#!/usr/bin/perl # # Perlwd.pl - an md5 hasher/matchup program # written by Trevelyn, douglas@weaknetlabs.com # http://weaknetlabs.com/code/perlwd # Editted by Godot for dual-core threading # # use Crypt::PasswdMD5; use Time::Stopwatch; ($arg0, $arg1, $arg2, $arg3) = @ARGV; if ($arg0 eq "") { &help; } if ($arg0 eq "-v") { &crackv; } if ($arg0 eq "-c") { &create; } if ($arg0 eq "-q") { &crackq; } if ($arg0 eq "-f") { &crackf; } if ($arg0 eq "-a") { &ammend; } if ($arg0 eq "-t") { &crackt; } sub create { print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me a salt\n"; print " \'--> "; $salt = ; chomp $salt; print " +- Okay, Give me a Word\n"; print" \'--> ";$word = ; chomp $word; $crypted = unix_md5_crypt($word, $salt); print " +- The hash is \n"; print " \'--> $crypted\n"; &again; } sub again { print " .----------->\n"; print " +- Would you like to use the tool again? [y/N] \n"; print " \'--> ";$ans0 = ; chomp $ans0; $ans0 =~ tr/A-Z/a-z/; if ($ans0 eq "y") { &create; } if ($ans0 eq "n") { exit; } } sub crackv { if ($arg1 eq "") { &nowordlist; } $n = 0; print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me the hashed line you have, e.g. from /etc/shadow, or /etc/master.passwd\n"; print " \'--> "; $hashc = ; chomp $hashc; @colon = split (/:/, $hashc); @dollar = split (/\$/, $hashc); @hashonly = split(/\$/, @colon[1]); $SALT = @dollar[2]; $HASH = @hashonly[3]; print " \'--> \"@hashonly[3]\" is the hash to crack and \"@dollar[2]\" is the salt i\'m guessing... \n"; print " .----------->\n"; print " +- Ok, press enter to hack @colon[0]\'s acct. \[ This may take a while depending on your CPU speed(s) \] \n"; print " \'--> "; $enterc = ; chomp $enterc; tie my $timer, 'Time::Stopwatch'; open (FILE1, "$arg1"); while () { $line = $_; chomp $line; $crypted = unix_md5_crypt($line, $SALT); $n++; print " +- $crypted\tas [ $line ]\n"; if ($crypted =~ m/$HASH/) { print " +-\n +-\n +-\t[ + ]\tKEY FOUND !! $HASH is [ $line ] \n"; $minutes = ($timer / 60); $minutes1 = int($minutes); if ($minutes1 >= 60) { $hours = ($minutes1 / 60); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $hours hour(s).\n"; print " \'--> \n\n";exit; } if ($timer >= 60) { $minutes0 = ($timer / 60); $minutesint = int($minutes0); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $minutesint minute(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'--> \n\n";exit; } $seconds = int($timer); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $seconds second(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'--> \n\n";exit; } }&nojoy; } sub crackq { if ($arg1 eq "") { &nowordlist; } $n = 0; print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me the hashed line you have, e.g. from /etc/shadow, or /etc/master.passwd\n"; print " \'--> "; $hashc = ; chomp $hashc; @colon = split (/:/, $hashc); @dollar = split (/\$/, $hashc); @hashonly = split(/\$/, @colon[1]); $SALT = @dollar[2]; $HASH = @hashonly[3]; print " \'--> \"@hashonly[3]\" is the hash to crack and \"@dollar[2]\" is the salt i\'m guessing... \n"; print " .----------->\n"; print " +- Ok, press enter to hack @colon[0]\'s acct. \[ This may take a while depending on your CPU speed(s) \] \n"; print " \'--> "; $enterc = ; chomp $enterc; tie my $timer, 'Time::Stopwatch'; open (FILE1, "$arg1"); while () { $line = $_; chomp $line; $crypted = unix_md5_crypt($line, $SALT); $n++; if ($crypted =~ m/$HASH/) { print " +-\n +-\n +-\t[ + ]\tKEY FOUND !! $HASH is [ $line ] \n"; $minutes = ($timer / 60); $minutes1 = int($minutes); if ($minutes1 >= 60) { $hours = ($minutes1 / 60); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $hours hour(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'--> \n\n";exit;} if ($timer >= 60) { $minutes0 = ($timer / 60); $minutesint = int($minutes0); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $minutesint minute(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second.\n \'--> \n\n";exit;} $seconds = int($timer); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $seconds second(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'-->\n\n";exit;} }&nojoy; } sub crackf { print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me the hash file e.g. from /etc/shadow, or /etc/master.passwd\n"; print " \'--> "; $hashfile = ; chomp $hashfile; print " .----------->\n"; print " +- Press to continue, this may take a while... "; print "\n \'--> "; $e = ; chomp $e; print "\n +- Okay, testing now... \n\n"; open(HASHF, $hashfile); while () { $hashfileline = $_; chomp $hashfileline; if ($hashfileline =~ /\$1\$/) { print " .------->>\n +--> Found hash!\n"; @HASHdollars = split(/\$/, $hashfileline); @HASHcolons = split(/:/, @HASHdollars[3]); print " \'--> For user: \"@HASHdollars[0]\"\n"; print " \'--> The salt is \"@HASHdollars[2]\", and the hash is \"@HASHcolons[0]\" I\'m guessing..\n"; $ACCT = @HASHdollars[0]; $HASHED = @HASHcolons[0]; $SALTED = @HASHdollars[2]; open (WORDZ, $arg1); &filework; } } sub crackt { if ($arg1 eq "") { &help; } if ($arg2 eq "") { &nowordlist; } use threads; use threads::shared; no warnings 'threads'; print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me the hashed line you have, e.g. from /etc/shadow, or /etc/master.passwd\n"; print " \'--> "; $hashc = ; chomp $hashc; @colon = split (/:/, $hashc); @dollar = split (/\$/, $hashc); @hashonly = split(/\$/, @colon[1]); $SALT = @dollar[2]; $HASH = @hashonly[3]; print " \'--> \"@hashonly[3]\" is the hash to crack and \"@dollar[2]\" is the salt i\'m guessing... \n"; print " .----------->\n"; print " +- Ok, press enter to hack @colon[0]\'s acct. \[ This may take a while depending on your CPU speed(s) \] \n"; print " \'--> "; $enterc = ; chomp $enterc; tie $timer, 'Time::Stopwatch'; open (FILE1, "$arg2"); @file1 = ; $size = @file1; for ($i = 0; $i < $arg1; $i++) { $thr[$i] = threads->create(test, $i); } for ($i = 0; $i < $arg1; $i++) { $thr[$i]->join(); } $n = $size; &nojoy; } sub test { for (my $n = $_[0]; $n <= $size; $n += $arg1) { $line = $file1[$n]; chomp $line; $crypted = unix_md5_crypt($line, $SALT); if ($crypted =~ m/$HASH/) { print " +-\n +-\n +-\t[ + ]\tKEY FOUND !! $HASH is [ $line ] \n"; $minutes = ($timer / 60); $minutes1 = int($minutes); if ($minutes1 >= 60) { $hours = ($minutes1 / 60); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $hours hour(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'--> \n\n";exit;} if ($timer >= 60) { $minutes0 = ($timer / 60); $minutesint = int($minutes0); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $minutesint minute(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second.\n \'--> \n\n";exit;} $seconds = int($timer); $per = int($n / $timer); print " +-\t[ + ]\tWhen used with the \"$SALT\" salt. Tested ($n) keys in about $seconds second(s).\n"; print " +-\t[ + ]\tAbout ($per) key\'s per second...\n \'-->\n\n";exit;} } } sub filework { while () { $wordline = $_; chomp $wordline; $encryptmatch = unix_md5_crypt($wordline, $SALTED); if ($encryptmatch =~ /$HASHED/) { print "\n +- [ + ]\n +- [ + ] KEY FOUND !! $ACCT [ $wordline ]\n +- [ + ]\n\n"; }if ($encryptmatch =~ /$HASHED/) { last } } }exit;} sub ammend { $n = 0; @set = ('00'..'99'); print "\n .-->>> Welcome to Perlwd.pl!! <<<--.\n\n"; print " .----------->\n"; print " +- Give me the word file I will add numbers 00-99 to the ends of each one.\n"; print " +- This sometimes, could possibly further your chances...\n \'--> "; $wordfile = ; chomp $wordfile; print " .------------>\n"; print " +- Okay, $wordfile it is. Now give me a name for the output file..\n \'--> ";$outputfile = ; chomp $outputfile; print " +- This may take some time depending on your processor speed, press to continue...\n \'--> ";$r = ; chomp $r; open (WFILE, $wordfile); while () { open (NEWF, ">>$outputfile"); $line = $_; chomp $line; while ($n < 100) { print NEWF "$line@set[$n]\n"; $n++; } print " +- Added $line\[00-99] \n"; $n = 0;}close (NEWF); exit; } sub help { print "\n oooooooooo o888 oooo\n"; print " 888 888 ooooooooo8 oo oooooo 888 oooo o oooo ooooo888 \n"; print " 888oooo88 888oooooo8 888 888 888 888 888 888 888 888 \n"; print " 888 888 888 888 888888888 888 888 \n"; print " o888o 88oooo888 o888o o888o 88 88 88ooo888o \n\n"; print " -= 2008 Weak-Net Labs =- \n\n"; print " usage: -v \n"; print "\tSpecify a line from a hash file and a wordlist to use,\n"; print "\tThis is \"verbose\" and writes each line to your terminal.\n"; print " usage: -c\n"; print "\tCreate a hash by entering a salt and a word.\n"; print " usage: -q \n"; print "\tSupress output; quiet mode. [ cuts time in half ] \n"; print " usage: -f \n"; print "\tCrack a whole file containing md5 hashes. [ slightly verbose ]\n"; print " usage: -t \n"; print "\tUse multiple threads. [ quiet and fast. use with dual core systems ] \n"; print " usage: -a\n"; print "\tAdd digits [00..99] to the end of each word in a wordlist.\n"; print " examples:\n"; print "\tperl Perlwd.pl -q /path/to/wordlist.txt\n"; print "\tperl Perlwd.pl -v /path/to/wordlist.txt\n"; print "\tperl Perlwd.pl -f /path/to/wordlist.txt\n"; print "\tperl Perlwd.pl -t 4 /path/to/wordlist.txt\n"; print "\tperl Perlwd.pl -c\n"; print "\tperl Perlwd.pl -a\n"; print "\n If your wordlist file is in the current directory, simply type it's name. \n"; print "\n"; exit; } sub nojoy { print "\n\n +- Sorry, I wasn\'t able to get $HASH decrypted for you \:-(\n\n"; print " +- Tested ($n) keys.. \n"; print " +- Please try a bigger word list, or perhaps a random string generator.\n";exit;} sub nowordlist { print "\n\n +- Sorry, but you have not provided a word list!\n"; print "\n +- Please run Perlwd without any arguments for help on usage :-)\n\n\n";exit; } exit;