sQuo Posted March 21, 2012 Share Posted March 21, 2012 [-----------------------] | What is phpass_crack? | [-----------------------] phpass_crack is a password cracker for Portable PHP password hashes, which are used by Wordpress and other web apps to hash passwords. See This is the hidden content, please Sign In or Sign Up for more information on Portable PHP hashes. I used the python module by Alexander Chemeris, from This is the hidden content, please Sign In or Sign Up I modified it slightly to use the hashlib python library instead of the depreciated md5 one it was using. [----------] | Features | [----------] * Two verbose modes. Without verbosity, only passwords that get cracked will be displayed during cracking. With -v (verbose) each time the program calculates a hash it will display a single dot (.). With -vv (very verbose) each time the program calculates a hash it will display the password that it's currently working on. * Output results to a file with -o. Each time a password is cracked, the results get written to the file live so you can see which passwords have been cracked during a verbose cracking session without closing the program and ending it. * Support for multithreading. Defaults to 20 threads. You can specify how many threads you want by using -t number. * Ctrl-C will interrupt the program, cleanly close all active threads, and show you the results. * Program will stop itself when all hashes in the supplied passwd have been cracked before the end of the wordlist is reached. * Displays the total run time when the program finishes running. [--------------] | Requirements | [--------------] Python 2.x [------------------] | How do I use it? | [------------------] You need to pipe passwords into phpass_crack.py from another source, and supply phpass_crack.py with a passwd file with the phpass hashes. If your wordlist is wordlist.txt and your hashes are stored in hashes.txt, then you would run this by doing something like: This is the hidden content, please Sign In or Sign Up Or you can even use John the Ripper to generate your passwords for you, if you don't have a good wordlist: This is the hidden content, please Sign In or Sign Up [------------------------------------------] | What format should my passwd file be in? | [------------------------------------------] Each line should contain a different user/hash combination. For example, a passwd file with a single user named "test" with the password "letmein" would look like this: This is the hidden content, please Sign In or Sign Up Files: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts