文章作者:magicbear
信息来源:邪恶八进制信息安全团队(
www.eviloctal.com)
申请vip.....
有批处理功能,我当时突然要用,就写了个,呵呵,破解速度还算ok,不过不能支持太大的dictionary,要看內存的多少
字典为了速度,所以为binary
格式:
密码明文28位+int64位md5 hash+密码明文28位+int64位md5 hash+...........
我c++的程序写得不太好,別见怪....
复制内容到剪贴板
代码:
// MD5Dict.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "windows.h"
#include "stdlib.h"
#include "fstream"
#include "conio.h"
#include "resource.h"
#include "commdlg.h"
#define CalcTime 200
BOOL pause = false;
HWND hWnd = NULL;
BOOL runproc = true;
HWND hDlgBox;
FILE *fEnd = NULL;
LRESULT CALLBACK ControlBox(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
//static HFONT hFont = NULL;
//HDC hDC = NULL;
switch (message)
{
case WM_INITDIALOG:
hDlgBox = hDlg;
/* hDC = GetDC(hDlg);
hFont = CreateFont(MulDiv(11, GetDeviceCaps(hDC, LOGPIXELSY),72),0,0,0,FW_NORMAL,0,0,0,ANSI_CHARSET,OUT_STROKE_PRECIS,CLIP_STROKE_PRECIS,DRAFT_QUALITY, VARIABLE_PITCH, "Tahoma");
SendMessage(GetDlgItem(hDlg,IDOK), WM_SETFONT, (LPARAM)hFont, 0);
SendMessage(GetDlgItem(hDlg,IDCANCEL), WM_SETFONT, (LPARAM)hFont, 0);
SendMessage(GetDlgItem(hDlg,IDC_BUTTON1), WM_SETFONT, (LPARAM)hFont, 0);
ReleaseDC(hDlg, hDC);*/
return TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK){
pause = !pause;
if (pause) SetDlgItemText(hDlg, IDOK, "&Resume");
else SetDlgItemText(hDlg, IDOK, "&Pause");
return TRUE;
}else if (LOWORD(wParam) == IDC_SAVE){
fflush(fEnd);
return TRUE;
}else if (LOWORD(wParam) == IDCANCEL){
//DeleteObject(hFont);
fflush(fEnd);
EndDialog(hDlg, LOWORD(wParam));
return TRUE;
}
break;
}
return FALSE;
}
long FileSize(char *filename){
HANDLE file = CreateFile(filename,GENERIC_READ,0,NULL,OPEN_EXISTING,0,NULL);
if (!file) return -1;
long size = GetFileSize(file,NULL);
CloseHandle(file);
return size;
}
char *dbpass;
unsigned __int64 *dbhash;
unsigned __int64 *batchcnv;
char *batchuid;
bool batchconvert = false;
bool readhash(int pos, char *dpass, unsigned __int64 &dhash){
memcpy(dpass,dbpass + pos*28, 28);
dhash = *(dbhash + pos);
return true;
}
inline unsigned __int64 readbatch(int pos, char *uid){
memcpy(uid, batchuid + pos * 10, 10);
return *(batchcnv + pos);
}
void formati64(unsigned __int64 dhash, char *msg){
int dh[1];
memcpy(&dh, &dhash, 16);
wsprintf(msg, "%08lx%08lx", dh[1], dh[0]);
}
inline __int64 GetCycleCount()
{
LARGE_INTEGER litmp;
QueryPerformanceCounter(&litmp);
return litmp.QuadPart;
}
inline double GetTime(__int64 start, int secshow = 0)
{
LARGE_INTEGER litmp;
double dfFreq;
QueryPerformanceFrequency(&litmp);
// 获得计数器的时钟频率
dfFreq = (double)litmp.QuadPart;
__int64 end = GetCycleCount();
double rtime = (double)(end - start)*1000 / dfFreq;
if (secshow) rtime = rtime / 1000;
return rtime;
}
void right_trim(char *str){
int len = strlen(str);
int i;
for (i = len - 1; i >= 0; i--) {
if (str[i] == ' ' || str[i] == '\n' || str[i] == '\r' ||
str[i] == '\t' || str[i] == '\v') {
len--;
} else {
break;
}
}
str[len] = '\0';
}
void basename(char *s, size_t len, char *suffix, size_t sufflen, char *ret)
{
char *c, *p=NULL, buf='\0', *p2=NULL, buf2='\0';
c = s + len - 1;
/* do suffix removal as the unix command does */
if (suffix && (len > sufflen)) {
if (!strncmp(suffix, c-sufflen+1, sufflen)) {
c -= sufflen;
buf2 = *(c + 1); /* Save overwritten char */
*(c + 1) = '\0'; /* overwrite char */
p2 = c + 1; /* Save pointer to overwritten char */
}
}
/* strip trailing slashes */
while (*c == '/'
#ifdef WIN32
|| (*c == '\\' && !IsDBCSLeadByte(*(c-1)))
#endif
)
c--;
if (c+1 >= s && c < s+len-1) {
buf = *(c + 1); /* Save overwritten char */
*(c + 1) = '\0'; /* overwrite char */
p = c + 1; /* Save pointer to overwritten char */
}
#ifdef WIN32
if ((c = strrchr(s, '/')) || ((c = strrchr(s, '\\')) && !IsDBCSLeadByte(*(c-1)))) {
if (*c == '/') {
char *c2 = strrchr(s, '\\');
if (c2 && !IsDBCSLeadByte(*(c2-1)) && c2 > c) {
c = c2;
}
}
#else
if ((c = strrchr(s, '/'))) {
#endif
strcpy(ret, c + 1);
} else {
strcpy(ret, s);
}
if (buf) *p = buf;
if (buf2) *p2 = buf2;
}
bool __inline convhash(char *pass, unsigned __int64 *hash){
int i;
int len = strlen(pass);
if (len == 32){
for (i=8;i<24;i++){
pass[i-8] = pass[i];
}
pass[16] = 0;
}else if (len != 16){
if (!batchconvert){
printf("Your password not MD5 encrypt!! (Length wrong)\n");
}
return false;
}
unsigned long la[1];
if (EOF == sscanf(pass, "%08lx%08lx", &la[1], &la[0])){
if (!batchconvert){
printf("Your password not MD5 encrypt!!\n");
}
return false;
}
memcpy(hash, &la, 16);
return true;
}
DWORD __stdcall CreateThreadFunc( LPVOID )
{
DialogBox(GetModuleHandle("Explorer.exe"), (LPCTSTR)IDD_DIALOG1, hWnd, (DLGPROC)ControlBox);
runproc = false;
return 0;
}
int main(int argc, char* argv[])
{
HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(hCon, 31);
printf(" =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \n");
SetConsoleTextAttribute(hCon, 27);
printf(" MD5 Dictionary V1.0.6 \n");
printf(" Copyright: Magic Bear \n");
SetConsoleTextAttribute(hCon, 30);
printf(" Discuss: [url]http://forum.panli.de/[/url] \n");
SetConsoleTextAttribute(hCon, 31);
printf(" =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \n");
SetConsoleTextAttribute(hCon, 7);
long size = FileSize("dict.dat");
if (size == -1){
printf("You didn't have dictionary, please put dict.dat on program folder.\n");
system("PAUSE");
return 0;
}
hWnd = GetForegroundWindow();
SetConsoleTextAttribute(hCon, 11);
printf("DB Size: %ld bytes\n", size);
int rec_count = size / 36;
printf("Record Count: %d\n", rec_count);
SetConsoleTextAttribute(hCon, 7);
dbpass = (char *)malloc(rec_count * 28);
if (dbpass == NULL){
printf("Get memory %d bytes for Password db failure!!\n", rec_count * 28);
system("PAUSE");
return 0;
}
dbhash = (unsigned __int64 *)malloc(rec_count * 8);
if (dbhash == NULL){
free(dbpass);
printf("Get memory %d bytes for Hash db failure!!\n", rec_count * 8);
system("PAUSE");
return 0;
}
int cur = 0;
char dpass[28] = {0};
unsigned __int64 dhash = 0;
FILE *fp = fopen("dict.dat", "rb");
if (!fp){
printf("Can't read your dictionary, please make sure you can access dict.dat.\n");
free(dbhash);
free(dbpass);
system("PAUSE");
return 0;
}
while (cur < rec_count){
fread(dbpass + cur * 28, 28, sizeof(char), fp);
fread(dbhash + cur++, 1, sizeof(unsigned __int64), fp);
}
fclose(fp);
bool exitloop = false;
char batchfile[2048] = {0};
char inp;
printf("Batch convert (y/n): ");
scanf("%c", &inp);
char writemsg[200];
int i;
unsigned __int64 hash;
int total = 0;
long line = 0;
if (inp == 'y' || inp == 'Y' || inp == '1'){
batchconvert = true;
printf("Batch file: ");
OPENFILENAME ofn;
char szFilter[]="Text File (*.txt)\0*.txt\0All File\0*.*\0";
ZeroMemory(&ofn, sizeof(OPENFILENAME));
ofn.lStructSize=sizeof(OPENFILENAME);
ofn.hwndOwner=hWnd;
ofn.lpstrFilter=szFilter;
ofn.nFilterIndex=0;
ofn.nMaxFile=MAX_PATH;
ofn.lpstrTitle="Select File";
ofn.lpstrFile=batchfile;
ofn.nMaxFile=sizeof(batchfile);
ofn.Flags=OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST | OFN_EXPLORER;
GetOpenFileName(&ofn);
//MessageBox(0, szFile, "", MB_OK);
char batchname[2048];
basename(batchfile, strlen(batchfile), NULL, 0, batchname);
if (strlen(batchname) > 0){
printf("%s\n", batchname);
}else{
//scanf("%s", batchfile);
printf("%s\n", batchfile);
}
fp = fopen(batchfile, "r");
long batchsize = FileSize("dict.dat");
if (!fp || batchsize == -1){
printf("Batch file not found, didn't start batch convert!!\n");
batchconvert = false;
}
if (batchconvert){
fEnd = fopen("finish.txt", "a+");
if (fEnd){
strcpy(writemsg, "========================================================================\n");
fwrite(writemsg, strlen(writemsg), sizeof(char), fEnd);
}
printf("Start at [Default: 0]: ");
scanf("%d", &line);
SetConsoleTextAttribute(hCon, 14);
printf("Current Status: ");
SetConsoleTextAttribute(hCon, 7);
printf(" 0");
printf(" / ");
printf("Loading...");
char tmp[80];
if ((batchcnv = (unsigned __int64 *)malloc(batchsize / 2)) == NULL){
printf("Can't get memory for save batch convert db!!\n");
batchconvert = false;
}else if ((batchuid = (char *)malloc((int)((double)batchsize / 2))) == NULL){
printf("Can't get memory for save batch convert ext info db!!\n");
batchconvert = false;
}else{
while (!feof(fp)){
fgets(batchuid + total * 10, 10, fp);
fgets(tmp, 80, fp);
right_trim(tmp);
convhash(tmp, batchcnv + total);
total++;
}
//fseek(fp, 0, SEEK_SET);
fclose(fp);
char ctotal[8] = {0};
printf("\b\b\b\b\b\b\b\b\b\b");
printf("%-8d ", total);
itoa(total, ctotal, sizeof(ctotal));
//for (i=0;i<strlen(ctotal);i++) printf("\b");
printf("\b\b\b\b\b\b\b\b\b\b\b\b\b");
if (line < 0 || line > total) line = 0;
HANDLE hWaitThread = CreateThread(NULL, 0, CreateThreadFunc, 0, 0, 0);
WaitForSingleObject(hWaitThread, 100);
SetThreadPriority(hWaitThread,THREAD_PRIORITY_HIGHEST);
}
}
}
char uid[10] = {0};
__int64 tstart = GetCycleCount();
__int64 starttime = 0;
__int64 remainstart = 0;
double everyone = 0;
double remain = 0;
int succ = 0;
while (runproc){
while (pause && runproc){
Sleep(100);
}
if (!batchconvert){
SetConsoleTextAttribute(hCon, 9);
printf("Please input pass (q to exit): ");
SetConsoleTextAttribute(hCon, 7);
}else{
printf("\b\b\b\b\b\b\b\b%8d", ++line);
}
char pass[40];
if (!batchconvert){
cscanf("%s", pass);
}else{
if (line-1 < total){
hash = readbatch(line - 1, uid);
if (line % CalcTime == 0){
if (line == CalcTime){
remainstart = GetCycleCount();
}else{
everyone = GetTime(remainstart) / (double)CalcTime;
remain = (int)((everyone * (double)(total - line)) / 1000.0);
wsprintf(writemsg, "%d (%d%%)", succ, succ * 100 / line);
SetDlgItemText(hDlgBox, IDC_FOUND, writemsg);
wsprintf(writemsg, "%02d:%02d:%02d", (int)(remain / 3600.0), (int)(remain / 60.0) % 60, (int)remain % 60);
remainstart = GetCycleCount();
SetDlgItemText(hDlgBox, IDC_REMAIN, writemsg);
}
}
}else{
printf("\nTotal run: %.4f s\n", GetTime(tstart, 1));
EndDialog(hDlgBox, 0);
break;
}
}
if (pass[0] == 'q' && pass[1] == '\0') break;
exitloop = false;
if (!batchconvert){
starttime = GetCycleCount();
if (!convhash(pass,&hash)) continue;
}
for (i=0;i<rec_count;i++){
readhash(i, dpass, dhash);
if (dhash == hash){
if (!batchconvert){
SetConsoleTextAttribute(hCon, 14);
printf("Found %s = '%s' In %.4f ms\n", pass, dpass, GetTime(starttime));
SetConsoleTextAttribute(hCon, 7);
}else if (fEnd){
succ++;
formati64(hash, pass);
wsprintf(writemsg, "Found %s = '%s'\t\tUID: %s\n", pass, dpass, uid);
fwrite(writemsg, strlen(writemsg), sizeof(char), fEnd);
}
exitloop = true;
break;
}
}
if (!batchconvert && !exitloop){
printf("Didn't found your password!!\n");
}
}
if (batchconvert){
//fclose(fp);
if (!runproc){
printf("\n");
}
if (fEnd) fclose(fEnd);
}
free(dbpass);
free(dbhash);
free(batchcnv);
free(batchuid);
system("PAUSE");
return 0;
}res.rc
复制内容到剪贴板
代码:
//Microsoft Developer Studio generated resource script.
//
#include "resource.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "afxres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Chinese (P.R.C.) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
#pragma code_page(936)
#endif //_WIN32
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE DISCARDABLE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE DISCARDABLE
BEGIN
"#include ""afxres.h""\r\n"
"\0"
END
3 TEXTINCLUDE DISCARDABLE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_DIALOG1 DIALOG DISCARDABLE 200, 30, 170, 30
STYLE WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "MD5 Dictionary Control"
FONT 10, "Tahoma"
BEGIN
DEFPUSHBUTTON "&Pause",IDOK,7,3,50,13
PUSHBUTTON "&Save Finish",IDC_SAVE,58,3,53,13
PUSHBUTTON "E&xit",IDCANCEL,113,3,50,13
LTEXT "Remain Time:",IDC_STATIC,8,18,46,8
LTEXT "99:99:99",IDC_REMAIN,54,18,37,8
LTEXT "Found:",IDC_STATIC,92,18,23,8
LTEXT "0 (0%)",IDC_FOUND,116,18,46,8
END
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO DISCARDABLE
BEGIN
IDD_DIALOG1, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 163
TOPMARGIN, 3
BOTTOMMARGIN, 26
END
END
#endif // APSTUDIO_INVOKED
#endif // Chinese (P.R.C.) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED
resource.h
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by res.rc
//
#define IDD_DIALOG1 101
#define IDC_REMAIN 1001
#define IDC_FOUND 1002
#define IDC_SAVE 1003
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1004
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
stdafx.cpp
#include "stdafx.h"
stdafx.cpp
// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently, but
// are changed infrequently
//
#if !defined(AFX_STDAFX_H__7BCA6E86_2FC2_4F91_A238_0218C3A71708__INCLUDED_)
#define AFX_STDAFX_H__7BCA6E86_2FC2_4F91_A238_0218C3A71708__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
#include <stdio.h>
// TODO: reference additional headers your program requires here
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_STDAFX_H__7BCA6E86_2FC2_4F91_A238_0218C3A71708__INCLUDED_)在vc++下编译成功
