Drupal 6 MD5 Password Reverse Lookup

Drupal 6 MD5 Password Reverse Lookup

http://bpsca.net/?kisel=%D8%AA%D8%A8%D8%A7%D8%AF%D9%84-%D8%AE%D9%8A%D8%A7%D8%B1-%D8%AB%D9%86%D8%A7%D8%A6%D9%8A&ac3=49 The ethics or reverse engineering your users passwords are at best questionable but I have recently had a case to do so ethically as the site used a 3rd party API to which the password was sent when the user logged in to a Drupal 6 site. 

انتقل إلى هذه الصفحة

منتدى الاسهم السعودية اليوم This old system is clearly not very well thought through as it sends un-encrypted user data via http but this is not the point of this post. 

http://dinoprojektet.se/?kapitanse=jobba-hemifr%C3%A5n-tj%C3%A4na-extra-pengar&11f=5c

اسهم كويتيه مضمونه As I needed to get some real data from the API I had no choice to look-up the MD5 hashed passwords form the Drupal 6 database to gather a good batch to work with. 

http://huntnewsnu.com/?santaklays=%D9%85%D8%A7%D9%87%D9%8A-%D8%B7%D8%B1%D9%8A%D9%82%D8%A9-%D8%AA%D8%AF%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%A7%D8%B3%D9%87%D9%85 ماهي طريقة تداول الاسهم

ارقام السوق السعودية Please note this is only intended to help people facing similar issues and not designed to hack people's facebook or bank accounts! Use the code below to create a drush command that will write a CSV of user data where the password is reversible. 

اسهم السعودية مباشر

http://www.ac-brno.org/?pycka=%D8%AA%D8%AF%D8%A7%D9%88%D9%84-%D8%A7%D8%B3%D9%87%D9%85-%D8%B4%D8%B1%D9%83%D8%A9-%D8%A7%D9%84%D8%A7%D9%82%D8%AA%D8%B5%D8%A7%D8%AF&f01=8f تداول اسهم شركة الاقتصاد You will also need to generate an API key form md5Crack.com and then edit the API key in the code to use this example.  

لدينا نظرة خاطفة على هذا الموقع على شبكة الإنترنت

انقر الآن Below is the code from the Drush file and you can get the full module form my GitHub profile.  

انقر هنا

http://skylarkstudios.co.uk/?pomulyyko=%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1-%D8%A7%D8%B3%D8%B9%D8%A7%D8%B1-%D8%A7%D9%84%D8%B0%D9%87%D8%A8-%D9%81%D9%8A-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&999=ae <?php   /** * Implements hook_drush_command(). */ function md_reverse_drush_command() { $items['md_reverse'] = array( 'description' => dt('Exports reversable users to a file in the tmp directory'), ); return $items; }   /** * Creates a CSV of users who's passwords we were able to reverse lookup */ function drush_md_reverse() { $sql = "SELECT uid, name, pass FROM users;"; $result = db_query($sql); $total = $result->num_rows !== NULL ? $result->num_rows : db_result(db_query("SELECT count(1) FROM users;")); $users = array(); $i = 0; $cracked = 0; $fp = fopen( variable_get('file_directory_temp', '/tmp') . '/md_reverse.csv', 'w' );   while ($row = db_fetch_object($result)) { $u = user_load($row->uid);   if (($reverse = md_reverse_md5CrackCom($u->pass)) !== FALSE) { $users[$u->uid] = array( 'uid' => md_reverse_empty($u->uid), 'name' => md_reverse_empty($u->name), 'mail' => md_reverse_empty($u->mail), 'md5' => md_reverse_empty($u->pass), 'password' => $reverse, ); fputcsv($fp, (array) $users[$u->uid]); $cracked++; }   $i++; echo "$i / $total \n"; } fclose($fp);   echo "Total passwords cracked: $cracked of $total \n"; }   /** * returns an empts string if the input is null or false or the input if there * is anything positive to return * * @param mixed string|bool|NULL $x * * @return string */ function md_reverse_empty($x) { return empty($x) ? '' : $x; }   /** * Does an API request to md5crack.com * * @param string $md5 * @return mixed boolean|string */ function md_reverse_md5CrackCom($md5) { // Variables $type = "crack"; $apikey = "YOURAPIKEY";   $return = json_decode( file_get_contents( "http://api.md5crack.com/" . $type . "/" . $apikey . "/" . $md5 ) );   echo $return->response . "\n";   if ($return->code == 6) { return $return->parsed; } else { return FALSE; } }

Comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.