perl-scripts/BR00TALL - Password Hash Brute-Forcer.pl at master · exploit-inters/perl-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
use Digest::SHA1 sha1_hex;
use Digest::MD5 md5_hex;
use strict;
use warnings;

#
# BR00TALL-Revision 3
# Created by G-Brain
# http://g-brain.sesoyo.com
#

# Print standard information

print "[G] Message--> BR00TALL - The Perl Password Hash Brute-Forcer\n";
print "[-] Message--> Revision 3\n";
print "[B] Message--> Created by G-Brain\n";
print "[R] Message--> Happy brute-forcing...\n";
print "[A]\n";

# Check whether the amount of arguments is lower than the amount of arguments required and print usage message if not

if ($#ARGV != 5) {
	print "[I] Error--> Not enough arguments. Aborting...\n";
	print "[N] Usage--> perl $0 -e <md5|sha1> -h <hash to be bruteforced> -r <range of lengths>\n";
	exit;
}

# Declare some stuff
# $n = number used in argument assignment
# $a = argument used in argument assignment
# $e = encryption type
# $l = location of the given hash
# $r = range
# $q = query used in brute-force loop
# @rng = range, in numerical form
# $i = number used in brute-force loop

my ($n, $a, $e, $l, $r, $q, @rng, $i);

# Assign all arguments to their appropriate values

$n = -1;

foreach $a (@ARGV) {
	$n++;
	if ($a eq '-e') {
		$e = $ARGV[($n+1)];
	}
	if ($a eq '-h') {
		$l = ($n+1);
	}
	if ($a eq '-r') {
		$r = $ARGV[($n+1)];
	}
}

# Check for a valid encryption type and exit on error

if ($e ne 'md5' && $e ne 'sha1') {
	print "[I] Error--> Invalid encryption type. Aborting...\n";
	print "[N] Usage--> perl $0 -e <md5|sha1> -h <hash to be bruteforced> -r <range of lengths>\n";
	exit;
}

# Assign the input hash to $q

chomp($q=$ARGV[$l]);

# Check input hash length and exit if incorrect

if ($e eq 'md5') {
	if (length($q) != 32) { print "[I] Error--> Wrong hash length. Aborting...\n[N]\n"; exit; }
}
if ($e eq 'sha1') {
	if (length($q) != 40) { print "[I] Error--> Wrong hash length. Aborting...\n[N]\n"; exit; }
}

# Define range in numerical form, this causes the start number to be assigned to $rng[0] and the end number to $rng[1]

@rng = split("-",$r);

# Check for a valid start and end, exit on error

if ($rng[1] > 10) { print "[I] Error--> Range ending number over 10, aborting...\n[N]\n"; exit; }
if ($rng[0] < 1) { print "[I] Error--> Range starting number below 1, aborting...\n[N]\n"; exit; }

# Print input information

print "[I] Input----> $q using ";
if ($e eq 'md5') { print "MD5 "; }
elsif ($e eq 'sha1') {print "SHA-1"; }
print "encryption and range $rng[0] to $rng[1]\n";
print "[N]\n";

# Check the encryption type and assign numerical value to $e, numbers are managed more easily than strings, faster too

if ($e eq 'sha1') {
	$e = 0;
}

elsif ($e eq 'md5') {
	$e = 1;
}

# Start the brute-force loop

foreach $i ($rng[0]..$rng[1]) {
	print "[ ] Message--> Attempting $i letter passwords...\n";
	foreach $1 ('a'..'z','A'..'Z',0..9) {
		if ($i == 1) {
			if ($e == 0) { if (sha1_hex($1) eq $q) { print "[!] Solution-> $1\n"; exit; } } else { if (md5_hex($1) eq $q) { print "[!] Solution-> $1\n"; exit; } }
		}
		else {
			foreach $2 ('a'..'z','A'..'Z',0..9) {
				if ($i == 2) {
					if ($e == 0) { if (sha1_hex($1.$2) eq $q) { print "[!] Solution-> $1$2\n"; exit; } } else { if (md5_hex($1.$2) eq $q) { print "[!] Solution-> $1$2\n"; exit; } }
				}
				else {
					foreach $3 ('a'..'z','A'..'Z',0..9) {
						if ($i == 3) {
							if ($e == 0) { if (sha1_hex($1.$2.$3) eq $q) { print "[!] Solution-> $1$2$3\n"; exit; } } else { if (md5_hex($1.$2.$3) eq $q) { print "[!] Solution-> $1$2$3\n";	exit; } }
						}
						else {
							foreach $4 ('a'..'z','A'..'Z',0..9) {
								if ($i == 4) {
									if ($e == 0) { if (sha1_hex($1.$2.$3.$4) eq $q) { print "[!] Solution-> $1$2$3$4\n"; exit; } } else { if (md5_hex($1.$2.$3.$4) eq $q) { print "[!] Solution-> $1$2$3$4\n"; exit; } }
								}
								else {
									foreach $5 ('a'..'z','A'..'Z',0..9) {
										if ($i == 5) {
											if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5) eq $q) { print "[!] Solution-> $1$2$3$4$5\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5) eq $q) { print "[!] Solution-> $1$2$3$4$5\n"; exit; } }
										}
										else {
											foreach $6 ('a'..'z','A'..'Z',0..9) {
												if ($i == 6) {
													if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5.$6) eq $q) { print "[!] Solution-> $1$2$3$4$5$6\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5.$6) eq $q) { print "[!] Solution-> $1$2$3$4$5$6\n"; exit; } }
												}
												else {
													foreach $7 ('a'..'z','A'..'Z',0..9) {
														if ($i == 7) {
															if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5.$6.$7) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5.$6.$7) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7\n"; exit; } }
														}
														else {
															foreach $8 ('a'..'z','A'..'Z',0..9) {
																if ($i == 8) {
																	if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5.$6.$7.$8) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5.$6.$7.$8) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8\n"; exit; } }
																}
																else {
																	foreach $9 ('a'..'z','A'..'Z',0..9) {
																		if ($i == 9) {
																			if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5.$6.$7.$8.$9) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8$9\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5.$6.$7.$8.$9) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8$9\n"; exit; } }
																		}
																		else {
																			if ($i == 10) {
																				foreach $10 ('a'..'z','A'..'Z',0..9) {
																					if ($e == 0) { if (sha1_hex($1.$2.$3.$4.$5.$6.$7.$8.$9.$10) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8$9$10\n"; exit; } } else { if (md5_hex($1.$2.$3.$4.$5.$6.$7.$8.$9.$10) eq $q) { print "[!] Solution-> $1$2$3$4$5$6$7$8$9$10\n"; exit; } }
																				}
																			}
																			else {
																				print "[!] Error-> Brute-force failed. Please either increase the range or replace your alphabet\n";
																				exit;
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}
		}
	}
}