md5crack.phps

#!/usr/bin/php5 -q
<?
//
// NOTE: This script ONLY works with STOCK TBSource "encrypted" passwords.
// Good luck!
// http://packy.se/code/

set_time_limit(0);
ini_set(memory_limit, '1000M');
// argv[1] = wordlist (newline separated)
// argv[2] = passhash (32 byte hex)
// argv[3] = secret (40 byte hex)

if(strlen($argv[2]) !== 32 || ctype_alnum($argv[2]) !== true || strlen($argv[3]) !== 40 || ctype_alnum($argv[3]) !== true) {
    die("Usage: $argv[0] wordlist passhash secret\nNote: wordlist is a newline-separated wordlist, passhash AND secret MUST be in hexadecimal form.\n");
}
$hash = $argv[2];
$secret = pack('H*',$argv[3]);

$str = file_get_contents($argv[1]) or die('Could not open desired file.');

$token = strtok($str, "\r\n");

while($token !== false) {
    if(md5($secret.$token.$secret) == $hash) {
        die("The password is: $token\n");
    }
    $token = strtok("\r\n");
}

die("All words have now been tested, none passed, bummer. :(\n");

?>