Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
August 15, 2020
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 326
Members: 0
Total: 326
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Php -> Rainbow Table Query Script
Post new topic  Reply to topic View previous topic :: View next topic 
Rainbow Table Query Script
PostPosted: Wed Jul 20, 2005 11:26 am Reply with quote
UrlGuy
Regular user
Regular user
 
Joined: Jul 20, 2005
Posts: 16
Location: Norway




Okay, probably someone in here who is interested in this..

I was looking for a script for this a couple days ago so I started programming my own lil script..

I have made 2 scripts to allow other users to query your rainbow tables from your webpage/server.

One of them needs MySQL support, and allows only 1 hash submittion at once, and have a simple login system, aswell as saving all hashes to the database, and updating the mainpage every 30 sec with meta tags, and it will say when its done querying, and output results. - So you dont have to edit php.ini and max execution time.

I will only post one script for now, a script that dont need database support, only PHP is required.
This allows submittion of 5 MD5 hashes at once, although I reccomend only 1-2 as it may take some time, and php.ini's max execution time should be set to maximum if you have large tables.

This script uses the system(); command to execute the query, then outputs the result in some premade .txt files.

If anyone interested I can supply you with source for the exact same purpose, only this made in VB/CPP and will same output results into a db/html or .txt but this dont allow execution remotely, unless you further use winsock control.

Anyways, you need to make a few changes to this script yourself, I will explain more of that in the end.

Heres the code:


Index.php

Code:

<center><HTML>
<HEAD>
<center><H2>Rainbow Tables - MD5</H2><bR></center>
</HEAD>
<BODY>
<br>
<CENTER>
<FORM action="crack.php" method="post">
HASH1:<BR>
<INPUT type="text" name="hash1_old"><BR>
HASH2:<BR>
<INPUT type="text" name="hash2_old"><BR>
HASH3:<BR>
<INPUT type="text" name="hash3_old"><BR>
HASH4:<BR>
<INPUT type="text" name="hash4_old"><BR>
HASH5:<BR>
<INPUT type="text" name="hash5_old"><BR>
<INPUT type="submit" value="Try">
</FORM></center><BR><BR>




crack.php

Code:

<center><?php

/*

Rainbow table querying in PHP
 - Simple example
 - No database required

Contact:
ap1803@gmail.com

*/

include("index.php");
echo "<B>OUTPUT:</B><BR><BR>";
$op_cont = file_get_contents("output.txt");

$filename = 'output.txt';  // Both these will have some
$file = 'temp.txt';        // output temporarily stored in them.

$_GET['hash1_old'];
$_GET['hash2_old'];
$_GET['hash3_old'];
$_GET['hash4_old'];
$_GET['hash5_old'];

$hash1 = escapeshellcmd($hash1_old);  // Using this to avoid
$hash2 = escapeshellcmd($hash2_old);  // exploits and vulnerable
$hash3 = escapeshellcmd($hash3_old);  // code being passed.
$hash4 = escapeshellcmd($hash4_old);  // Just some extra
$hash5 = escapeshellcmd($hash5_old);  // security :)

if(empty($hash1)) {
$hashes=array($hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]";  // I know my code looks messy
}
if(empty($hash2)) {
$hashes=array($hash1, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]";  // This could have been done a easier way
}
if(empty($hash3)) {
$hashes=array($hash1, $hash2, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[3]\r\n$hashes[4]";
}
if(empty($hash4)) {
$hashes=array($hash1, $hash2, $hash3, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[4]";
}
if(empty($hash5)) {
$hashes=array($hash1, $hash2, $hash3, $hash4);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]";
} else {
$hashes=array($hash1, $hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]";
}

$fp = fopen($file, 'w');
fwrite($fp, $towrite);
fclose($fp);


echo "<pre>";
$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");
echo "</pre>";

if (is_writable($filename)) {
if (!$handle = fopen($filename, 'w+')) {
echo "Cant open ($filename)";
exit;
}

if (fwrite($handle, $crack) === FALSE) {
echo "Failed to write output to ($filename)";
exit;
}
}
fclose($handle);
?></center>



Make these files, and in the same folder make 2 empty textfiles.
Name these 'output.txt' and 'temp.txt'.
You will also need charset.txt in your script folder, aswell as in the folder with your rcrack.exe

Near the bottom of crack.php you will find this line:

$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");

Modify this to the directory of your rcrack. (I have not tested elsewhere) But remember to add two slashes in the directories.

I have added all the hashes to go thru escapeshellcmd(); before its being executed by shell, incase some clever ppl decide to try exploit your box, this is just for increased security. Although you should note that this script cant be 100% secure, its not well tested, this is working without any database support, and last I'm new to this whole rainbow table thing.

If anyone need the other more stable querying script in PHP which currently only allows 1 submittion at once, and stores everything in a database and autorefreshes until its completed. The Visual Basic or C++ version, give me a note.

If anyone got any improvements or better script, please share.
Hope this will be useful for someone
View user's profile Send private message Visit poster's website MSN Messenger
Rainbow Table Query Script
  www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.048 Seconds