Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function HMAC($key,$str)
- {
- return hash_hmac("sha1",$str,$key,true);
- }
- function Hi($str,$salt,$i)
- {
- return hash_pbkdf2("sha1",$str,$salt,$i,0,true);
- }
- function H($str)
- {
- return sha1($str,true);
- }
- // details sur le Client
- $username = "koma_test";
- $lines = file('di.txt') ;
- foreach ($lines as $pass)
- {
- $password = $pass ;
- //print $password ;
- // le client génére le Nonce : hydra
- // le client envoie le message : n,,n=koma_test,r=hydra
- // Le serveur génére le Nonce 4OjoFBGFJyzTaBWKiGfuqNM+v9rDA0wn et le salt qgiJIJQsQPhvAotJWVNHPQ==
- // Message du serveur r=hydra4OjoFBGFJyzTaBWKiGfuqNM+v9rDA0wn,s=qgiJIJQsQPhvAotJWVNHPQ==,i=4096
- // Message du serveur r=hydraFe3A1scL7C0jtKsm+kcg96MWg769FuRu,s=kM6lTjjnZW4F8WLboyagcA==,i=4096
- $nonces = "hydraFe3A1scL7C0jtKsm+kcg96MWg769FuRu"; // Nonce du serveur
- $salt = base64_decode("kM6lTjjnZW4F8WLboyagcA=="); // Salt du serveur
- $i = 4096; // Nbre d'iterations
- $SaltedPassword = Hi($password,$salt,$i);
- //echo "SaltedPassword: ".bin2hex($SaltedPassword)."\n";
- $ClientKey = HMAC($SaltedPassword, "Client Key");
- //echo "ClientKey: ".bin2hex($ClientKey)."\n";
- $StoredKey = H($ClientKey);
- //echo "StoredKey: ".bin2hex($StoredKey)."\n";
- $clientFirstMessageBare = "n=koma_test,r=hydra";
- $serverFirstMessage = "r=hydraFe3A1scL7C0jtKsm+kcg96MWg769FuRu,s=kM6lTjjnZW4F8WLboyagcA==,i=4096";
- $clientFinalMessageWithoutProof = "c=biws,r=hydraFe3A1scL7C0jtKsm+kcg96MWg769FuRu";
- $AuthMessage = $clientFirstMessageBare.",".$serverFirstMessage.",".$clientFinalMessageWithoutProof;
- $ClientSignature = HMAC($StoredKey,$AuthMessage);
- //echo "ClientSignature: ".bin2hex($ClientSignature)."\n";
- $ClientProof = $ClientKey^$ClientSignature;
- echo "ClientProof: ".base64_encode($ClientProof)."\n";
- $ClientProof = base64_encode($ClientProof) ;
- //print $ClientProof ;
- // message du client c=biws,r=hydra4OjoFBGFJyzTaBWKiGfuqNM+v9rDA0wn,p=anvxRRv7SVKIwwsJ3Y6/0hKC0YU=
- // message du client c=biws,r=hydraFe3A1scL7C0jtKsm+kcg96MWg769FuRu,p=mZU2Qekd8JR7ybCtb3hnJMGEfIg=
- if (strcmp($ClientProof,"mZU2Qekd8JR7ybCtb3hnJMGEflg=") == 0)
- {
- print ("Find!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") ;
- print $password ;
- break ;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement