md5 Hash Lookuper #cgi

1. #!C:\pentest\pl\bin\perl.exe
2. #m-a_labz © s4e
3. use CGI qw(:cgi);
4. use LWP::UserAgent;
5. use WWW::Mechanize;
6. use Digest::MD5 qw(md5_hex);
7. $uag = LWP::UserAgent->new;
8. $uag->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.4');
9. $uag->timeout(30);
10. $| = 1;
11. print <<END_of_HTML;
12. Content-type: text/html
13.  
14. <HTML>
15.  <HEAD>
16.   <TITLE>[+] Hash Lookuper</TITLE>
17. <meta name="keywords" content="Zone,mawlare,anti-virus,anti,virus,security,python,pentest,pentesting,hacking,0day,exploit,zone-t,zone t,t,zone-t.net,whitehat,redhat">
18. <meta name="description" content="zone-t.net is a usfule site for pentesters, it contain many tools for scanning, bruteforcing, hash cracking ...">
19.  </HEAD>
20.  
21. <STYLE>
22. body{ background:#000000; font-size:14px; font-family:Courier New; color:#fff; text-decoration:none;}
23. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 10px;font-family: Courier New; border: 1px solid #000000;}
24. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 14px;font-weight:bold;color: lime; font-family: Courier New; border: 1px solid #666666;height:20}
25.  
26.  
27.  
28.  
29. body {
30. font-family: Courier New
31. }
32. tr {
33. BORDER: dashed 1px #333;
34. color: #FFF;
35. }
36. td {
37. BORDER: dashed 1px #333;
38. color: #FFF;
39. }
40. .table1 {
41. BORDER: 0px Black;
42. BACKGROUND-COLOR: Black;
43. color: #FFF;
44. }
45. .td1 {
46. BORDER: 0px;
47. BORDER-COLOR: #333333;
48. font: 7pt Verdana;
49. color: Green;
50. }
51. .tr1 {
52. BORDER: 0px;
53. BORDER-COLOR: #333333;
54. color: #FFF;
55. }
56. table {
57. BORDER: dashed 1px #333;
58. BORDER-COLOR: #333333;
59. BACKGROUND-COLOR: Black;
60. color: #FFF;
61. }
62. input {
63. border          : dashed 1px;
64. border-color        : #333;
65. BACKGROUND-COLOR: Black;
66. font: 8pt Verdana;
67. color: Red;
68. }
69. select {
70. BORDER-RIGHT:  Black 1px solid;
71. BORDER-TOP:    #DF0000 1px solid;
72. BORDER-LEFT:   #DF0000 1px solid;
73. BORDER-BOTTOM: Black 1px solid;
74. BORDER-color: #FFF;
75. BACKGROUND-COLOR: Black;
76. font: 8pt Verdana;
77. color: Red;
78. }
79. submit {
80. BORDER:  buttonhighlight 2px outset;
81. BACKGROUND-COLOR: Black;
82. width: 30%;
83. color: #FFF;
84. }
85. textarea {
86. border          : dashed 1px #333;
87. BACKGROUND-COLOR: Black;
88. font: Fixedsys bold;
89. color: #999;
90. }
91. BODY {
92.     SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
93. margin: 1px;
94. color: Red;
95. background-color: Black;
96. }
97. .main {
98. margin          : -287px 0px 0px -490px;
99. BORDER: dashed 1px #333;
100. BORDER-COLOR: #333333;
101. }
102. .tt {
103. background-color: Black;
104. }
105.  
106. A:link {
107.     COLOR: White; TEXT-DECORATION: none
108. }
109. A:visited {
110.     COLOR: White; TEXT-DECORATION: none
111. }
112. A:hover {
113.     color: Red; TEXT-DECORATION: none
114. }
115. A:active {
116.     color: Red; TEXT-DECORATION: none
117. }
118. </STYLE>
119.   <meta http-equiv="Content-Type" content="text/html; charset=utf8">
120.   <LINK REL="SHORTCUT ICON" HREF="http://zone-t.net/files/favicon.ico" />
121. END_of_HTML
122. print qq {
123.  <center>
124. [+] Hash Lookuper<br>Total Sites : 28<br><br>
125.  </center>
126.  };
127. if ($ENV{QUERY_STRING} !~ /hash=/)
128. {
129.  print qq {
130.  <center>
131. <FORM METHOD=POST ACTION="$0">
132.  + Hash(s) <br><br><textarea name="hash" cols="30" rows="20" >e10adc3949ba59abbe56e057f20f883e</textarea><br><br>
133. <INPUT TYPE=submit VALUE="crack it"><br>
134. </FORM>
135. </center>
136. };
137.  
138.  
139. $hc = param(hash);
140. @h = split(/<br>/,$hc);
141. }else{
142. @get = split(/=/, $ENV{QUERY_STRING});
143. @h = (@get[1]);
144. }
145. foreach $hash (@h)
146. {
147. chomp($hash);
148. $hash =~ s/\s//g;
149. print qq {<br> [+] Looking for $hash <br>};
150. crack($hash);
151. }
152. print <<END_of_HTML;
153.  </BODY>
154.  
155. </HTML>
156. END_of_HTML
157. close(IN);
158. sub crack {
159. chomp($_[0]);
160. if($_[0] =~ /[a-f0-9]{32}/){
161. spec2($_[0]);
162. postcracked($_[0]);
163. getcracked($_[0]);
164. nafsiyeh($_[0]);
165. }else{
166. print "- ".$_[0]." Not a Valid Md5 <br>";
167. }
168. }
169. sub postcracked{
170. my @url = ("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","http://www.cloudcracker.net/index.php","http://md5decryption.com/","http://md5online.net/","http://www.freemd5.com/index.php","http://www.hashscan.com/","http://md5pass.info/");
171. my @names = ("http://md5.my-addr.com/","http://www.cloudcracker.net/","http://md5decryption.com/","http://md5online.net/","http://www.freemd5.com/","http://www.hashscan.com/","http://md5pass.info/");
172. my @posts = ("md5=".$_[0],"inputbox=".$_[0]."&submit=Crack+MD5+Hash%21","hash=".$_[0]."\&submit=Decrypt+It\%21","pass=".$_[0]."\&option=hash2text\&send=Submit","md5=".$_[0]."&crackencryption=decryption","hash=".$_[0],"hash=".$_[0]."&get_pass=Get+Pass");
173. my @regexs = ("Hashed string<\/span>\: (.*?)<\/div>","value=\"(.*?)\" \/>             ","Decrypted Text\: <\/b>(.*?)<\/font>","<br>pass : <b>(.*?)<\/b><\/p><\/table>","<h2>MD5 Decryption Result:<br>(.*?)<\/h2>","<td><font color=\"green\"><b>(.*?)<\/b><\/font><\/td><\/tr>","Password - <b>(.*?)<\/b>");
174. my @pnotfound = ("not found in database<\/div>","Sorry\, password not found\.","Sorry\, this MD5 hash wasn\'t found in our database","not found in our database\.<\/p><\/center><\/table>","<h2>There is no data\.<\/h2>","<p><font color=\"orange\">MD5 hash not found in our wordlist\.<\/font><\/p>","\nNot found! ");
175. my $counter;
176.  
177. for ($counter=0; $counter<$#url + 1; $counter++){
178. my $req = HTTP::Request->new(POST => $url[$counter]);
179. $req->content_type('application/x-www-form-urlencoded');
180. $req->content($posts[$counter]);
181. my $res = $uag->request($req);
182. if ($res->is_success) {
183. if ($res->content !~ m/$pnotfound[$counter]/i)
184. {
185. if($res->content =~ m/$regexs[$counter]/i){
186. print "+ ".$names[$counter] ."   Password : ".$1."<br>";
187. next;
188. }
189. elsif ($res->status_line =~ /404,501,301/) {
190. print "- ".$names[$counter] ."   Seem to be down <br>";
191. }
192. else{
193. print "- ".$names[$counter] ."   Error <br>";
194. }
195. }
196. else{
197. print "- ".$names[$counter] ."   Password Not Found <br>";
198. }
199. }
200. }
201. }
202.  
203. sub spec2 {
204. my $site = "http://md5online.org/";
205. $hash = $_[0];
206. my $req = HTTP::Request->new(GET => $site);
207. $req->header(Accept => 'text/xml,application/xml,application/xhtml+xml,text/html');
208. my $res = $uag->request($req);
209. if ($res->content =~ /<input type=\"hidden\" name=\"a\" value=\"(.*?)\">/){$a = $1;}else{print $res->content."<br>";}
210. my $req = HTTP::Request->new(POST => $site);
211. $req->content_type('application/x-www-form-urlencoded');
212. my $post = "md5=".$hash."&search=1&action=decrypt&a=".$a;
213. $req->content($post);
214. my $res = $uag->request($req);
215. if($res->content =~ m/Found : <b>(.*?)<\/b>/i){
216. my $f = $1;
217. chomp($f);
218. if (md5_hex($f) =~ $_[0] )
219. { print "+ ".$site."   Password : ".$f."<br>";
220. }else{
221. print "- ".$site ."   Password Not Found <br>";
222. }
223. }
224. else{
225. print "- ".$site ."   Password Not Found <br>";
226. }
227. }
228. sub getcracked{
229. my @geturls = ("http://hashes.org/api.php?do=check&hash1=".$_[0],"http://md5.rednoize.com/?p&s=md5&q=".$_[0],"http://md5decoder.org/".$_[0],"http://netmd5crack.com/cgi-bin/Crack.py?InputHash=".$_[0],"http://www.md5rainbow.com/".$_[0],"http://md5decoder.com/".$_[0],"http://all-the-numbers.com/MD5-Message-Digest-5/".$_[0].".html","http://md5reverse.insdy.net/decrypt_md5/".$_[0],"http://".$_[0].".haq4u.com/","http://md5cracker.com/qkhash.php?option=plaintext&pass=".$_[0],"http://www.md5-hash.com/md5-hashing-decrypt/".$_[0],"http://md5geek.com/".$_[0],"http://hash-decrypt.pl/decrypt/".$_[0],"http://md5cracker.altervista.org/search.php?hash=".$_[0],"https://api.leakdb.net/?t=".$_[0],"http://hashdatabase.info/crack?hash=".$_[0],"http://www.stringfunction.com/md5-decrypter.html?st=".$_[0]);
230. my @getnames = ("http://hashes.org/","http://md5.rednoize.com/","http://md5decoder.org/","http://netmd5crack.com/","http://www.md5rainbow.com/","http://md5decoder.com/","http://all-the-numbers.com/","http://md5reverse.insdy.net/","http://haq4u.com/","http://md5cracker.com/","http://www.md5-hash.com/","http://md5geek.com/","http://hash-decrypt.pl/","http://md5cracker.altervista.org/","http://leakdb.net/","http://hashdatabase.info/","http://www.stringfunction.com/");
231. my @getregexs = ("<found>true<\/found><plain>(.*?)<\/plain>","\"(.*?)\"\n","Phrase\: \"(.*?)\" hashed","<\/td><td class=\"border\">(.*?)<\/td><\/tr><\/table>\n<i>","</h1>\n(.*?)<br/>","<center>(.*?)<\/center><\/h1>","This is MD5 hash for word \"(.*?)\"\.","   <title>MD5 Reverse \: ".$_[0]." - (.*?)<\/title>","\.haq4u.com\">(.*?)<\/a><\/br>","Plain Text\: (.*?)\n","<strong class=\"result\">(.*?)<\/strong><\/p>","\">(.*?)\n<\/span","Found a match\: (.*?)\n<\/p>","<tr><td width=200>".$_[0]."<\/td><td width=200>(.*?)<\/td>","plaintext=(.*?)\n","<td><strong>(.*?)<\/strong><\/td>","textarea_md5_decrypter\">(.*?)<\/textarea>");
232. my @gnotfound = ("<found>false<\/found>","bool\(false\)","\:\~\:no\:\~\:","Sorry\, we don\'t have that hash in our database\.","<p>Sorry\, no reverse string was found\.<\/p>","No match found\. Please try another one\:","<nobr>".$_[0]."<\/nobr><\/h1>Hash string stat\:<p>","MD5 sum not found\.<\/em>","\:\~\:no\:\~\:","Not Found","<\/strong> not found in our database\.<\/h3>","<div class=\"not\-found\">","We\'re sorry but the hash you gave","<font color=\#FF0000>Hash Not Found<\/font>","\:\~\:no\:\~\:","Sorry this string is not in our database <br \/>","Sorry\, we were unable to find the original");
233. my $counter;
234. for ($counter=0; $counter<$#geturls + 1; $counter++)
235. {
236. my $req = HTTP::Request->new(GET => $geturls[$counter]);
237. $req->header(Accept => 'text/xml,application/xml,application/xhtml+xml,text/html');
238. my $res = $uag->request($req);
239. if ($res->is_success) {
240. if ($res->content !~ m/$gnotfound[$counter]/i)
241. {
242. if($res->content =~ m/$getregexs[$counter]/i){
243. print "+ ".$getnames[$counter] ."   Password : ".$1."<br>";
244. next;
245. }
246. elsif ($res->status_line =~ /404,501,301/) {
247. print "- ".$getnames[$counter] ."   Seem to be down <br>";
248. }
249. else{
250. print "- ".$getnames[$counter] ."   Error <br>";
251. }
252. }
253. else{
254. print "- ".$getnames[$counter] ."   Password Not Found <br>";
255. }
256. }
257. }
258. }
259.  
260.  
261.  
262. sub nafsiyeh{
263. my @nurl = ("http://md5.gromweb.com/query/".$_[0],"http://md5.darkbyte.ru/api.php?q=".$_[0],"http://reversemd5.com/get?md5=".$_[0]);
264. my @nnames = ("http://md5.gromweb.com/","http://md5.darkbyte.ru/","http://reversemd5.com/");
265. my $counter;
266.  
267. for ($counter=0; $counter<$#nurl + 1; $counter++){
268. my $req = HTTP::Request->new(GET => $nurl[$counter]);
269. $req->header(Accept => 'text/xml,application/xml,application/xhtml+xml,text/html');
270. my $res = $uag->request($req);
271. if ($res->is_success) {
272.     if(length($res->content) > 1){
273. print "+ ".$nnames[$counter] ."   Password : ".$res->content."<br>";
274. next;
275. }
276. else{
277. print "- ".$nnames[$counter] ."   Password Not Found <br>";
278. }
279. }else{
280. print "- ".$nnames[$counter] ."   Password Not Found <br>";
281. }
282. }
283. }