 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 567
 Members: 0
 Total: 567
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Rainbow Table Query Script |
|
 Posted: Wed Jul 20, 2005 11:26 am |
 |
|
| UrlGuy |
| Regular user |
 |
| |
| Joined: Jul 20, 2005 |
| Posts: 16 |
| Location: Norway |
|
|
 |
|
 |
|
Okay, probably someone in here who is interested in this..
I was looking for a script for this a couple days ago so I started programming my own lil script..
I have made 2 scripts to allow other users to query your rainbow tables from your webpage/server.
One of them needs MySQL support, and allows only 1 hash submittion at once, and have a simple login system, aswell as saving all hashes to the database, and updating the mainpage every 30 sec with meta tags, and it will say when its done querying, and output results. - So you dont have to edit php.ini and max execution time.
I will only post one script for now, a script that dont need database support, only PHP is required.
This allows submittion of 5 MD5 hashes at once, although I reccomend only 1-2 as it may take some time, and php.ini's max execution time should be set to maximum if you have large tables.
This script uses the system(); command to execute the query, then outputs the result in some premade .txt files.
If anyone interested I can supply you with source for the exact same purpose, only this made in VB/CPP and will same output results into a db/html or .txt but this dont allow execution remotely, unless you further use winsock control.
Anyways, you need to make a few changes to this script yourself, I will explain more of that in the end.
Heres the code:
Index.php
| Code: |
<center><HTML>
<HEAD>
<center><H2>Rainbow Tables - MD5</H2><bR></center>
</HEAD>
<BODY>
<br>
<CENTER>
<FORM action="crack.php" method="post">
HASH1:<BR>
<INPUT type="text" name="hash1_old"><BR>
HASH2:<BR>
<INPUT type="text" name="hash2_old"><BR>
HASH3:<BR>
<INPUT type="text" name="hash3_old"><BR>
HASH4:<BR>
<INPUT type="text" name="hash4_old"><BR>
HASH5:<BR>
<INPUT type="text" name="hash5_old"><BR>
<INPUT type="submit" value="Try">
</FORM></center><BR><BR> |
crack.php
| Code: |
<center><?php
/*
Rainbow table querying in PHP
- Simple example
- No database required
Contact:
ap1803@gmail.com
*/
include("index.php");
echo "<B>OUTPUT:</B><BR><BR>";
$op_cont = file_get_contents("output.txt");
$filename = 'output.txt'; // Both these will have some
$file = 'temp.txt'; // output temporarily stored in them.
$_GET['hash1_old'];
$_GET['hash2_old'];
$_GET['hash3_old'];
$_GET['hash4_old'];
$_GET['hash5_old'];
$hash1 = escapeshellcmd($hash1_old); // Using this to avoid
$hash2 = escapeshellcmd($hash2_old); // exploits and vulnerable
$hash3 = escapeshellcmd($hash3_old); // code being passed.
$hash4 = escapeshellcmd($hash4_old); // Just some extra
$hash5 = escapeshellcmd($hash5_old); // security :)
if(empty($hash1)) {
$hashes=array($hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]"; // I know my code looks messy
}
if(empty($hash2)) {
$hashes=array($hash1, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]"; // This could have been done a easier way
}
if(empty($hash3)) {
$hashes=array($hash1, $hash2, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[3]\r\n$hashes[4]";
}
if(empty($hash4)) {
$hashes=array($hash1, $hash2, $hash3, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[4]";
}
if(empty($hash5)) {
$hashes=array($hash1, $hash2, $hash3, $hash4);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]";
} else {
$hashes=array($hash1, $hash2, $hash3, $hash4, $hash5);
$towrite = "$hashes[0]\r\n$hashes[1]\r\n$hashes[2]\r\n$hashes[3]\r\n$hashes[4]";
}
$fp = fopen($file, 'w');
fwrite($fp, $towrite);
fclose($fp);
echo "<pre>";
$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");
echo "</pre>";
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'w+')) {
echo "Cant open ($filename)";
exit;
}
if (fwrite($handle, $crack) === FALSE) {
echo "Failed to write output to ($filename)";
exit;
}
}
fclose($handle);
?></center>
|
Make these files, and in the same folder make 2 empty textfiles.
Name these 'output.txt' and 'temp.txt'.
You will also need charset.txt in your script folder, aswell as in the folder with your rcrack.exe
Near the bottom of crack.php you will find this line:
$crack = system("c:\\rcrack.exe c:\\*.rt -l $file");
Modify this to the directory of your rcrack. (I have not tested elsewhere) But remember to add two slashes in the directories.
I have added all the hashes to go thru escapeshellcmd(); before its being executed by shell, incase some clever ppl decide to try exploit your box, this is just for increased security. Although you should note that this script cant be 100% secure, its not well tested, this is working without any database support, and last I'm new to this whole rainbow table thing.
If anyone need the other more stable querying script in PHP which currently only allows 1 submittion at once, and stores everything in a database and autorefreshes until its completed. The Visual Basic or C++ version, give me a note.
If anyone got any improvements or better script, please share.
Hope this will be useful for someone |
|
|
|
|
|
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
