爆破、破解Disduz x 2.5 md5(md5(pass)$salt)密码加密

admin

测试环境
+ N) e7 H5 q+ P" p/ |* kOS 名称: Microsoft® Windows Server® 2008 Enterprise
  d  L* ?4 @# H3 O# B6 N! t( S8 dOS 版本: 6.0.6001 Service Pack 1 Build 6001
9 _3 v, P* p. m- G1 @OS 制造商: Microsoft Corporation
# u8 W* a5 a' yOS 配置: 独立服务器
0 X1 ?$ d4 L# N! v3 \7 ZOS 构件类型: Multiprocessor Free
注册的所有人: Windows 用户
系统型号: PowerEdge R620
! U3 e& Y0 k/ ~5 z1 l2 P3 ?8 b系统类型: x64-based PC
处理器: 安装了 1 个处理器。
[01]: Intel64 Family 6 Model 45 Stepping 7 GenuineIntel ~2400
& }. e2 E4 b! p0 Q( ^! ~. Y" @cat md5.txt
& M+ g  o& j# y# l. i' M  ?3fb78e9bc0b297e3de4e77531766c37a:f29f95 /* = md5中无法查询的。*/
865a697fb9b4bd9c6737432aaff136bd:22dc87 /* = 304892415 */
15b7a21513f24ffe97d9f9830acf51ad:07626c /* = 123456 */
/* -a 使用穷举模式 -m HASH的类型是VB DISCUZ跟DV加密是一样，?d是代表数字 穷举10个数字 */ hashcat-cli64.exe -a 3 -m 2611 md5.txt ?d?d?d?d?d?d?d?d?d?d
Input.Mode: Mask (?d?d?d?d?d)
( ~9 W# a' I( `( m0 QIndex…..: 0/1 (segment), 100000 (words), 0 (bytes)
Recovered.: 0/3 hashes, 0/3 salts
Speed/sec.: – plains, – words
Progress..: 100000/100000 (100.00%)
& f( }( O, \- @+ g" z7 V* RRunning…: –:–:–:–
Estimated.: –:–:–:–
* ~5 ~. Q  B* a  R$ d& P) y* c15b7a21513f24ffe97d9f9830acf51ad:07626c:123456
Input.Mode: Mask (?d?d?d?d?d?d)
5 S* Y6 ]* ~9 CIndex…..: 0/1 (segment), 1000000 (words), 0 (bytes)
- R" `5 p1 o% G, n3 C, ?* X# ~Recovered.: 1/3 hashes, 1/3 salts
, c  C2 k) i5 x/ E+ O" k- ZSpeed/sec.: 7.43M plains, 3.72M words
. v7 K  k3 v" {, wProgress..: 1000000/1000000 (100.00%)
( Z% J& U" V' ~, k# A2 p. zRunning…: 00:00:00:01
Estimated.: –:–:–:–
# ], K& c& P  |2 |( T: EInput.Mode: Mask (?d?d?d?d?d?d?d)
" s% o1 L/ W2 n0 i- qIndex…..: 0/1 (segment), 10000000 (words), 0 (bytes)
8 ^( r# c# a( J+ ^( JRecovered.: 1/3 hashes, 1/3 salts
& w7 F4 d5 n  g6 }Speed/sec.: 13.67M plains, 6.83M words
) _# O7 m. N6 NProgress..: 10000000/10000000 (100.00%)
Running…: 00:00:00:01
) c4 g/ B6 n0 N5 Z) V/ HEstimated.: –:–:–:–
Input.Mode: Mask (?d?d?d?d?d?d?d?d)
6 e' L1 I: J- }Index…..: 0/1 (segment), 100000000 (words), 0 (bytes)
$ a) i% [4 C5 ]3 d. {& o: E: ^& K! oRecovered.: 1/3 hashes, 1/3 salts
Speed/sec.: 18.59M plains, 9.29M words
. I# e  a$ q, M9 b1 F% \Progress..: 100000000/100000000 (100.00%)
Running…: 00:00:00:11
2 J9 |6 @+ A, K& x1 W8 @Estimated.: –:–:–:–
) T7 z* ?; ]8 @1 i865a697fb9b4bd9c6737432aaff136bd:22dc87:304892415
+ Q( p" W+ R6 t5 D5 A% ], n% d可以看到破解 9位3开纯数字密码需要11秒。
; N$ R$ H) P; Z% v5 XInput.Mode: Mask (?d?d?d?d?d?d?d?d?d?d)
" ^9 n0 }" n7 SIndex…..: 0/1 (segment), 10000000000 (words), 0 (bytes)
7 u* _/ K% |6 u) k, IRecovered.: 2/3 hashes, 2/3 salts
Speed/sec.: 12.70M plains, 12.70M words
- E$ `$ s% w/ D2 V, yProgress..: 10000000000/10000000000 (100.00%)
. y$ u$ t# m! {8 {Running…: 00:00:13:07
Estimated.: –:–:–:–
而10个数字即需要13分钟，这样的速度如果有服务器是8核或更多，或者自己GPU强劲，会更加快，我测试只是用了一个入门级的CPU。
8 z) H/ x6 b, ?3 b& n  Q7 s7 a在这里可以下载到一些字典，不过国人对这些字典貌似无视。
  V" z  _2 A! ~7 Zhttp://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html