CMS Hash Cracker

1.     #!usr/bin/perl
2.     use Digest::MD5 qw(md5_hex);
3.     use Digest::SHA1 qw(sha1_hex);
4.  
5.     # Author: localh0t
6.     # Date: 09/06/11
7.     # Contact: mattdch0@gmail.com
8.     # Follow: @mattdch
9.  
10.     # Help
11.  
12.     if(!$ARGV[7])
13.     {
14.     print “\n\n###########################################”;
15.     print “\n# Multi CMS Hash Cracker v0.1 by localh0t #”;
16.     print “\n###########################################”;
17.     print “\n\nUse: perl $0 -d [WORLDLIST FOLDER] -h [MD5 | SHA-1 HASH] -s [SALT | USERNAME] -c [CMS]\n”;
18.     print “Example: perl $0 -d /home/localh0t/wordlists/ -h caef8544a8e65e23f67ab844d4866e8d -s uZ*qX -c IPB\n”;
19.     print “Example: perl $0 -d /home/localh0t/wordlists/ -h dc4a27b25e3f780b89c165f931d6f85d5bd6e33e -s Administrator -c SMF\n\n”;
20.     print “Note: Worlists must end with .txt or .lst (or any extension)\n\n”;
21.     print “Support:\n========\n”;
22.     print “VB : md5_hex(md5_hex(password).salt) | (vBulletin)\n”;
23.     print “SMF : sha1_hex(user.password) | (Simple Machines Forum)\n”;
24.     print “IPB : md5_hex(md5_hex(salt).md5_hex(password)) | (Invision Power Board)\n”;
25.     print “JOOMLA : md5_hex(password.salt) | (Joomla 1.x)\n\n”;
26.     exit(0);
27.     }
28.  
29.     # Functions
30.  
31.     sub ipb_cracker{
32.     my $hash = shift;
33.     my $salt = shift;
34.     my $dir = shift;
35.     foreach $file (@FILES) {
36.     open(DICT,” print “[!] Using $file…\n”;
37.     foreach $password() {
38.     $password=~s/\s|\n//;
39.     chomp($password);
40.     $cracked = md5_hex(md5_hex($salt).md5_hex($password));
41.     if ($cracked eq $hash) {
42.     return “[+] Hash cracked !: $password\n\n”;
43.     }
44.     }
45.     print “[!] Nothing found with $file…\n\n”;
46.     }
47.     return “\n[-] Password not found\n\n”;
48.     }
49.  
50.     sub vb_cracker{
51.     my $hash = shift;
52.     my $salt = shift;
53.     my $dir = shift;
54.     foreach $file (@FILES) {
55.     open(DICT,” print “[!] Using $file…\n”;
56.     foreach $password() {
57.     $password=~s/\s|\n//;
58.     chomp($password);
59.     $cracked = md5_hex(md5_hex($password).$salt);
60.     if ($cracked eq $hash) {
61.     return “[+] Hash cracked !: $password\n\n”;
62.     }
63.     }
64.     print “[!] Nothing found with $file…\n\n”;
65.     }
66.     return “\n[-] Password not found\n\n”;
67.     }
68.  
69.     sub smf_cracker{
70.     my $hash = shift;
71.     my $user = shift;
72.     my $dir = shift;
73.     foreach $file (@FILES) {
74.     open(DICT,” print “[!] Using $file…\n”;
75.     foreach $password() {
76.     $password=~s/\s|\n//;
77.     chomp($password);
78.     $cracked = sha1_hex($user.$password);
79.     if ($cracked eq $hash) {
80.     return “[+] Hash cracked !: $password\n\n”;
81.     }
82.     }
83.     print “[!] Nothing found with $file…\n\n”;
84.     }
85.     return “\n[-] Password not found\n\n”;
86.     }
87.  
88.     sub joomla_cracker{
89.     my $hash = shift;
90.     my $salt = shift;
91.     my $dir = shift;
92.     foreach $file (@FILES) {
93.     open(DICT,” print “[!] Using $file…\n”;
94.     foreach $password() {
95.     $password=~s/\s|\n//;
96.     chomp($password);
97.     $cracked = md5_hex($password.$salt);
98.     if ($cracked eq $hash) {
99.     return “[+] Hash cracked !: $password\n\n”;
100.     }
101.     }
102.     print “[!] Nothing found with $file…\n\n”;
103.     }
104.     return “\n[-] Password not found\n\n”;
105.     }
106.  
107.     my ($dir, $hash, $salt, $cms, $arg);
108.  
109.     foreach $loop (@ARGV) {
110.     for ($loop) {
111.     /^-d$/ and do { $dir = $ARGV[($arg+1)]; last; };
112.     /^-h$/ and do { $hash = $ARGV[($arg+1)]; last; };
113.     /^-s$/ and do { $salt = $ARGV[($arg+1)]; last; };
114.     /^-c$/ and do { $cms = $ARGV[($arg+1)]; last; };
115.     }
116.     $arg++;
117.     }
118.  
119.     # Main
120.  
121.     print “\n[!] Cracking $hash with $salt as username/salt…\n\n”;
122.  
123.     opendir(DIR, $dir) || die “\n[-] Folder not found\n\n”;
124.  
125.     while($file = readdir(DIR)) {
126.     if ($file ne ‘.’ and $file ne ‘..’) {
127.     $FILES[$clean] = $file;
128.     $clean++;
129.     }
130.     }
131.  
132.     for ($cms) {
133.     /^IPB$/ and do { $result = &ipb_cracker($hash,$salt,$dir); last; };
134.     /^VB$/ and do { $result = &vb_cracker($hash,$salt,$dir); last; };
135.     /^SMF$/ and do { $result = &smf_cracker($hash,$salt,$dir); last; };
136.     /^JOOMLA$/ and do { $result = &joomla_cracker($hash,$salt,$dir); last; };
137.     /^.$/ and do { print “[-] CMS not available\n”; exit(0); last; };
138.     }
139.  
140.     print $result;
141.  
142.     # Exit
143.  
144.     close(DICT);
145.     closedir(DIR);
146.     exit(0);
147.  
148.     __END__