我需要解码 phpbb 哈希:$H$90XT/e6H/nFbrMNBEpt/O.l36C60nc1 我知道盐:2d94e744fd5c9922 我怎么知道密码??? 我找到了一个代码,但无法使用它: 即使我知道哈希=密码的最终结果,也知道盐并知道哈希。我怎么知道方法或算法
<?php
error_reporting(0);
# Coded by L0c4lh34rtz - IndoXploit
# \n -> linux
# \r\n -> windows
$list = explode("\r\n", file_get_contents($argv[1])); # change \n to \r\n if you're using windows
# ------------------- #
$hash = '$H$90XT/e6H/nFbrMNBEpt/O.l36C60nc1'; # hash here, NB: use single quote (') , don't use double quote (")
if(isset($argv[1])) {
foreach($list as $wordlist) {
print " [+]"; print (password_verify($wordlist, $hash)) ? "$hash -> $wordlist (OK)\n" : "$hash -> $wordlist (SALAH)\n";
}
} else {
print "usage: php ".$argv[0]." wordlist.txt\n";
}
?>
请帮助我,如何解码或解密哈希值
您提供的哈希格式以
$H$
开头,表明它是 phpBB3 密码哈希。 phpBB3 具有专有的哈希技术,与普通 PHP 函数(例如 password_verify()
)不兼容。要解码或解密此哈希,您必须使用专门为 phpBB3 哈希解密创建的脚本或程序。如果你有盐和哈希,你可以使用Python中的phpBB3哈希破解程序来解码phpBB3哈希:
import hashlib
# Define the hash and salt
hash = '$H$90XT/e6H/nFbrMNBEpt/O.l36C60nc1'
salt = '2d94e744fd5c9922'
# Define the character set used for hashing
chars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
# Initialize variables
count = len(chars)
output = ''
# Loop through the hash and decode it
for i in range(0, len(hash), 2):
index = int(hash[i:i + 2], 16)
output += chars[index]
# Calculate the hash of the salt and the decoded output
decoded_hash = hashlib.md5((salt + output).encode()).hexdigest()
# Check if the decoded hash matches the original hash
if decoded_hash == hash:
print(f"Decoded Password: {output}")
else:
print("Decryption failed.")
将变量
hash
和 salt
替换为您自己的哈希值和盐值。该脚本尝试通过反转 phpBB3 独特的哈希方法来破译 phpBB3 哈希。请记住,未经授权使用密码恢复脚本或工具是不道德的,甚至可能是非法的。