MD5 Dictionary Attack

Posted by ghimau under
Today I've coded a tiny utility that recovers md5 hashes. Not a fancy program, but i need to put my hands on perl sometimes, right? :)
Hmm.. the program is based on dictionary attack technique. I really hate brute force attack since it is time and cpu consuming. Damn boring! The bad thing about dictionary attack is that, it is as good as your word list. So we need to update our wordlist a lot, huh.
I've coded this program in perl, and is available here. (Sure you'll need a perl interpreter installed to run perl programs :)

Ok, some screenshots :)
The usage of this program is simple, just type the file name [space] and put your md5 hash. Press [enter] to start the 'attack'.

As you can see after a while (hihihi, aunty virus now how 'long' it is), it will show you the result

I've added some function, so that the script will count the number of lines in the dictionary file.

If you input the wrong hash (I mean less or more than 32 characters, since md5 hashes are 32 characters in length), you'll got error message

The most important part in this program is the word list (dictionary file). I've set the program to looks for kamus.txt, and the file must reside the same directory as md5.pl is. Be sure to create the kamus.txt and put some passwords in it

If you add more lines, the program will count all the new lines, giving you the number og how many password list you have.


Feel free to use this program (always want to say that :). You can modify it to make it works better. Any suggestion just drop me an email.
13 comments

Hacked by Godzilla?

Posted by ghimau under
You come to your office, open your favourite IE, suddenly, you've been hacked by godzilla?

'Hacked by Godzilla Removal - ghimau
on error resume next
MsgBox("Hacked by Godzilla Removal" & vbcrlf & ".::ghimau::.")
Set wshshell=wscript.CreateObject("WScript.Shell")
wshshell.Run "CMD /c TaskKill/F /im Wscript.exe /T"
wshshell.Run "TaskKill/F /im Wscript.exe /T"

Set fs=CreateObject("scripting.FileSystemObject")
myWinPath=fs.getSpecialFolder(0)

sFilePathAndName=myWinPath & "/ms32dll.dll.vbs"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
end if

sFilePathAndName=myWinPath & "/autorun.inf"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
MsgBox("tutup" & "ditutup.")
end if

For Each fd in fs.drives
If (fd.DriveType=1 or fd.DriveType=2) and fd.path<>"A:" Then
sFilePathAndName=fd.path & "/ms32dll.dll.vbs"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Closefs.DeleteFile sFilePathAndName, True
end if
sFilePathAndName=fd.path & "/autorun.inf"

If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Closefs.DeleteFile sFilePathAndName, True
end if

end if

NextSet fs=Nothing
oldVal=wshshell.RegRead("HKLM\software\Microsoft\W indows\CurrentVersion\Run\ms32dll","")

If not Err Then
wshshell.RegWrite "HKLM\software\Microsoft\Windows\CurrentVersion\Ru n\ms32dll",""wshshell.RegDelete("HKLM\software\Microsoft\Window s\CurrentVersion\Run\ms32dll")wshshell.RegDelete "HKCU\software\Microsoft\Internet Explorer\Main\Window Title"
End If

'WScript.echo "Hacked by Godzilla telah dibersihkan" &amp;amp;amp;amp; vbCrLf & '".::ghimau::."
Set wshshell=Nothing
pause

Just copy the above red code. Paste in notepad. Save it as "something.vbs". Double click on your new file.. and you're done !

Ok, there might have some other variants such as "Hacked by Pokemon", "Hacked by HackersMalaysia". Basically they are using the same payload ms32dll.dll.vbs. They changed a little to suits their purpose

So you need to identify the payload they are using, for this case it it ms32dll.dll.vbs, they might changed it to something different. Then you need to alter a bit the above script, change the blue color statement to the new payload they are using.
0 comments

XP SP2 Firewall

Posted by ghimau under
Yesterday, as usual, my internet connection was down (lame). Couple of guys from Telekom Malaysia did came, and did their testing. Hmm..

OK.. I wrote a simple batch file, to configure Windows XP firewall via command line, if you are creative enough, you can alter the script and make it as a backdoor. You can add open ports, start a service.. beyond your creativity.

Ok.. when you run a restricted (not allowed by default by your firewall) program, your windows firewall may block your program. Yes, you can easily click on the Unblock button, but that is not kewl. Hihihihi..

Ok.. here's the command :
REM 19 March 2007
REM ghimau
REM You can modify this script to allow certain ports to open
echo off
cls
echo ---------------------------------
echo Add Cain To Firewall Allowed List
echo ---------------------------------
echo You can modify this file, add a
echo variable,so that you can input
echo your own program.This script only
echo demonstrates, how to configure
echo your Windows XP SP2 firewall,
echo via command line
pause
netsh firewall add allowedprogram C:\Progra~1\Cain\Cain.exe My_Program ENABLE
exit
exit
0 comments

YM Scanner

Posted by ghimau under
I wrote a small vb program, to detect who is online using Yahoo Messenger. The idea is quite simple, detect open port 5101 tcp - yahoo server, then i returns true. Might help network administrator to detect whose chatting in the network.

while ip x.x.x.0 to x.x.x.255
if port == 5101 then
msg = online
else
continue loop
end if



Input your ip range



YM Scanner in action


0 comments

Enable Registry.vbs

Posted by ghimau under
For those, whose computer got infected by viruses that disables your registry editing function, just cut&paste this code, rename it to something.vbs. Double click on the file.
--------start---------
'Edited by ghimau
Option Explicit
'Declare variables
Dim WSHShell, rr, rr2, MyBox, val, val2, ttl, toggle
Dim jobfunc, itemtype
On Error Resume Next

Set WSHShell = WScript.CreateObject("WScript.Shell")
val = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
val2 = "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
itemtype = "REG_DWORD"
jobfunc = "Regedit anda telah : "ttl = "Hasil .::ghimau::."

'reads the registry key value.
rr = WSHShell.RegRead (val)
rr2 = WSHShell.RegRead (val2)
toggle=1
If (rr=1 or rr2=1) Then toggle=0
If toggle = 1 Then
WSHShell.RegWrite val, 1, itemtype
WSHShell.RegWrite val2, 1, itemtype
Mybox = MsgBox(jobfunc & "ditutup.", 4096, ttl)
Else
WSHShell.RegDelete val
WSHShell.RegDelete val2
Mybox = MsgBox(jobfunc & "dibuka.", 4096, ttl)
End If

--------end---------

0 comments

Pengikut Setia

Ghimau's Logo

Ghimau's Logo

Pingkey's Logo

Pingkey's Logo

Betkidz's Logo

Betkidz's Logo

Jato Tangge's Logo

Jato Tangge's Logo

My Book

My Book
Buku ni den tongah baco. Menarik buku ni untuk dibaco,

Syntax Highlighter