# Trace: 新版本的WordPress和phpbb已经弃用md5,采用phpass加密了(还有其他一些开源WEB程序)。原来DarkC0de上发布了一个phpass.py,是配合字典破解的,这个Phpass_Crack也是。PasswordsPro官方下载的最新版本也已经支持phpass的破解,有字典攻击和暴力破解等方式可选(选择md5(phpbb3) Modul)。
I have written a simple tool for cracking Portable PHP password hashes, which Wordpress uses to hash user passwords. You pipe passwords to it and pass it a passwd file and it tries to crack the hashes.
Download it here: phpass_crack.tar.gz phpass_crack v0.1 [] What is phpass_crack? I wanted to test my Wordpress passwords and John the Ripper wouldn't crack them, and I couldn't [] What do I need to run it? [] How do I use it? cat wordlist.txt | python phpass_crack.py hashes.txt Or, in Windows: type wordlist.txt | python phpass_crack.py hashes.txt Or you can even use John the Ripper to generate your passwords for you, if you don't have a good john --incremental --stdout | python phpass_crack.py hashes.txt [] What format should my passwd file be in? test:$P$BZrfCqm4v6boi6z0L3t8JTycW.zfI61
programmed by m0rebel
=====================
phpass_crack is a password cracker for Portable PHP password hashes, which are used by Wordpress
and other web apps to hash passwords. See http://www.openwall.com/phpass/ for more info on
Portable PHP hashes, to get the PHP script.
find anything else that could, so I made my own script to do it. I used the python module by
Alexander Chemeris, from http://www.openwall.com/phpass/contrib/phpass-python-0.1.tar.gz. I
modified it slightly to use the hashlib python library instead of the depreciated md5 one it was
using.
=========================
I tested this with Python 2.6 in Windows and Linux. It should run in any operating system though.
I haven't tested it with Python 3.
================
You need to pipe passwords into phpass_crack.py from another source, and supply phpass_crack.py
with a passwd file with the phpass hashes. If your wordlist is wordlist.txt and your hashes are
stored in hashes.txt, then you would run this by doing:
wordlist:
========================================
Each line should contain a different user/hash combination. For example, a passwd file with a
single user named "test" with the password "letmein" would look like this:
原创文章如转载,请注明:转载自心动吧黑客BLOG [ http://www.abcxd.com/abcxd/ ]
本文链接地址:http://www.abcxd.com/abcxd/abcxdArticle/hackeer/phpass_crack.html