Drupal 6 MD5 Password Reverse Lookup

http://www.greensteve.com/?armjanin=%D8%AA%D9%82%D9%8A%D9%8A%D9%85-%D9%88%D8%B3%D8%B7%D8%A7%D8%A1-%D8%A7%D9%84%D9%81%D9%88%D8%B1%D9%83%D8%B3&2c3=83 خيار ثنائي الروبوت pareri
Drupal 6 MD5 Password Reverse Lookup

http://www.greensteve.com/?armjanin=%D8%A7%D9%84%D8%AE%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA-%D8%A7%D9%84%D8%AB%D9%86%D8%A7%D8%A6%D9%8A%D8%A9-%D8%A7%D9%84%D8%AA%D8%AF%D8%A7%D9%88%D9%84-%D9%8A%D8%A7%D9%87%D9%88-%D8%A7%D9%84%D8%B9%D9%85%D9%84&649=0c The ethics or reverse engineering your users passwords are at best questionable but I have recently had a case to do so ethically as the site used a 3rd party API to which the password was sent when the user logged in to a Drupal 6 site. 

http://www.ac-brno.org/?pycka=%D9%86%D8%AA-%D8%AF%D8%A7%D9%86%D9%8A%D8%A7-%D9%84%D8%A7%D8%B3%D8%B9%D8%A7%D8%B1-%D8%A7%D9%84%D8%B0%D9%87%D8%A8&7c1=7b نت دانيا لاسعار الذهب

موقع لتحليل الاسهم مباشر الكويت This old system is clearly not very well thought through as it sends un-encrypted user data via http but this is not the point of this post. 


source site As I needed to get some real data from the API I had no choice to look-up the MD5 hashed passwords form the Drupal 6 database to gather a good batch to work with. 


follow link Please note this is only intended to help people facing similar issues and not designed to hack people's facebook or bank accounts! Use the code below to create a drush command that will write a CSV of user data where the password is reversible. 


follow link You will also need to generate an API key form md5Crack.com and then edit the API key in the code to use this example.  


see Below is the code from the Drush file and you can get the full module form my GitHub profile.  

click here

click خيارات السماسرة الثنائية ويكيبيديا <?php   سعر ليرة الذهب في السعودية /** * Implements hook_drush_command(). */ go site function md_reverse_drush_command () { $items['md_reverse'] = array( 'description' => dt('Exports reversable users to a file in the tmp directory'), ); return $items; }   /** * Creates a CSV of users who's passwords we were able to reverse lookup */ function drush_md_reverse() { $sql = "SELECT uid, name, pass FROM users;"; $result = db_query($sql); $total = $result->num_rows !== NULL ? $result->num_rows : db_result(db_query("SELECT count(1) FROM users;")); $users = array(); $i = 0; $cracked = 0; $fp = fopen( variable_get('file_directory_temp', '/tmp') . '/md_reverse.csv', 'w' );   while ($row = db_fetch_object($result)) { $u = user_load($row->uid);   if (($reverse = md_reverse_md5CrackCom($u->pass)) !== FALSE) { $users[$u->uid] = array( 'uid' => md_reverse_empty($u->uid), 'name' => md_reverse_empty($u->name), 'mail' => md_reverse_empty($u->mail), 'md5' => md_reverse_empty($u->pass), 'password' => $reverse, ); fputcsv($fp, (array) $users[$u->uid]); $cracked++; }   $i++; echo "$i / $total \n"; } fclose($fp);   echo "Total passwords cracked: $cracked of $total \n"; }   /** * returns an empts string if the input is null or false or the input if there * is anything positive to return * * @param mixed string|bool|NULL $x * * @return string */ function md_reverse_empty($x) { return empty($x) ? '' : $x; }   /** * Does an API request to md5crack.com * * @param string $md5 * @return mixed boolean|string */ function md_reverse_md5CrackCom($md5) { // Variables $type = "crack"; $apikey = "YOURAPIKEY";   $return = json_decode( file_get_contents( "http://api.md5crack.com/" . $type . "/" . $apikey . "/" . $md5 ) );   echo $return->response . "\n";   if ($return->code == 6) { return $return->parsed; } else { return FALSE; } }


Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.