+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: General Zone (https://www.indonesianbacktrack.or.id/forum/forum-172.html)
+--- Forum: Programming (https://www.indonesianbacktrack.or.id/forum/forum-95.html)
+---- Forum: Python (https://www.indonesianbacktrack.or.id/forum/forum-111.html)
+---- Thread: joomla hash cracker (python) (/thread-1355.html)
joomla hash cracker (python) - nasa - 12-04-2011
gara-gara penasaran ma joomla vulnerable yang ada di exploit-db.com
Joomla jobprofile sql Injection
trus berhasil nemuin target, tapi bingung nyari md5 decrypter di google.. akhir'y terciptalah script yang sederhana dan banyak kekurangan ini...
script ini berguna untuk mem- brute force password joomla yang di enkripsi menggunakan wordlist...
Code:
#!/usr/bin/python
# joomla hash brute force by nasa
# thanks buat IBTeam
# visit http://forum.indonesianbacktrack.or.id
from hashlib import md5
import sys
import string
import binascii, re
import time
print '''
___ ____ _____
|_ _| __ )_ _|__ __ _ _ __ ___
| || _ \ | |/ _ \/ _` | '_ ` _ \
| || |_) || | __/ (_| | | | | | |
|___|____/ |_|\___|\__,_|_| |_| |_| joomla hash cracker !
__________________________________________________________
Http://forum.indonesianbacktrack.or.id by nasa
[*] Starting joomla hash cracker at ''' + time.ctime() + ''' \n\n '''
time.sleep(1)
if len(sys.argv) != 3:
print 'Error !!'
print 'Usage: ' + sys.argv[0] + ' <hash:salt> <wordlist>'
sys.exit(1)
else:
_hash = sys.argv[1].split(':')
_md5 = _hash[0]
_salt = _hash[1]
f = open(sys.argv[2], 'r')
for line in f:
kata = re.sub(r'\W+', '',line)
crack = md5(kata + _salt).hexdigest()
print ' [*] Cracking ' + _md5 + ':' + _salt + ' With : ' + kata
if(crack == _md5):
print '\n'
print ' [+] ' + _md5 + ':' + _salt + ' --- Password found: ' + kata
print ' Viva la Backtrack, by IBTeam !'
sys.exit(0)
print '\n'
print ' [*] No word match, never give up'
print ' [*] try other wordlist : - ('
sys.exit(1)save dengan extensi .py lalu chmod +x
ss :
![[Image: brute-1.png]](http://i1112.photobucket.com/albums/k498/koteka_baliem/brute-1.png)
download di pastebin
thx...
nb :
web yg jadi inspirasi :
sql injection
RE: joomla hash cracker (python) - THJC - 12-04-2011
butuh waktu berapa lama om untuk brute?
wah ini butuh kamus yang gila-gilaan -_-
RE: joomla hash cracker (python) - kevin - 12-04-2011
Emang nggak bisa yg om di de-encrypt pake tools yg kaya di milw0rm ato lainnya gitu?
RE: joomla hash cracker (python) - nasa - 12-04-2011
kalo waktu, kya'y tergantung kamus om
kamus'y om zee tuh yang keren, jd pengen minta... wkwkwkwkwk
(12-04-2011, 07:19 AM)kevin Wrote: Emang nggak bisa yg om di de-encrypt pake tools yg kaya di milw0rm ato lainnya gitu?
milworm udh tutup
sebenarnya sih bisa di cari di google kl tanpa salt, yg jdi permasalahan'y salt'y g selalu sama ...
RE: joomla hash cracker (python) - kevin - 12-04-2011
Jd salt'nya yg beda2..
Ohh, rempong deh kalo gitu
RE: joomla hash cracker (python) - nasa - 12-04-2011
(12-04-2011, 07:13 AM)THJC Wrote: butuh waktu berapa lama om untuk brute?
wah ini butuh kamus yang gila-gilaan -_-
sepertinya bisa di percepat klo multi thread, perlu curhat nih ma om RR12 n om romanticdevil
RE: joomla hash cracker (python) - THJC - 12-04-2011
oiya, ini md5+salt?
keren dong kalau +salt...
Ayoo dipoles lagi
Tapi udah keren kog
+1
RE: joomla hash cracker (python) - bee_os - 12-04-2011
ane coba jlanin kok error ya bang ??
Quote:Traceback (most recent call last):
File "./hash.py", line 38, in <module>
_salt = _hash[1]
IndexError: list index out of range
RE: joomla hash cracker (python) - nasa - 12-04-2011
ngejalanin'y :
./hash.py <hash
alt> <wordlist>contohnya:
./hash.py e7b111c770d31929c10f691aea39a058:SNLhy45a wordlist.txt
ket:
md5 ma salt'y di pisahin pake ":"
RE: joomla hash cracker (python) - iKONspirasi - 12-04-2011
dah ane tes, it works
mantab bro
cek kulkas
