key>$file</option>";
                }
             ?>
          </select><br>
<input type="submit" value="&nbsp;&nbsp;&nbsp;&nbsp;Crack&nbsp;&nbsp;&nbsp;&nbsp;" style="position: relative; top: 3px; left: 95px; margin-bottom: -5px; color: #00ff00; background-color: black; font-family: arial; font-size: 13px; cursor: pointer;" /><br>
<input type="hidden" name="submit" />
</form>
#########################################################<br>

</font>

<br>

<?php

if (isset($_POST['submit'])) {
    //Checking if the wordlist is set. If yes, filter out everything except numbers
    $wordlist = empty($_POST['wordlist']) ? NULL : preg_replace("/[^0-9]+/", "", $_POST['wordlist']);

    //Check if the wordlist is empty (it could have been set with characters other than numbers - for example in hack attempt)
    //Also check if the ID is valid in our array
    if(empty($wordlist) && !is_numeric($wordlist) || $wordlist > count($files)){
        echo '<font color="red">Invalid wordlist.</font>';
        exit();
    }

    $hash = trim($_POST['hash']);

    //Opening the file defined in our array
    $wordlist = file($files[$wordlist]);
    $bFound = false;

    foreach( $wordlist as $line ) {
        $line = trim($line);
        if(md5($line)==$hash) {
            $bFound = true;            
            echo 'Hash cracked!<br>The root of the hash is ' . $line . '.';
            break;
        }
    }
    if(!$bFound){
        echo"Failed to crack the hash.";
    }
}

?>

</div>

<div align="center" style="position: relative; bottom: -432px; left: -8px; font-family: verdana; color: #666; font-size: 12px;">
&copy; Special thanks go to my friend 
    <a href="http://www.hackcommunity.com/User-zomgwtfbbq" style="
    font-size: 12px;
    font-family: verdana;
    color: blue;">
zomgwtfbbq</a> &#183 
All rights are shit
</div>

</body>
</html> 

Added:

Array of pre-defined wordlists named $files (add wordlist locations there)
SELECT tag where user chooses the wordlist (This tag is automatically generated from the $files array).
Secured passing of values. Now only integer values can be submitted as wordlist

Unfortunately, it looks like I broke the design a bit. I'm sorry for that!
The script right now is not vulnerable to XSS nor file location brute-force Smile

The Alchemist · 04-05-2013, 02:08 PM

Another addition to the security(Its not very important) :

Code:
echo 'Hash cracked!<br>The root of the hash is ' . htmlentities($line) . '.';

Using htmlentities() while outputting.

The Alchemist · 04-05-2013, 02:08 PM

Another addition to the security(Its not very important) :

Code:
echo 'Hash cracked!<br>The root of the hash is ' . htmlentities($line) . '.';

Using htmlentities() while outputting.

noize · 04-05-2013, 02:35 PM

(04-05-2013, 01:30 PM)1llusion Wrote: I've secured the script a bit:

PHP Code:
<?php //Enter in the array locations of the wordlists $files = array('tools/wordlist.txt'); ?> <html> <head> <div align="center" style="position: absolute; top: 37px; left: 7px; width: 187px; color: red; font-family: helvetica; font-size: 14px;"> Coded by Noize at<br> HackCommunity.com<br> <br> <br> <br> <br> <br> <br> <br> MD5 Hash Cracker </div> <link rel="stylesheet" type="text/css" href="http://noizethehacker.altervista.org/style.css" /> <title>MD5 Hash Cracker</title> <script type="text/javascript"> window.onload = function() { document.getElementById('hash').focus(); } </script> </head> <body bgcolor="black"> <div id="center_body"> <font color="#00ff00"> #########################################################<br> <font face="sans-serif" size="4" color="white"><b>Noize's MD5 Hash Cracker</b></font><br> #########################################################<br> <form method='post' action='' style="position: relative; left: 6px;"> <br> Hash:     <input type="text" name="hash" id="hash" placeholder="MD5 Hash" /><br> Wordlist: <select name="wordlist"> <?php //Writing out the options based on our array: foreach($files as $key => $file){ echo "<option value=$key>$file</option>"; } ?> </select><br> <input type="submit" value="    Crack    " style="position: relative; top: 3px; left: 95px; margin-bottom: -5px; color: #00ff00; background-color: black; font-family: arial; font-size: 13px; cursor: pointer;" /><br> <input type="hidden" name="submit" /> </form> #########################################################<br> </font> <br> <?php if (isset($_POST['submit'])) { //Checking if the wordlist is set. If yes, filter out everything except numbers $wordlist = empty($_POST['wordlist']) ? NULL : preg_replace("/[^0-9]+/", "", $_POST['wordlist']); //Check if the wordlist is empty (it could have been set with characters other than numbers - for example in hack attempt) //Also check if the ID is valid in our array if(empty($wordlist) && !is_numeric($wordlist) || $wordlist > count($files)){ echo '<font color="red">Invalid wordlist.</font>'; exit(); } $hash = trim($_POST['hash']); //Opening the file defined in our array $wordlist = file($files[$wordlist]); $bFound = false; foreach( $wordlist as $line ) { $line = trim($line); if(md5($line)==$hash) { $bFound = true; echo 'Hash cracked!<br>The root of the hash is ' . $line . '.'; break; } } if(!$bFound){ echo"Failed to crack the hash."; } } ?> </div> <div align="center" style="position: relative; bottom: -432px; left: -8px; font-family: verdana; color: #666; font-size: 12px;"> © Special thanks go to my friend <a href="http://www.hackcommunity.com/User-zomgwtfbbq" style=" font-size: 12px; font-family: verdana; color: blue;"> zomgwtfbbq</a> &#183 All rights are shit </div> </body> </html>

Added:
Array of pre-defined wordlists named $files (add wordlist locations there)

SELECT tag where user chooses the wordlist (This tag is automatically generated from the $files array).

Secured passing of values. Now only integer values can be submitted as wordlist

Unfortunately, it looks like I broke the design a bit. I'm sorry for that!
The script right now is not vulnerable to XSS nor file location brute-force

Thanks. I didn't care about adding htmlentities as it wasn't much important to me, but I should better add it. I'll implement your fixes tonight. Anyhow, I was letting the user input the wordlist location so that he may use also an external wordlist. I thought it would have been better.

(04-05-2013, 02:08 PM)The Alchemist Wrote: Another addition to the security(Its not very important) :

Code:
echo 'Hash cracked!<br>The root of the hash is ' . htmlentities($line) . '.';
Using htmlentities() while outputting.

I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

noize · 04-05-2013, 02:35 PM

(04-05-2013, 01:30 PM)1llusion Wrote: I've secured the script a bit:

PHP Code:
<?php //Enter in the array locations of the wordlists $files = array('tools/wordlist.txt'); ?> <html> <head> <div align="center" style="position: absolute; top: 37px; left: 7px; width: 187px; color: red; font-family: helvetica; font-size: 14px;"> Coded by Noize at<br> HackCommunity.com<br> <br> <br> <br> <br> <br> <br> <br> MD5 Hash Cracker </div> <link rel="stylesheet" type="text/css" href="http://noizethehacker.altervista.org/style.css" /> <title>MD5 Hash Cracker</title> <script type="text/javascript"> window.onload = function() { document.getElementById('hash').focus(); } </script> </head> <body bgcolor="black"> <div id="center_body"> <font color="#00ff00"> #########################################################<br> <font face="sans-serif" size="4" color="white"><b>Noize's MD5 Hash Cracker</b></font><br> #########################################################<br> <form method='post' action='' style="position: relative; left: 6px;"> <br> Hash:     <input type="text" name="hash" id="hash" placeholder="MD5 Hash" /><br> Wordlist: <select name="wordlist"> <?php //Writing out the options based on our array: foreach($files as $key => $file){ echo "<option value=$key>$file</option>"; } ?> </select><br> <input type="submit" value="    Crack    " style="position: relative; top: 3px; left: 95px; margin-bottom: -5px; color: #00ff00; background-color: black; font-family: arial; font-size: 13px; cursor: pointer;" /><br> <input type="hidden" name="submit" /> </form> #########################################################<br> </font> <br> <?php if (isset($_POST['submit'])) { //Checking if the wordlist is set. If yes, filter out everything except numbers $wordlist = empty($_POST['wordlist']) ? NULL : preg_replace("/[^0-9]+/", "", $_POST['wordlist']); //Check if the wordlist is empty (it could have been set with characters other than numbers - for example in hack attempt) //Also check if the ID is valid in our array if(empty($wordlist) && !is_numeric($wordlist) || $wordlist > count($files)){ echo '<font color="red">Invalid wordlist.</font>'; exit(); } $hash = trim($_POST['hash']); //Opening the file defined in our array $wordlist = file($files[$wordlist]); $bFound = false; foreach( $wordlist as $line ) { $line = trim($line); if(md5($line)==$hash) { $bFound = true; echo 'Hash cracked!<br>The root of the hash is ' . $line . '.'; break; } } if(!$bFound){ echo"Failed to crack the hash."; } } ?> </div> <div align="center" style="position: relative; bottom: -432px; left: -8px; font-family: verdana; color: #666; font-size: 12px;"> © Special thanks go to my friend <a href="http://www.hackcommunity.com/User-zomgwtfbbq" style=" font-size: 12px; font-family: verdana; color: blue;"> zomgwtfbbq</a> &#183 All rights are shit </div> </body> </html>

Added:
Array of pre-defined wordlists named $files (add wordlist locations there)

SELECT tag where user chooses the wordlist (This tag is automatically generated from the $files array).

Secured passing of values. Now only integer values can be submitted as wordlist

Unfortunately, it looks like I broke the design a bit. I'm sorry for that!
The script right now is not vulnerable to XSS nor file location brute-force

Thanks. I didn't care about adding htmlentities as it wasn't much important to me, but I should better add it. I'll implement your fixes tonight. Anyhow, I was letting the user input the wordlist location so that he may use also an external wordlist. I thought it would have been better.

(04-05-2013, 02:08 PM)The Alchemist Wrote: Another addition to the security(Its not very important) :

Code:
echo 'Hash cracked!<br>The root of the hash is ' . htmlentities($line) . '.';
Using htmlentities() while outputting.

I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

1llusion · 04-05-2013, 03:12 PM

[username]

(04-05-2013, 02:35 PM)noize Wrote: I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

Hmm this is a low risk XSS. If you have html tags in your own wordlist then it may be a problem. But you can't do much with it without manipulating the wordlist. If external list would be supplied, then it would be an issue.

If you want to let users use external wordlists, you need to edit your code a bit more and make extra validation of the wordlists. Also, the function you use to read the files is known not to work very good with files over 10mb so there is the possibility of DoS of your server.

Generally, letting users upload and/or use and external a file is very dangerous unless you specify very strict rules about the file Smile

1llusion · 04-05-2013, 03:12 PM

[username]

(04-05-2013, 02:35 PM)noize Wrote: I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

Hmm this is a low risk XSS. If you have html tags in your own wordlist then it may be a problem. But you can't do much with it without manipulating the wordlist. If external list would be supplied, then it would be an issue.

If you want to let users use external wordlists, you need to edit your code a bit more and make extra validation of the wordlists. Also, the function you use to read the files is known not to work very good with files over 10mb so there is the possibility of DoS of your server.

Generally, letting users upload and/or use and external a file is very dangerous unless you specify very strict rules about the file Smile

noize · 04-05-2013, 03:21 PM

(04-05-2013, 03:12 PM)1llusion Wrote: [username]
(04-05-2013, 02:35 PM)noize Wrote: I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

Hmm this is a low risk XSS. If you have html tags in your own wordlist then it may be a problem. But you can't do much with it without manipulating the wordlist. If external list would be supplied, then it would be an issue.

If you want to let users use external wordlists, you need to edit your code a bit more and make extra validation of the wordlists. Also, the function you use to read the files is known not to work very good with files over 10mb so there is the possibility of DoS of your server.

Generally, letting users upload and/or use and external a file is very dangerous unless you specify very strict rules about the file

Thanks, I thought to put this project apart, but actually, I think that later today I'll work more on it with the suggestions of everyone of you, guys.

noize · 04-05-2013, 03:21 PM

(04-05-2013, 03:12 PM)1llusion Wrote: [username]
(04-05-2013, 02:35 PM)noize Wrote: I know the possibility to use htmlentities to avoid XSS vulnerabilities, but why would I need this also in output?

Hmm this is a low risk XSS. If you have html tags in your own wordlist then it may be a problem. But you can't do much with it without manipulating the wordlist. If external list would be supplied, then it would be an issue.

If you want to let users use external wordlists, you need to edit your code a bit more and make extra validation of the wordlists. Also, the function you use to read the files is known not to work very good with files over 10mb so there is the possibility of DoS of your server.

Generally, letting users upload and/or use and external a file is very dangerous unless you specify very strict rules about the file

Thanks, I thought to put this project apart, but actually, I think that later today I'll work more on it with the suggestions of everyone of you, guys.

zomgwtfbbq · 04-05-2013, 03:26 PM

(04-05-2013, 01:30 PM)1llusion Wrote: Added:
Array of pre-defined wordlists named $files (add wordlist locations there)

SELECT tag where user chooses the wordlist (This tag is automatically generated from the $files array).

Secured passing of values. Now only integer values can be submitted as wordlist

Unfortunately, it looks like I broke the design a bit. I'm sorry for that!
The script right now is not vulnerable to XSS nor file location brute-force

Great to see members here helping each other that much. I like your approach, however I would do it a bit different:

- get the files from a folder eg /wordlists

PHP Code:
<?php
function GetFilesByDirectory($sDir){

    if(!$rHandle = @opendir($sDir)){
        return(false);
    }
    $aFileBuffer = array();
    while(false!==($sFile = @readdir($rHandle))){
        // buffer all files
        if($sFile!="." && $sFile!=".."){
            if(!is_dir($sDir."/".$sFile)){
                $aFileBuffer[] .= $sFile;
            }
        }
    }
    @closedir($rHandle);
    return $aFileBuffer;
}
?>

..then you can check if the file name is in the array.

- you don't have to use regular expressions to filter for integers

PHP Code:
<?php
$iVal = "11";
if(@is_int(intval($iVal))){
    echo"casted to int";
}
else{
    echo"not an int value";
}
?>

BTW I just noticed the thread's title is md5/sha1 cracker. I assume you know that md5 is different from sha1?

PHP MD5-SHA1 Cracker
Author Message