找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2499|回复: 0
打印 上一主题 下一主题

爆破、破解Disduz x 2.5 md5(md5(pass)$salt)密码加密

[复制链接]
跳转到指定楼层
楼主
发表于 2013-2-14 00:03:14 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
测试环境5 f9 F. z' \" t; ~
OS 名称: Microsoft® Windows Server® 2008 Enterprise& Z0 L2 N9 I7 y9 l- v
OS 版本: 6.0.6001 Service Pack 1 Build 6001; k4 _, J2 [: ^/ L% {) S$ ~; j0 V
OS 制造商: Microsoft Corporation  o: C* [) }" `" i
OS 配置: 独立服务器' W* {+ D( }8 M9 ~  q* I* `6 s
OS 构件类型: Multiprocessor Free
6 H0 \+ T+ n6 t8 P注册的所有人: Windows 用户  W9 J( c. D, a! {8 U1 O
系统型号: PowerEdge R620" A2 M+ ^1 k5 Q! _( x9 H
系统类型: x64-based PC
4 p; l5 }  @* P9 g1 l( X处理器: 安装了 1 个处理器。# h+ n6 g# {5 _  |
[01]: Intel64 Family 6 Model 45 Stepping 7 GenuineIntel ~2400
/ X* [5 A3 S( |' K( Y0 `+ u0 Acat md5.txt/ q1 O: V; M" B+ L' ^
3fb78e9bc0b297e3de4e77531766c37a:f29f95 /* = md5中无法查询的。*/7 p5 l7 g1 b2 t1 }( H1 Y& i
865a697fb9b4bd9c6737432aaff136bd:22dc87 /* = 304892415 */. J9 ?( G; N, G8 K) c
15b7a21513f24ffe97d9f9830acf51ad:07626c /* = 123456 */; V4 b* _- _% C
/* -a 使用穷举模式 -m HASH的类型是VB DISCUZ跟DV加密是一样,?d是代表数字 穷举10个数字 */ hashcat-cli64.exe -a 3 -m 2611 md5.txt ?d?d?d?d?d?d?d?d?d?d, P, {# w$ k( d+ v* X9 Z* c
Input.Mode: Mask (?d?d?d?d?d)! x' x, H- i4 q. |" U. R
Index…..: 0/1 (segment), 100000 (words), 0 (bytes)
1 V% ~- y4 O& Q5 wRecovered.: 0/3 hashes, 0/3 salts
8 g1 a" v5 i5 m3 G  g+ ~Speed/sec.: – plains, – words
  ^* u2 X! s7 I) uProgress..: 100000/100000 (100.00%)2 r. ^0 C3 J4 t3 `/ T' R
Running…: –:–:–:–
* X7 j% I% E; j, P0 _Estimated.: –:–:–:–
  s$ ?- z) ]) b9 p15b7a21513f24ffe97d9f9830acf51ad:07626c:1234566 a) ^0 O5 d; @- O" p
Input.Mode: Mask (?d?d?d?d?d?d)( A9 ]6 l1 O9 B$ G5 ?* C8 a# d
Index…..: 0/1 (segment), 1000000 (words), 0 (bytes)
  @* m- n. [; C# f1 Z0 F4 ORecovered.: 1/3 hashes, 1/3 salts
/ G) U& b7 p. {$ y! i" ^& ~: LSpeed/sec.: 7.43M plains, 3.72M words# f% ^7 p# W/ I
Progress..: 1000000/1000000 (100.00%)
7 o( q$ R. L3 t. m& G3 uRunning…: 00:00:00:01
' a8 d3 b( t% W- I6 bEstimated.: –:–:–:–
& N+ [. J% P6 S) j' H' R. \Input.Mode: Mask (?d?d?d?d?d?d?d)* P6 l% n, t2 I
Index…..: 0/1 (segment), 10000000 (words), 0 (bytes)7 |3 Z4 E" j6 P6 r
Recovered.: 1/3 hashes, 1/3 salts0 h8 h; V2 C3 K. N$ }
Speed/sec.: 13.67M plains, 6.83M words
: _* Z. u" o. G$ r7 G# b& qProgress..: 10000000/10000000 (100.00%)
4 f. D7 C/ i; O% R0 h- yRunning…: 00:00:00:01+ Z, D. v; D$ I) p# p' b& j8 e  M
Estimated.: –:–:–:–
1 R; e$ A: D) F2 n& N# s0 y. qInput.Mode: Mask (?d?d?d?d?d?d?d?d)
: {) ~& f( S) yIndex…..: 0/1 (segment), 100000000 (words), 0 (bytes)
$ Y8 U% V& V, E" q; ?1 FRecovered.: 1/3 hashes, 1/3 salts' Z: O1 m; p+ n6 u( F7 T  a9 l
Speed/sec.: 18.59M plains, 9.29M words
5 U4 {5 }" z# S' ~5 sProgress..: 100000000/100000000 (100.00%)
) c; M: k2 N: I  E- u3 DRunning…: 00:00:00:11" ^8 T" \# h9 ?% n( d+ O
Estimated.: –:–:–:–2 O/ v) H( J8 R1 [
865a697fb9b4bd9c6737432aaff136bd:22dc87:3048924158 x& Z7 o# X% W- Q7 |  E
可以看到破解 9位3开纯数字密码需要11秒。
5 E' d% t% [; K! G) HInput.Mode: Mask (?d?d?d?d?d?d?d?d?d?d)
0 R4 N& {" S+ `% D' \Index…..: 0/1 (segment), 10000000000 (words), 0 (bytes)
: }7 W$ q5 H& W: u& e8 U9 gRecovered.: 2/3 hashes, 2/3 salts* F! ]! d' v) h5 Y2 x
Speed/sec.: 12.70M plains, 12.70M words, z$ Q& d7 o' A( b4 m6 q) b
Progress..: 10000000000/10000000000 (100.00%)
1 j0 P* x# s* LRunning…: 00:00:13:07
( U" t& m; [0 G3 ]( f' a2 @5 GEstimated.: –:–:–:–
5 W- z9 N- H' E: |, d- B而10个数字即需要13分钟,这样的速度如果有服务器是8核或更多,或者自己GPU强劲,会更加快,我测试只是用了一个入门级的CPU。4 p3 }" W, x3 \+ a1 L% t. R
在这里可以下载到一些字典,不过国人对这些字典貌似无视。( e- t  `8 ]0 A/ x* h
http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表