mff
25.03.2008, 10:54
Кто нибудь знает, как можно еще расшифровать hash MuSQL кроме как переберать в PaswordsPro? Какие можно использовать еще утилиты?
Вот сдесь http://www.securiteam.com/tools/5YP0H0A40O.html есть утилита под названием - MySQL Brute Force Password Hash Cracker, может кто то её откомпилировать
///////////////////////////////////////////////////////////////////////////////////////////////
//
// MySQL brute force password attack
//
// to compile : g++ -omysqlpassword mysqlpassword.c -O6 -lm
//
// Written by : term@rmci.net, current version http://term.rmci.net/mysqlpassword.cpp
//
#include <iostream>
#include <stdio.h>
#include <math.h>
#include <stdlib.h>
#include <string.h> // memset
#include <unistd.h> // usleep
using namespace std;
struct rand_struct {
unsigned long seed1,seed2,max_value;
double max_value_dbl;
};
void make_scrambled_password(char *,const char *);
char *scramble(char *,const char *,const char *, int);
int brute(const char *password) {
// Tune stuff here, change min / max for the char range to crack and width for max password width.
unsigned int min=32,max=122,pos=0,width=11,max_pos=0;
unsigned char data[255];
register unsigned long long loops=0;
char *encrypted_password = new char[255];
memset(encrypted_password, 0, 255);
memset((char*)&data, min, 255);
while(width) {
loops++;
if(data[pos] != max) {
data[pos]++;
} else {
for(register int i=pos; i<max; i++) {
if(data[i] != max) {
data[i]++;
pos=i;
break;
}
}
if(pos>max_pos)
max_pos=pos;
for(register int i=pos-1; i >= 0; i--) {
if(i==0 && data[i] == max) {
data[i] = min;
pos = 0;
break;
}
if(data[i] != max || i==0) {
pos = i;
break;
}
data[i] = min;
}
}
if(max_pos>width) {
cout<<"No match found"<<endl;
width=0;
return(0);
}
data[max_pos+1] = 0;
make_scrambled_password(encrypted_password,(const char*)data);
if(!strcmp(encrypted_password,password)) {
cout<<"MATCH ["<<data<<"] ["<<encrypted_password<<"]==["<<password<<"]"<<endl;
return(0);
}
data[max_pos+1] = min;
if((loops%500000)==0) {
cout<<"[ "<<dec<<loops<<" ]";
for(int i=0; i<=max_pos; i++) {
cout<<" 0x"<<hex<<(int)data[i];
}
data[max_pos+1] = 0;
cout<<" ("<<data<<")";
data[max_pos+1] = min;
cout<<endl;
}
}
}
int main(int argc, char* argv[]) {
if(argc!=2) {
fprintf(stderr,"usage : %s [ENCRYPTED MYSQL PASSWORD]\nexample , 5d2e19393cc5ef67 is encrypted value 'password' : %s 5d2e19393cc5ef67\n",argv[0],argv[0]);
return(0);
}
brute(argv[1]);
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////
//
// thx mysql source ^_^
//
void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) {
rand_st->max_value= 0x3FFFFFFFL;
rand_st->max_value_dbl=(double) rand_st->max_value;
rand_st->seed1=seed1%rand_st->max_value ;
rand_st->seed2=seed2%rand_st->max_value;
}
static void old_randominit(struct rand_struct *rand_st,ulong seed1) {
rand_st->max_value= 0x01FFFFFFL;
rand_st->max_value_dbl=(double) rand_st->max_value;
seed1%=rand_st->max_value;
rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
}
double rnd(struct rand_struct *rand_st) {
rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
return(((double) rand_st->seed1)/rand_st->max_value_dbl);
}
inline void hash_password(ulong *result, const char *password) {
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
ulong tmp;
for (; *password ; password++) {
if (*password == ' ' || *password == '\t')
continue;
tmp= (ulong) (unsigned char) *password;
nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
nr2+=(nr2 << 8) ^ nr;
add+=tmp;
}
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
result[1]=nr2 & (((ulong) 1L << 31) -1L);
return;
}
inline void make_scrambled_password(char *to,const char *password) {
ulong hash_res[2];
hash_password(hash_res,password);
sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
}
static inline uint char_val(char X) {
return (uint) (X >= '0' && X <= '9' ? X-'0' : X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
}
char *scramble(char *to,const char *message,const char *password, int old_ver) {
struct rand_struct rand_st;
ulong hash_pass[2],hash_message[2];
if(password && password[0]) {
char *to_start=to;
hash_password(hash_pass,password);
hash_password(hash_message,message);
if (old_ver)
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
else
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
while (*message++)
*to++= (char) (floor(rnd(&rand_st)*31)+64);
if (!old_ver) {
char extra=(char) (floor(rnd(&rand_st)*31));
while(to_start != to)
*(to_start++)^=extra;
}
}
*to=0;
return to;
}
Вот сдесь http://www.securiteam.com/tools/5YP0H0A40O.html есть утилита под названием - MySQL Brute Force Password Hash Cracker, может кто то её откомпилировать
///////////////////////////////////////////////////////////////////////////////////////////////
//
// MySQL brute force password attack
//
// to compile : g++ -omysqlpassword mysqlpassword.c -O6 -lm
//
// Written by : term@rmci.net, current version http://term.rmci.net/mysqlpassword.cpp
//
#include <iostream>
#include <stdio.h>
#include <math.h>
#include <stdlib.h>
#include <string.h> // memset
#include <unistd.h> // usleep
using namespace std;
struct rand_struct {
unsigned long seed1,seed2,max_value;
double max_value_dbl;
};
void make_scrambled_password(char *,const char *);
char *scramble(char *,const char *,const char *, int);
int brute(const char *password) {
// Tune stuff here, change min / max for the char range to crack and width for max password width.
unsigned int min=32,max=122,pos=0,width=11,max_pos=0;
unsigned char data[255];
register unsigned long long loops=0;
char *encrypted_password = new char[255];
memset(encrypted_password, 0, 255);
memset((char*)&data, min, 255);
while(width) {
loops++;
if(data[pos] != max) {
data[pos]++;
} else {
for(register int i=pos; i<max; i++) {
if(data[i] != max) {
data[i]++;
pos=i;
break;
}
}
if(pos>max_pos)
max_pos=pos;
for(register int i=pos-1; i >= 0; i--) {
if(i==0 && data[i] == max) {
data[i] = min;
pos = 0;
break;
}
if(data[i] != max || i==0) {
pos = i;
break;
}
data[i] = min;
}
}
if(max_pos>width) {
cout<<"No match found"<<endl;
width=0;
return(0);
}
data[max_pos+1] = 0;
make_scrambled_password(encrypted_password,(const char*)data);
if(!strcmp(encrypted_password,password)) {
cout<<"MATCH ["<<data<<"] ["<<encrypted_password<<"]==["<<password<<"]"<<endl;
return(0);
}
data[max_pos+1] = min;
if((loops%500000)==0) {
cout<<"[ "<<dec<<loops<<" ]";
for(int i=0; i<=max_pos; i++) {
cout<<" 0x"<<hex<<(int)data[i];
}
data[max_pos+1] = 0;
cout<<" ("<<data<<")";
data[max_pos+1] = min;
cout<<endl;
}
}
}
int main(int argc, char* argv[]) {
if(argc!=2) {
fprintf(stderr,"usage : %s [ENCRYPTED MYSQL PASSWORD]\nexample , 5d2e19393cc5ef67 is encrypted value 'password' : %s 5d2e19393cc5ef67\n",argv[0],argv[0]);
return(0);
}
brute(argv[1]);
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////
//
// thx mysql source ^_^
//
void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) {
rand_st->max_value= 0x3FFFFFFFL;
rand_st->max_value_dbl=(double) rand_st->max_value;
rand_st->seed1=seed1%rand_st->max_value ;
rand_st->seed2=seed2%rand_st->max_value;
}
static void old_randominit(struct rand_struct *rand_st,ulong seed1) {
rand_st->max_value= 0x01FFFFFFL;
rand_st->max_value_dbl=(double) rand_st->max_value;
seed1%=rand_st->max_value;
rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
}
double rnd(struct rand_struct *rand_st) {
rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
return(((double) rand_st->seed1)/rand_st->max_value_dbl);
}
inline void hash_password(ulong *result, const char *password) {
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
ulong tmp;
for (; *password ; password++) {
if (*password == ' ' || *password == '\t')
continue;
tmp= (ulong) (unsigned char) *password;
nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
nr2+=(nr2 << 8) ^ nr;
add+=tmp;
}
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
result[1]=nr2 & (((ulong) 1L << 31) -1L);
return;
}
inline void make_scrambled_password(char *to,const char *password) {
ulong hash_res[2];
hash_password(hash_res,password);
sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
}
static inline uint char_val(char X) {
return (uint) (X >= '0' && X <= '9' ? X-'0' : X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
}
char *scramble(char *to,const char *message,const char *password, int old_ver) {
struct rand_struct rand_st;
ulong hash_pass[2],hash_message[2];
if(password && password[0]) {
char *to_start=to;
hash_password(hash_pass,password);
hash_password(hash_message,message);
if (old_ver)
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
else
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
while (*message++)
*to++= (char) (floor(rnd(&rand_st)*31)+64);
if (!old_ver) {
char extra=(char) (floor(rnd(&rand_st)*31));
while(to_start != to)
*(to_start++)^=extra;
}
}
*to=0;
return to;
}