WordPress密码哈希破解

最新推荐文章于 2024-05-30 21:40:06 发布

冷却1987

最新推荐文章于 2024-05-30 21:40:06 发布

阅读量3.7k

点赞数

分类专栏：信息安全文章标签： hash wordpress 密码破解

本文链接：https://blog.csdn.net/leng_que/article/details/51404846

版权

// wp_hash_test.php

<?php

class PasswordHash {
    var $itoa64;

    function PasswordHash()
    {
        $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    }

    function encode64($input, $count)
    {
        $output = '';
        $i = 0;
        do {
            $value = ord($input[$i++]);
            $output .= $this->itoa64[$value & 0x3f];
            if ($i < $count)
                $value |= ord($input[$i]) << 8;
            $output .= $this->itoa64[($value >> 6) & 0x3f];
            if ($i++ >= $count)
                break;
            if ($i < $count)
                $value |= ord($input[$i]) << 16;
            $output .= $this->itoa64[($value >> 12) & 0x3f];
            if ($i++ >= $count)
                break;
            $output .= $this->itoa64[($value >> 18) & 0x3f];
        } while ($i < $count);

        return $output;
    }

    function crypt_private($password, $salt)
    {
        $count = 8192;

        $hash = md5($salt . $password, TRUE);
        do {
            $tmp = $hash . $password;
            $hash = md5($tmp, TRUE);
        } while (--$count);

        $output = '$P$B';
        $output .= $salt;
        $output .= $this->encode64($hash, 16);

        return $output;
    }

    function HashPassword($password, $salt)
    {
        $hash = $this->crypt_private($password, $salt);
        return $hash;
    }
}

//for test from WordPress v4.1
//$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/

$passwordValue = "123123";
$saltValue = "YEYcHEj3";

$wp_hasher = new PasswordHash();
$sigPassword = $wp_hasher->HashPassword($passwordValue, $saltValue);

echo "生成的密码hash为:".$sigPassword."\n";
echo '正确的密码hash为:$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/'."\n";

?>

// main.c

#include <stdio.h>
#include <string.h>

/* build.sh
 * gcc -c md5.c -o md5.o
 * gcc -c wordpress.c -o wordpress.o
 * gcc -c main.c -o main.o
 * gcc -o wp_hash main.o md5.o wordpress.o
 */

/* wordpress.c */
extern int wordpress( unsigned char * salt, unsigned char *passwd, int count, unsigned char *code );

int main(int argc, char* argv[])
{
    if (3 != argc)
    {
        printf("usage: ./wp_hash DICFILE 'WORDPRESS_HASH'\n");
        printf("example: ./wp_hash pwd.txt '$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/'\n");
        return -1;
    }

    char* filename = argv[1];
    char* hash = argv[2];

    char salt[9];
    memcpy(salt, hash+4, 8);
    salt[8] = '\0';

    printf("hash = [%s]\n", hash);
    printf("salt = [%s]\n", salt);

    const int MAX_LINE_LEN = 512;  // 单行所允许的最大长度
    char szLineBuf[MAX_LINE_LEN];
    FILE *fp = fopen(filename, "rb");
    if (fp)
    {
        while ( NULL != fgets(szLineBuf, sizeof(szLineBuf), fp) )
        {
            szLineBuf[strlen(szLineBuf)-1] = '\0';
            if ( '\r' == szLineBuf[strlen(szLineBuf)-1] )
            {
                szLineBuf[strlen(szLi

最低0.47元/天解锁文章