找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2432|回复: 0
打印 上一主题 下一主题

爆破、破解Disduz x 2.5 md5(md5(pass)$salt)密码加密

[复制链接]
跳转到指定楼层
楼主
发表于 2013-2-14 00:03:14 | 显示全部楼层 回帖奖励 |倒序浏览 |阅读模式
测试环境
9 p9 O: {" `/ n% Y# B0 g2 W$ `OS 名称: Microsoft® Windows Server® 2008 Enterprise1 k# [8 Q) }# Q0 W1 `
OS 版本: 6.0.6001 Service Pack 1 Build 60019 L  i" `2 F  H) }
OS 制造商: Microsoft Corporation, D; k" o; O8 H/ H* o
OS 配置: 独立服务器
3 [# X; ?3 i( j1 ZOS 构件类型: Multiprocessor Free
3 |+ J2 k$ `) e注册的所有人: Windows 用户
4 o  P' ?+ o, D% o8 D* f系统型号: PowerEdge R6200 b9 k# [1 G- u4 }4 Q
系统类型: x64-based PC1 Q5 r+ C  ]6 p; q. v# A- T
处理器: 安装了 1 个处理器。! [- t+ b% i% ]# O
[01]: Intel64 Family 6 Model 45 Stepping 7 GenuineIntel ~2400
8 q9 H/ Z% D7 p" |% }cat md5.txt- @# N" `  e' f; `9 `! L" L# ^
3fb78e9bc0b297e3de4e77531766c37a:f29f95 /* = md5中无法查询的。*/  r7 v3 E. S. d, V7 G( G" ?
865a697fb9b4bd9c6737432aaff136bd:22dc87 /* = 304892415 */# Q( R2 {5 T8 L: x# O) G
15b7a21513f24ffe97d9f9830acf51ad:07626c /* = 123456 */
) b" Q) {2 V& W7 O- N /* -a 使用穷举模式 -m HASH的类型是VB DISCUZ跟DV加密是一样,?d是代表数字 穷举10个数字 */ hashcat-cli64.exe -a 3 -m 2611 md5.txt ?d?d?d?d?d?d?d?d?d?d4 ~3 P/ T5 G" U2 s3 Q! @
Input.Mode: Mask (?d?d?d?d?d)
! d* D) H1 p4 ]( `* M1 |$ J* b. @1 sIndex…..: 0/1 (segment), 100000 (words), 0 (bytes)4 X( A  b+ ]6 e% g
Recovered.: 0/3 hashes, 0/3 salts, f& e' H2 b8 `0 [
Speed/sec.: – plains, – words
% v! f7 S& M, o0 VProgress..: 100000/100000 (100.00%)
/ z. A% u* j. k* m7 K- Q; qRunning…: –:–:–:–& S. E8 s+ f- {- P# W& O! ~: z
Estimated.: –:–:–:–
" F& ~& N) g$ [4 a/ H( v" c6 D" r15b7a21513f24ffe97d9f9830acf51ad:07626c:123456
2 b0 c9 ?! s) x, e3 q- d  {( `Input.Mode: Mask (?d?d?d?d?d?d)
  B( s( ]2 J0 l1 w& VIndex…..: 0/1 (segment), 1000000 (words), 0 (bytes)
+ D4 i9 {9 p2 p0 \" K  _& CRecovered.: 1/3 hashes, 1/3 salts
9 i8 l4 ]$ T0 e( A$ ]8 l/ aSpeed/sec.: 7.43M plains, 3.72M words/ A7 {6 Y7 a& L8 V' ?
Progress..: 1000000/1000000 (100.00%)
! ?% e* G0 u! K; W. G6 l# \Running…: 00:00:00:01) I5 j5 R0 {% l# o8 @4 a
Estimated.: –:–:–:–9 R! Q& t  c( `  P
Input.Mode: Mask (?d?d?d?d?d?d?d)' N4 }, Z9 X& a( Z$ d
Index…..: 0/1 (segment), 10000000 (words), 0 (bytes)
1 E3 U* b3 [+ T% C7 y) r7 [( [Recovered.: 1/3 hashes, 1/3 salts- c5 n) V4 ~/ @: J: N# j" R' `
Speed/sec.: 13.67M plains, 6.83M words
/ O  W3 l- ]8 E# V2 l/ K* XProgress..: 10000000/10000000 (100.00%)
) T& P. H. g" H3 }, Z: \  TRunning…: 00:00:00:01
7 k6 U& q. |8 z- n1 O9 D8 PEstimated.: –:–:–:–
7 N, F$ z$ }2 {Input.Mode: Mask (?d?d?d?d?d?d?d?d)& f+ |+ ^) X; f- S5 x
Index…..: 0/1 (segment), 100000000 (words), 0 (bytes)4 L: o7 E& `6 G3 a* r3 L' K8 g8 T* b
Recovered.: 1/3 hashes, 1/3 salts1 M6 K2 V2 j5 R  z3 @9 I. z
Speed/sec.: 18.59M plains, 9.29M words- f! \) J% S' f6 [: z
Progress..: 100000000/100000000 (100.00%)+ \5 J& A4 Q$ I' d& X; d' [
Running…: 00:00:00:11- L( _. ^* X7 X& x1 X3 J2 t
Estimated.: –:–:–:–
! o+ w8 c7 M( b  S7 n' m: x3 l865a697fb9b4bd9c6737432aaff136bd:22dc87:304892415
: O7 l5 W& _- w( p7 ~# P1 E; V* t可以看到破解 9位3开纯数字密码需要11秒。
  R5 F6 O& H/ j4 A8 XInput.Mode: Mask (?d?d?d?d?d?d?d?d?d?d)
* R. |  t! B, Z5 a4 {Index…..: 0/1 (segment), 10000000000 (words), 0 (bytes): z" l7 K1 u+ s/ s& w$ M1 p3 v
Recovered.: 2/3 hashes, 2/3 salts
$ p& Z8 V- H+ z+ b/ Y: R. u! U% p$ NSpeed/sec.: 12.70M plains, 12.70M words, G. w8 l- Y5 M( F  l
Progress..: 10000000000/10000000000 (100.00%)" D" U6 `6 q/ K( ^% \7 L" O
Running…: 00:00:13:077 N5 p  c& ^) a3 ]7 |8 O
Estimated.: –:–:–:–
3 }, \; j% c( t6 G, T; Z而10个数字即需要13分钟,这样的速度如果有服务器是8核或更多,或者自己GPU强劲,会更加快,我测试只是用了一个入门级的CPU。; g( u" e$ a; I* Q# R
在这里可以下载到一些字典,不过国人对这些字典貌似无视。4 g- O  V' o" X6 u" H3 W8 W
http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表