API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 29th, 2016
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.51 KB | None | 0 0
raw download clone embed print report
  1. import time, hashlib
  2. from jinja2.sandbox import SandboxedEnvironment
  3. print"""
  4. ____ ____ ____ ____ ____ ____ ____ ____
  5. ||D |||B |||2 |||B |||O |||O |||B |||Y ||
  6. ||__|||__|||__|||__|||__|||__|||__|||__||
  7. |/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|.py\n"""
  8.  
  9. results = []
  10.  
  11. def md5(s):
  12. return hashlib.md5(s).hexdigest()
  13.  
  14. def cracking():
  15. print '\nEnter the encryption algorithm below.'
  16. print 'Encryption Algorithm Format:\n\nUse \'md5()\' for md5.\nUse \'+\' for joining strings.\nUse \'salt\' for the salt.\nUse \'password\' for the plaintext password.\nExample: md5(md5(salt)+md5(password))\n'
  17. algorithm = str(raw_input('Enter Encryption Algorithm => '))
  18. pwdlist = open(str(raw_input('Password List Path=> ')), 'r').readlines()
  19. hashlist = open(str(raw_input('Hash List Path=> ')), 'r').readlines()
  20. env = SandboxedEnvironment()
  21. template = env.from_string('{{' + algorithm + '}}')
  22. try:
  23. print 'Staring cracking...\nPress Ctrl + C to Stop.\n'
  24. fstart = time.time()
  25. for hsh in hashlist:
  26. parse = hsh.split('||')
  27. username = parse[0].strip()
  28. hsh = parse[1].strip()
  29. salt = parse[2].strip()
  30. start = time.time()
  31. print 'Attempting to crack ' + username
  32. time.sleep(2)
  33. for pwd in pwdlist:
  34. pwd = pwd.strip()
  35. xhash = template.render(md5=md5, salt=salt, password=pwd)
  36. if xhash == hsh:
  37. elapsed = time.time() - start
  38. print 'CRACKED ' + username + ' WITH PASSWORD: ' + pwd + ' in ' + str(elapsed) + ' seconds.'
  39. results.append(username + '||' + pwd)
  40. time.sleep(2)
  41. break
  42. else:
  43. print pwd + ' - Failed'
  44. except KeyboardInterrupt:
  45. pass
  46. felapsed = time.time() - fstart
  47. print '\nCracked ' + str(len(results)) + ' in ' + str(felapsed) + ' seconds:'
  48. for x in results:
  49. print x
  50. if results:
  51. save()
  52.  
  53. def save():
  54. opt = str(raw_input("Do you want to save results to file? (Y/N) => ")).lower()
  55. if opt == 'y':
  56. f = str(raw_input("Output File => "))
  57. f = open(f, 'a')
  58. for x in results:
  59. f.write(x + '\n')
  60. f.close()
  61. print 'Results written to file.'
  62. elif opt == 'n':
  63. print 'Save to file - Skipped.'
  64. else:
  65. save()
  66.  
  67. def manual(db_name):
  68. db = open(db_name, 'r')
  69. table = str(raw_input('Table name => '))
  70. nof = int(raw_input('Number of fields to parse => '))
  71. fields = []
  72. for x in range(nof):
  73. fields.append(str(raw_input("Field " + str(x) + ' => ')))
  74. print ''
  75. pattern = ''
  76. x = ''
  77. string = ''
  78. for line in db.readlines():
  79. if 'INSERT INTO' in line and table in line:
  80. pattern = (line.split('VALUES')[0].strip()).split(',')
  81. pattern = map(lambda s: s.strip('()`\';'), pattern)
  82. pattern[0] = (pattern[0].split('(')[1]).strip('`')
  83. x = (line.split('VALUES')[1].strip()).split(',')
  84. x = map(lambda s: s.strip('()`\';'), x)
  85. string = ''
  86. for field in fields:
  87. string += x[pattern.index(field)] + '||'
  88. string = string[:-2]
  89. results.append(string)
  90. print string
  91. print '\n' + table + ' has these fields: \n'
  92. print pattern
  93. print '\nSave the hashes if you plan on cracking them.'
  94. save()
  95.  
  96. def typecheck(db_name):
  97. db = open(db_name, 'r')
  98. for line in db.readlines():
  99. if 'mybb' in line.lower():
  100. return 'MyBB'
  101. break
  102.  
  103. def mybb(db_name):
  104. pattern = ''
  105. string = ''
  106. db = open(db_name, 'r')
  107. for line in db.readlines():
  108. if 'INSERT INTO' in line and 'mybb_users' in line:
  109. #set pattern
  110. pattern = (line.split('VALUES')[0].strip()).split(',')
  111. pattern = map(lambda s: s.strip('()`\';'), pattern)
  112. pattern = pattern[1] + '||' + pattern[2] + '||' + pattern[3] #these indexes can be altered
  113. #set string
  114. x = (line.split('VALUES')[1].strip()).split(',')
  115. x = map(lambda s: s.strip('()`\';'), x)
  116. string = x[1] + '||' + x[2] + '||' + x[3] #these indexes can be altered
  117. results.append(string)
  118. print string
  119. print pattern
  120. print '\nSave the hashes if you plan on cracking them.'
  121. save()
  122.  
  123. def main():
  124. try:
  125. print 'Automatic parsing is supported for the following database types:'
  126. print '[*] MyBB\n'
  127. print '1 - Automatic Database Parsing'
  128. print '2 - Manual Database Parsing (Just Username, Password and Salt for Hash Cracking)'
  129. print '3 - Hash Cracking (Consider Parsing and Saving Hashes First.)\n'
  130. man = str(raw_input('Option Value => ')).lower()
  131. if man == '2':
  132. db_name = str(raw_input("db path => "))
  133. manual(db_name)
  134. elif man == '1':
  135. db_name = str(raw_input("db path => "))
  136. version = typecheck(db_name)
  137. if version == 'MyBB':
  138. print 'Database: MyBB'
  139. print 'Parsing ' + db_name + '\'s user-table.\n'
  140. time.sleep(2)
  141. mybb(db_name)
  142. else:
  143. print 'Database unknown.\nAttempting manual parsing.\n'
  144. manual(db_name)
  145. elif man == '3':
  146. cracking()
  147. else:
  148. print 'Invalid Option.'
  149. main()
  150. except Exception,e: print str(e)
  151.  
  152. main()
  153. raw_input("\nPress anything to exit.")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!