13 Years of Service
57%
MorxCrack is a cracking tool written in perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
Supported CMS:
- Joomla
- Wordpress (PHPass)
- VBulletin
- InvisionPowerBoard
Code:
>#!/usr/bin/perl -w
#
# Tool: MorxCrack v1.1
# Author: Simo Ben youssef
# Contact: simo_at_morxploit_dot_com
# Release date: 08 April 2013
# MorXploit Research
# http://www.morxploit.com
#
# For more info visit MorxCrack page:
# http://www.morxploit.com/morxcrack.html
#
# Author disclaimer:
# MorxCrack was written for educational, demonstration and testing purposes only.
# Author cannot be held responsible for any malicious use.
# You can redistribute it and/or modify it under the same terms as Perl itself.
use strict;
use Digest::SHA;
use Digest::MD5;
use Authen::Passphrase::PHPass;
my $version = "v1.1";
system ('clear');
if(!defined ($ARGV[0]&& $ARGV[1]&& $ARGV[2])) {
usage();
}
sub usage{
print "\n--- MorxCrack $version Multi-Algorithm/CMS password cracking tool\n";
print "--- By Simo Ben youssef\n";
print "--- www.morxploit.com\n\n";
print "[-] An algorithm, a hash and a wordlist are required\n\n";
print "Usage: perl $0 \n\n";
print "Example:\n";
print "perl $0 sha 'hash' wordlist\n";
print "perl $0 shatwice 'hash' wordlist\n";
print "perl $0 sha256 'hash' wordlist\n";
print "perl $0 sha512 'hash' wordlist\n";
print "perl $0 md5 'hash' wordlist\n";
print "perl $0 md5twice 'hash' wordlist\n";
print "perl $0 mysql 'hash' wordlist\n";
print "perl $0 crypt 'hash' wordlist\n";
print "perl $0 wordpress 'hash' wordlist\n";
print "\nFor CMS salt-hashed passwords:\n";
print "perl $0 joomla hash wordlist salt\n";
print "perl $0 vb hash wordlist salt\n";
print "perl $0 wordpress 'hash' wordlist\n";
print "perl $0 ipb 'hash' wordlist salt\n";
print "perl $0 md5salt 'hash' wordlist salt\n";
print "perl $0 saltmd5 'hash' wordlist salt\n";
print "perl $0 saltsha 'hash' wordlist salt\n";
print "perl $0 shasalt 'hash' wordlist salt\n\n";
exit; }
sub saltusage{
print "\n--- MorxCrack $version Multi-Algorithm/CMS password cracking tool\n";
print "--- By Simo Ben youssef\n";
print "--- www.morxploit.com\n\n";
print "[-] You need to specifiy a salt\n\n";
print "Usage: perl $0 <'hash'> \n";
print "perl $0 joomla 'hash' wordlist salt\n";
print "perl $0 vb 'hash' wordlist salt\n";
print "perl $0 ipb 'hash' wordlist salt\n";
print "perl $0 saltmd5 'hash' wordlist salt\n";
print "perl $0 md5salt 'hash' wordlist salt\n";
print "perl $0 saltsha 'hash' wordlist salt\n";
print "perl $0 shasalt 'hash' wordlist salt\n\n";
exit; }
my $algo = $ARGV[0];
my $h = $ARGV[1];
my $wordlist = $ARGV[2];
my $salt = $ARGV[3];
my $algoname = $algo;
my $subalgo = \&$algoname;
my $password;
my $digest;
my $timestart;
my $hash;
$SIG{INT} = \&sigquit;
$SIG{QUIT} = \&sigstats;
if ($algo ne "crypt") {
$hash = lc $h;
}
else {
$hash = $h;
}
if (grep { $algo eq $_ && $salt eq ""} qw{joomla vb ibp md5salt saltmd5 shasalt saltsha})
{
saltusage();
}
elsif (!grep { $algo eq $_} qw{md5 mysql crypt sha sha256 sha512 joomla md5twice wordpress vb ibp md5salt saltmd5 shatwice shasalt saltsha})
{
usage();
}
else
{
&crack();
}
sub crack{
system ('clear');
open (LIST, $wordlist) || die "\n[-] Can't find/open $wordlist\n";
print "\n[*]Hashed password set to $hash\n";
print "[*]Algorithm/CMS set to $algo\n";
print "[*]Wordlist set to $wordlist\n";
print "[*]Control+\\ to check stats\n";
print "[*]Control+c to exit the program\n\n";
sleep(2);
print "[+] Cracking ...\n\n";
$timestart = time();
while ($password = ) {
chomp ($password);
&$subalgo();
if ($digest eq $hash)
{
my $timeend = time();
my $runtime = $timeend - $timestart;
print "############################################################\n";
print "[+] CRACKED! Your password is $password\n";
print "[+] Found at line $. of $wordlist\n";
print "[+] Cracked in $runtime seconds\n";
print "############################################################\n\n";
close(LIST);
exit;
}
}
my $timeend = time();
my $runtime = $timeend - $timestart;
print "############################################################\n";
print "[-] Failed: Couldn't crack the password!\n";
print "[+] Processed $. passwords in $runtime seconds\n";
print "############################################################\n\n";
exit;
}
# Simple SHA hashing
sub sha{
my $sha = Digest::SHA->new;
$sha->add($password);
$digest = $sha->hexdigest;
}
# SHA hashed twice
sub shatwice{
my $sha = Digest::SHA->new;
$sha->add($password);
my $digest1 = $sha->hexdigest;
$sha->add($digest1);
$digest = $sha->hexdigest;
}
# Salt and password (SaltPassword) combined together and hashed to SHA
sub saltsha {
my $key = $salt.$password;
my $sha = Digest::SHA->new;
$sha->add($key);
$digest = $sha->hexdigest;
}
# Password and salt (PasswordSalt) combined together and hashed to SHA
sub shasalt {
my $key = $password.$salt;
my $sha = Digest::SHA->new;
$sha->add($key);
$digest = $sha->hexdigest;
}
# SHA2 256 bits
sub sha256{
my $sha = Digest::SHA->new(256);
$sha->add($password);
$digest = $sha->hexdigest;
}
# SHA2 512 bits
sub sha512{
my $sha = Digest::SHA->new(512);
$sha->add($password);
$digest = $sha->hexdigest;
}
# MySQL 4.1+ hashes the password to SHA then re-hashes the returned binary digest to SHA
sub mysql{
my $sha1 = Digest::SHA->new;
$sha1->add($password);
my $digest1 = $sha1->digest;
$sha1->add($digest1);
$digest = $sha1->hexdigest;
}
# UNIX Crypt (Shadow file)
sub crypt{
$digest = crypt($password, $hash);
}
# Simple md5
sub md5{
my $md5 = Digest::MD5->new;
$md5->add($password);
$digest = $md5->hexdigest;
}
# Joomla CMS. Password and salt combined together and hashed to MD5
sub joomla{
my $key = $password.$salt;
my $md5 = Digest::MD5->new;
$md5->add($key);
$digest = $md5->hexdigest;
}
# Salt and password (SaltPassword) combined together and hashed to MD5
sub saltmd5 {
my $key = $salt.$password;
my $md5 = Digest::MD5->new;
$md5->add($key);
$digest = $md5->hexdigest;
}
# Password and salt (PasswordSalt) combined together and hashed to MD5
sub md5salt {
my $key = $password.$salt;
my $md5 = Digest::MD5->new;
$md5->add($key);
$digest = $md5->hexdigest;
}
# MD5 hashed twice
sub md5twice {
my $md5 = Digest::MD5->new;
$md5->add($password);
my $digest1 = $md5->hexdigest;
$md5->add($digest1);
$digest = $md5->hexdigest;
}
# VBulletin: password is hashed to MD5 then a salt is added at the end of the hash and hashed to MD5
sub vb {
my $md5 = Digest::MD5->new;
$md5->add($password);
my $digest1 = $md5->hexdigest;
my $key = $digest1.$salt;
$md5->add($key);
$digest = $md5->hexdigest;
}
# InvisionPowerBoard: both password and salt are hashed then combined (HashedSaltHashedPassword) and hashed to MD5
sub ibp {
my $md5 = Digest::MD5->new;
$md5->add($password);
my $digest1 = $md5->hexdigest;
$md5->add($salt);
my $digest2 = $md5->hexdigest;
my $key = $digest2.$digest1;
$md5->add($key);
$digest = $md5->hexdigest;
}
# Wordpress 2.5+: PHPass (http://www.openwall.com/phpass/)
sub wordpress{
my ($h, $wpsalt, $hash2)=$hash=~m/^(.{4})(.{8})(.+)/;
my $ppr = Authen::Passphrase::PHPass->new(
cost => 11,
salt => "$wpsalt",
passphrase => "$password");
my $userpassword = $ppr->as_rfc2307;
$digest = substr ($userpassword, 7);
}
# Cracking stats once Ctrl^\ is hit
sub sigstats {
my $sigtime = time();
my $cctime = $sigtime - $timestart;
my $speed = $. / $cctime;
print "\n##########################################################\n";
print "[*]Current pwd: $password\n";
print "[*]Line number: $.\n";
print "[*]Time elapsed: $cctime\n";
print "[*]Speed: $speed pwd per second\n";
print "##########################################################\n";
print "\n[+] Cracking ...\n";
}
# Quits the program once Ctrl^c is hit
sub sigquit {
print "\n##########################################################\n";
print "[+] Exiting at line $.\n";
print "[+] Aurevoir!\n";
print "##########################################################\n\n";
sleep(2);
close(LIST);
exit;
}