Salted Hash Cracking PHP Script
The following is a PHP script for running dictionary attacks against both salted and unsalted password hashes. It is capable of attacking every hash function supported by PHP's hash function, as well as md5(md5), LM, NTLM, MySQL 4.1, and crypt hashes. It also supports crashed session recovery.
PHP Hash Cracker v1.1: https://defuse.ca/php-hash-cracker.htm
Usage: php crack.php <arguments>
-w <wordlist> Wordlist or "stdin" for standard input.
-s <start line number> Skip lines of the wordlist.
-o <output file> Save session/results to file.
-f <output file> Recover crashed session.
-c <hash> The hash to crack.
-t <hash type> The type of hash.
-l <left salt> Salt prepended to the password.
-r <right salt> Salt appended to the password.
-d <s> Hash <s> with all supported hash types.
-h Print help message.
** All other arguments are ignored when using -f or -d **
$ php crack.php -w small.lst -c 2c5419e6db59f283bcbb501c722e73c6 -t md5 -l a8f0h2 -r 8hf27
Defuse Security's Hash Cracking Script - v1.1
Begin execution: March 17, 2012, 8:31 pm
Start line: 0
Hash type: md5
Left salt: a8f0h2
Right salt: 8hf27
Current Line: 1000000 Current Password: IndigoIndigo
Current Line: 2000000 Current Password: 5reinforce Rate: 239 k/s
PASSWORD FOUND: Zygomaticing (0x5a79676f6d61746963696e67)
HASH TYPE: md5
LEFT SALT: a8f0h2 (0x613866306832)
RIGHT SALT: 8hf27 (0x3868663237)
Source Code on GitHub