Multi CMS Hash Cracker v0.1

1. #!usr/bin/perl
2. use Digest::MD5  qw(md5_hex);
3. use Digest::SHA1  qw(sha1_hex);
4.  
5. # Author: localh0t
6. # Date: 09/06/11
7. # Contact: [email protected]
8. # Follow: @mattdch
9.  
10. # Help
11.  
12. if(!$ARGV[7])
13.     {
14.          print "\n\n###########################################";
15.          print "\n# Multi CMS Hash Cracker v0.1 by localh0t #";
16.              print "\n###########################################";
17.          print "\n\nUse: perl $0 -d [WORLDLIST FOLDER] -h [MD5 | SHA-1 HASH] -s [SALT | USERNAME] -c [CMS]\n";
18.          print "Example: perl $0 -d /home/localh0t/wordlists/ -h caef8544a8e65e23f67ab844d4866e8d -s uZ*qX -c IPB\n";
19.          print "Example: perl $0 -d /home/localh0t/wordlists/ -h dc4a27b25e3f780b89c165f931d6f85d5bd6e33e -s Administrator -c SMF\n\n";
20.          print "Note: Worlists must end with .txt or .lst (or any extension)\n\n"; 
21.          print "Support:\n========\n";
22.          print "VB     : md5_hex(md5_hex(password).salt)           | (vBulletin)\n";
23.          print "SMF    : sha1_hex(user.password)                   | (Simple Machines Forum)\n";
24.          print "IPB    : md5_hex(md5_hex(salt).md5_hex(password))  | (Invision Power Board)\n";
25.          print "JOOMLA : md5_hex(password.salt)                    | (Joomla 1.x)\n\n";
26.          exit(0);
27.     }
28.  
29.  
30. # Functions
31.  
32. sub ipb_cracker{
33.     my $hash = shift;
34.     my $salt = shift;
35.     my $dir  = shift;
36.     foreach $file (@FILES) {
37.     open(DICT,"<".$dir.$file) || die "\n[-] Error opening $file\n\n";
38.     print "[!] Using $file...\n";
39.             foreach $password(<DICT>) {
40.                 $password=~s/\s|\n//;
41.                 chomp($password);
42.                 $cracked = md5_hex(md5_hex($salt).md5_hex($password));
43.                 if ($cracked eq $hash) {
44.                     return "[+] Hash cracked !: $password\n\n";
45.                 }
46.             }
47.     print "[!] Nothing found with $file...\n\n";
48.     }
49.     return "\n[-] Password not found\n\n";
50. }
51.  
52. sub vb_cracker{
53.     my $hash = shift;
54.     my $salt = shift;
55.     my $dir  = shift;
56.     foreach $file (@FILES) {
57.     open(DICT,"<".$dir.$file) || die "\n[-] Error opening $file\n\n";
58.     print "[!] Using $file...\n";
59.             foreach $password(<DICT>) {
60.                 $password=~s/\s|\n//;
61.                 chomp($password);
62.                 $cracked = md5_hex(md5_hex($password).$salt);
63.                 if ($cracked eq $hash) {
64.                     return "[+] Hash cracked !: $password\n\n";
65.                 }
66.             }
67.     print "[!] Nothing found with $file...\n\n";
68.     }
69.     return "\n[-] Password not found\n\n";
70. }
71.  
72. sub smf_cracker{
73.     my $hash = shift;
74.     my $user = shift;
75.     my $dir  = shift;
76.     foreach $file (@FILES) {
77.     open(DICT,"<".$dir.$file) || die "\n[-] Error opening $file\n\n";
78.     print "[!] Using $file...\n";
79.             foreach $password(<DICT>) {
80.                 $password=~s/\s|\n//;
81.                 chomp($password);
82.                 $cracked = sha1_hex($user.$password);
83.                 if ($cracked eq $hash) {
84.                     return "[+] Hash cracked !: $password\n\n";
85.                 }
86.             }
87.     print "[!] Nothing found with $file...\n\n";
88.     }
89.     return "\n[-] Password not found\n\n";
90. }
91.  
92. sub joomla_cracker{
93.     my $hash = shift;
94.     my $salt = shift;
95.     my $dir  = shift;
96.     foreach $file (@FILES) {
97.     open(DICT,"<".$dir.$file) || die "\n[-] Error opening $file\n\n";
98.     print "[!] Using $file...\n";
99.             foreach $password(<DICT>) {
100.                 $password=~s/\s|\n//;
101.                 chomp($password);
102.                 $cracked = md5_hex($password.$salt);
103.                 if ($cracked eq $hash) {
104.                     return "[+] Hash cracked !: $password\n\n";
105.                 }
106.             }
107.     print "[!] Nothing found with $file...\n\n";
108.     }
109.     return "\n[-] Password not found\n\n";
110. }
111.  
112. my ($dir, $hash, $salt, $cms, $arg);
113.  
114. foreach $loop (@ARGV) {
115.     for ($loop) {
116.         /^-d$/ and do { $dir = $ARGV[($arg+1)]; last; };
117.         /^-h$/ and do { $hash = $ARGV[($arg+1)];  last; };
118.         /^-s$/ and do { $salt = $ARGV[($arg+1)]; last; };
119.         /^-c$/ and do { $cms = $ARGV[($arg+1)]; last; };
120.     }
121.     $arg++;
122. }
123.  
124.  
125. # Main
126.  
127. print "\n[!] Cracking $hash with $salt as username/salt...\n\n";
128.  
129. opendir(DIR, $dir) || die "\n[-] Folder not found\n\n";
130.  
131. while($file = readdir(DIR)) {
132.      if ($file ne '.' and $file ne '..') {
133.     $FILES[$clean] = $file;
134.     $clean++;
135.      }
136. }
137.  
138. for ($cms) {
139.   /^IPB$/    and do { $result = &ipb_cracker($hash,$salt,$dir); last; };
140.   /^VB$/     and do { $result = &vb_cracker($hash,$salt,$dir);  last; };
141.   /^SMF$/    and do { $result = &smf_cracker($hash,$salt,$dir); last; };
142.   /^JOOMLA$/ and do { $result = &joomla_cracker($hash,$salt,$dir); last; };
143.   /^.$/      and do { print "[-] CMS not available\n"; exit(0); last; };
144. }
145.  
146. print $result;
147.  
148. # Exit
149.  
150. close(DICT);
151. closedir(DIR);
152. exit(0);
153.  
154. __END__