PHP/Server Based Hash Cracker

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

PHP/Server Based Hash Cracker

Post by abyssalrx_ on Sun Jun 11, 2017 10:42 pm
([msg=93760]see PHP/Server Based Hash Cracker[/msg])

This script is more of a, "I wonder if I can" type deal. Realistically, I can't say that it's more effective then say... a .py or such. Regardless. It works quite well!

Index.html
Code: Select all
<html>
   <head>
      <title>Input your Hash</title>
   </head>
   <body>
      <form action="hashCrackerManual.php" method="post">
         <b>Your Hash</b>:<input type="text" name="usersHash"><br/>
         <input type="submit">
      </form>
   </body>
</html>


hashCrackerManual.php
Code: Select all
<?php
###########################################################################
# PHP hashCracker [Version 1.0 - MANUAL]                                  #
# Author: AbyssalRX_                                                      #
# Purpose:                                                                #
#     To explore the efficiency and methods of creating a web based       #
#     password cracker.                                                   #
# Comments:                                                               #
#     Feel free to modify and use this code as you see fit for any        #
#     legal, security related security auditing/penetration testing.      #
#     by using this, you agree that I am not liable for any illegal       #
#     uses.  Stay Safe, Stay Legal.                                       #
###########################################################################

$finalProduct = $_POST['usersHash']; # Hash to crack goes here
?>
<html>
   <head>
      <title>Hash Cracker</title>
      <style type="text/css">
         html {
            background-color: #000000;
            color: #ffffff;
         }
         #hashBox {
            background-color: #ffffff;
            color: #000000;
            border: 2px solid #aa0000;
         }
      </style>
   </head>
   <body>
      <?php

      $linesInFile = array(); # Store Passwords to be Hashed for Comparison
      $i = 0; # Counter
      $file = fopen('dictionary.txt', 'r');
      while (!feof($file)) {
         $eachLine = fgets($file); $eachLine = trim($eachLine); $linesInFile[] = $eachLine;
      }
      fclose($file);
      $linesLength = count($linesInFile);

      while ($i < $linesLength) {
         md5($linesInFile[$i]);
         if (md5($linesInFile[$i]) == $finalProduct) {
            echo("
               <center>
               <div id='hashBox'>
               <b>Password is</b>: <i>" . $linesInFile[$i] . "</i>
               <br/><br/>
               <b>Hash to Crack</b>: <i>" . $finalProduct . "</i> == <i>" . $linesInFile[$i] . "[" . md5($linesInFile[$i]) . "]</i>
               <br/>

               </div>
               </center>
               ");
            die();
         }
         else {
            $i = $i + 1;
         }
      }

      echo("
         <center>
         <div id='hashBox'><b>
         Hash Not Found
         </b>
         </div>
         </center>
         ");

      ?>
   </body>
</html>


This code also relies on an external file called, dictionary.txt, which will be your wordlist for hashing. It's pretty self explanatory: just throw in all the different words you'd like to check for when you submit your hash and it'll hash them one by one until it finds one that matches.

I have also made another version which utilizes a toCrack.txt file to store multiple hashes, a dictionary.txt file to store your wordlist, and a cracked.txt file that it'll throw a timestamp into and store all cracked hashes. If there is any interest in it, I'll throw it up as well.

A few things I'd like to accomplish with it at a later date:
    *Save cracked hashes to a sql database
    *Read from the sql database before attempting hashing (not even sure if this would be faster or not...)

Criticism is more then welcome, any ways you can see improvement, let me know and I'll work it out. Just avoid the 'why do this' and 'this makes no sense', because trust me — I already know. It was more of a hobby project then anything.
abyssalrx_
New User
New User
 
Posts: 1
Joined: Sun Jun 11, 2017 10:30 pm
Blog: View Blog (0)


Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests