Drupal 6 MD5 Password Reverse Lookup

Drupal 6 MD5 Password Reverse Lookup

تصفح هذا الموقع The ethics or reverse engineering your users passwords are at best questionable but I have recently had a case to do so ethically as the site used a 3rd party API to which the password was sent when the user logged in to a Drupal 6 site. 

كسب المال على الانترنت مجانا

انظر هنا This old system is clearly not very well thought through as it sends un-encrypted user data via http but this is not the point of this post. 

http://craigpauldesign.co.uk/?izi=%D8%A3%D8%B3%D8%B9%D8%A7%D8%B1-%D8%B0%D9%87%D8%A8&327=7b أسعار ذهب

خيار ثنائي روبوت ايطاليا As I needed to get some real data from the API I had no choice to look-up the MD5 hashed passwords form the Drupal 6 database to gather a good batch to work with. 

http://esplaicaravaning.com/?pelmen=%D8%B3%D9%88%D9%82-%D8%A7%D9%84%D8%A7%D8%B3%D9%87%D9%85-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A-%D9%85%D8%A8%D8%A7%D8%B4%D8%B1%D8%A9&437=7b

http://www.greensteve.com/?armjanin=%D9%83%D9%8A%D9%81-%D8%AA%D9%83%D8%B3%D8%A8-%D8%A7%D9%84%D9%85%D8%A7%D9%84-%D9%81%D9%8A-%D8%A7%D9%84%D9%85%D9%85%D9%84%D9%83%D8%A9-%D8%A7%D9%84%D9%85%D8%AA%D8%AD%D8%AF%D8%A9&cb1=2d Please note this is only intended to help people facing similar issues and not designed to hack people's facebook or bank accounts! Use the code below to create a drush command that will write a CSV of user data where the password is reversible. 

http://caneandrinse.com/?kawpirovskuy=%D8%A7%D8%AE%D8%B1-%D8%AA%D8%AF%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%A7%D8%B3%D9%87%D9%85-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D9%87&5f0=5d

http://encore-realty.com/?sebig=valutahandel-jobb&bde=bc valutahandel jobb You will also need to generate an API key form md5Crack.com and then edit the API key in the code to use this example.  

http://www.chestnuthorsefeeds.co.uk/?pole=%D9%86%D8%B8%D9%85-%D8%A7%D9%84%D8%AA%D8%AF%D8%A7%D9%88%D9%84-%D8%A8%D8%A7%D9%84%D9%81%D9%88%D8%B1%D9%83%D8%B3

http://rankingsolutions.com/?ilminec=%D9%81%D9%88%D8%B1%D9%83%D8%B3-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&bb3=88 Below is the code from the Drush file and you can get the full module form my GitHub profile.  

http://www.juegosfriv.co.com/?yorkos=%D8%AE%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA-%D8%A7%D9%84%D8%B3%D9%85%D8%A7%D8%B3%D8%B1%D8%A9-%D8%A7%D9%84%D8%AB%D9%86%D8%A7%D8%A6%D9%8A%D8%A9-%D8%A7%D9%84%D8%AA%D9%8A-%D8%AA%D9%86%D8%B8%D9%85%D9%87%D8%A7-%D8%A7%D9%84%D9%87%D9%8A%D8%A6%D8%A9-%D8%A7%D9%84%D8%A7%D8%AA%D8%AD%D8%A7%D8%AF%D9%8A%D8%A9-%D9%84%D9%84%D8%AC%D9%85%D8%A7%D8%B1%D9%83&195=6f

http://www.elsiemagazine.com/?afimos=%D8%A3%D8%B3%D8%B9%D8%A7%D8%B1-%D8%B9%D9%85%D9%84%D8%A7%D8%AA-%D8%A7%D9%84%D9%81%D9%88%D8%B1%D9%83%D8%B3&919=7a <?php   /** * Implements hook_drush_command(). */ function md_reverse_drush_command() { $items['md_reverse'] = array( 'description' => dt('Exports reversable users to a file in the tmp directory'), ); return $items; }   /** * Creates a CSV of users who's passwords we were able to reverse lookup */ function drush_md_reverse() { $sql = "SELECT uid, name, pass FROM users;"; $result = db_query($sql); $total = $result->num_rows !== NULL ? $result->num_rows : db_result(db_query("SELECT count(1) FROM users;")); $users = array(); $i = 0; $cracked = 0; $fp = fopen( variable_get('file_directory_temp', '/tmp') . '/md_reverse.csv', 'w' );   while ($row = db_fetch_object($result)) { $u = user_load($row->uid);   if (($reverse = md_reverse_md5CrackCom($u->pass)) !== FALSE) { $users[$u->uid] = array( 'uid' => md_reverse_empty($u->uid), 'name' => md_reverse_empty($u->name), 'mail' => md_reverse_empty($u->mail), 'md5' => md_reverse_empty($u->pass), 'password' => $reverse, ); fputcsv($fp, (array) $users[$u->uid]); $cracked++; }   $i++; echo "$i / $total \n"; } fclose($fp);   echo "Total passwords cracked: $cracked of $total \n"; }   /** * returns an empts string if the input is null or false or the input if there * is anything positive to return * * @param mixed string|bool|NULL $x * * @return string */ function md_reverse_empty($x) { return empty($x) ? '' : $x; }   /** * Does an API request to md5crack.com * * @param string $md5 * @return mixed boolean|string */ function md_reverse_md5CrackCom($md5) { // Variables $type = "crack"; $apikey = "YOURAPIKEY";   $return = json_decode( file_get_contents( "http://api.md5crack.com/" . $type . "/" . $apikey . "/" . $md5 ) );   echo $return->response . "\n";   if ($return->code == 6) { return $return->parsed; } else { return FALSE; } }

Comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.