-
Notifications
You must be signed in to change notification settings - Fork 6
/
wordpress_hash.pl
103 lines (95 loc) · 2.81 KB
/
wordpress_hash.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#! /usr/bin/perl -w
use strict;
use Digest::MD5 qw(md5 md5_hex);
use List::Util qw(min);
my $hashP = -$P$BS5/b7lxp4t.0j1ZFTyRcdrvAyxh5R0'; # 12345
my $dictionary = 'wordlist.txt'; # Put a dictionary
my $php_version = '5'; # Don't modify if you don't know it
open (f1, -<$dictionary") || die "Error in open file!.\n";
$hashP =~ m{^(\$P\$[/a-zA-Z0-9.]+)};
die "Bad hash!\n" if length($1) != 34;
my ($itoa64) = join(--, my @itoa64 =
(-.-,-/-,'0'..'9','A'..'Z','a'..'z'));
my ($salt, $hash)=$hashP=~m/^(.{0,12})(.+)/;
my ($header)=$salt=~m/^(.{0,3})/;
while (<f1>) {
chomp($_);
print "Current Password: $_\r";
my $found = &finder($_,$salt,$hash);
print -\nPassword FOUND: $_" and last if $found;
print -\nPassword NOT FOUND:- if eof;
}
close f1;
sub b64{
my $input = $_[0];
my @input = split(//,$input);
my $count = $_[1];
my $output = --;
my $i;
do {
my $value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count){
$value |= ord($input[$i]) << 8;
}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count){
return $output;
}
if ($i < $count){
$value |= ord($input[$i]) << 16;
}
$output .= $itoa64[($value >> 12) & 0x3f];
return $output if $i++ >= $count;
$output .= $itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
sub EncryptP{
my $password = $_[0];
my $setting = $_[1];
my @setting = split(//,$setting);
my $hash;
my $output = -*0';
$output = -*1' if substr($setting, 0, 2) eq $output;
return $output if substr($setting, 0, 3) ne $header;
my $count_log2 = index($itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30){
return $output;}
my $count = 1 << $count_log2;
my $salt = substr($setting, 4, 8);
return $output if length($salt) != 8;
if ($php_version >= '5') {
$hash = md5($salt . $password);
do {
$hash = md5($hash . $password);
} while (--$count);
} else {
$hash = pack('H*-, md5_hex($salt . $password));
do {
$hash = pack('H*-, md5_hex($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= &b64($hash, 16);
return $output;
}
sub HashP{
my $password = $_[0];
my $salt = $_[1];
my $hash;
$hash = &EncryptP($password,$salt);
return $hash if length($hash) == 34;
}
sub CheckP{
my $password = $_[0];
my $stored_hash = $_[1];
my $hash = &EncryptP($password,$stored_hash);
return $hash;
}
sub finder{
my $password = $_[0];
my $salt = $_[1];
my $hash = $_[2];
my $output = &CheckP($password,&HashP($password,$salt));
return $output eq $salt.$hash;