178

Salted Hash Cracking PHP Script

The following is a PHP script for running dictionary attacks against both salted and unsalted password hashes. It is capable of attacking every hash function supported by PHP's hash function, as well as md5(md5), LM, NTLM, MySQL 4.1, and crypt hashes. It also supports crashed session recovery.

Command-Line Options

PHP Hash Cracker v1.1: https://defuse.ca/php-hash-cracker.htm
Usage: php crack.php <arguments>
Arguments:
    -w <wordlist>           Wordlist or "stdin" for standard input.
    -s <start line number>  Skip lines of the wordlist.
    -o <output file>        Save session/results to file.
    -f <output file>        Recover crashed session.
    -c <hash>               The hash to crack.
    -t <hash type>          The type of hash.
    -l <left salt>          Salt prepended to the password.
    -r <right salt>         Salt appended to the password.
    -d <s>                  Hash <s> with all supported hash types.
    -h                      Print help message.
** All other arguments are ignored when using -f or -d **

Sample Output

$ php crack.php -w small.lst -c 2c5419e6db59f283bcbb501c722e73c6 -t md5 -l a8f0h2 -r 8hf27
Defuse Security's Hash Cracking Script - v1.1
Homepage: https://defuse.ca/php-hash-cracker.htm

Begin execution: March 17, 2012, 8:31 pm
Wordlist: small.lst
Start line: 0
Hash: 2c5419e6db59f283bcbb501c722e73c6
Hash type: md5
Left salt: a8f0h2
Right salt: 8hf27

Current Line: 1000000         Current Password: IndigoIndigo            
Current Line: 2000000         Current Password: 5reinforce                Rate: 239 k/s

PASSWORD FOUND:               Zygomaticing (0x5a79676f6d61746963696e67)
HASH:                         2c5419e6db59f283bcbb501c722e73c6
HASH TYPE:                    md5
LEFT SALT:                    a8f0h2 (0x613866306832)
RIGHT SALT:                   8hf27 (0x3868663237)

Code

Source Code on GitHub