爆破、破解Disduz x 2.5 md5(md5(pass)$salt)密码加密

admin

测试环境
! t1 o3 q0 d* ?' Z- SOS 名称: Microsoft® Windows Server® 2008 Enterprise
, w/ p% a4 k3 lOS 版本: 6.0.6001 Service Pack 1 Build 6001
OS 制造商: Microsoft Corporation
2 B* V+ N, \) F4 s. LOS 配置: 独立服务器
OS 构件类型: Multiprocessor Free
1 S. T" J* o; W6 D# F, T注册的所有人: Windows 用户
系统型号: PowerEdge R620
. W% a+ e# c' {! T! f/ v系统类型: x64-based PC
6 W, M) T( `5 }6 b* E5 e9 Q* S处理器: 安装了 1 个处理器。
* X$ s0 Z; l( y5 D, {0 }- T) Q. n[01]: Intel64 Family 6 Model 45 Stepping 7 GenuineIntel ~2400
8 _6 }. V* `, O4 ocat md5.txt
5 B  r0 Q( m; y& r3fb78e9bc0b297e3de4e77531766c37a:f29f95 /* = md5中无法查询的。*/
2 A2 v9 ~4 G8 }1 F" ~1 {/ Z865a697fb9b4bd9c6737432aaff136bd:22dc87 /* = 304892415 */
( x: v: @" O( l' I15b7a21513f24ffe97d9f9830acf51ad:07626c /* = 123456 */
/* -a 使用穷举模式 -m HASH的类型是VB DISCUZ跟DV加密是一样，?d是代表数字 穷举10个数字 */ hashcat-cli64.exe -a 3 -m 2611 md5.txt ?d?d?d?d?d?d?d?d?d?d
$ t" ^0 v/ V2 X  o) uInput.Mode: Mask (?d?d?d?d?d)
Index…..: 0/1 (segment), 100000 (words), 0 (bytes)
Recovered.: 0/3 hashes, 0/3 salts
- ]1 Q8 u, k* |0 R, fSpeed/sec.: – plains, – words
Progress..: 100000/100000 (100.00%)
Running…: –:–:–:–
Estimated.: –:–:–:–
5 f8 v5 o5 h7 A5 N15b7a21513f24ffe97d9f9830acf51ad:07626c:123456
5 x1 d  k  X8 Y" zInput.Mode: Mask (?d?d?d?d?d?d)
- l4 ~* j; j' LIndex…..: 0/1 (segment), 1000000 (words), 0 (bytes)
Recovered.: 1/3 hashes, 1/3 salts
: K$ m  p8 b0 `* e7 L% G, H, J& F/ q/ \8 WSpeed/sec.: 7.43M plains, 3.72M words
Progress..: 1000000/1000000 (100.00%)
) _% f( A1 {5 M1 U# `1 K* o+ f8 J* hRunning…: 00:00:00:01
# {/ U1 K# Z/ g+ W. j' T- l0 `Estimated.: –:–:–:–
Input.Mode: Mask (?d?d?d?d?d?d?d)
# {% ~7 W- a! `Index…..: 0/1 (segment), 10000000 (words), 0 (bytes)
Recovered.: 1/3 hashes, 1/3 salts
Speed/sec.: 13.67M plains, 6.83M words
' ]+ u+ r' ^; c. ]) l' U7 V9 kProgress..: 10000000/10000000 (100.00%)
7 q" U! ^$ [% d0 H# z" q1 _Running…: 00:00:00:01
Estimated.: –:–:–:–
Input.Mode: Mask (?d?d?d?d?d?d?d?d)
, O6 o% t3 X0 Q3 v" G4 ZIndex…..: 0/1 (segment), 100000000 (words), 0 (bytes)
Recovered.: 1/3 hashes, 1/3 salts
9 x+ s8 |7 `0 U, QSpeed/sec.: 18.59M plains, 9.29M words
Progress..: 100000000/100000000 (100.00%)
8 }2 Q4 j- \8 ?Running…: 00:00:00:11
! D& b  V) q" V1 F) s; D- i, O, Z& ZEstimated.: –:–:–:–
# L. M0 ?2 v, R- G865a697fb9b4bd9c6737432aaff136bd:22dc87:304892415
9 ]2 L' A# F. K2 X% a/ O; [6 W可以看到破解 9位3开纯数字密码需要11秒。
! k4 Q; K9 |* c3 ?1 nInput.Mode: Mask (?d?d?d?d?d?d?d?d?d?d)
Index…..: 0/1 (segment), 10000000000 (words), 0 (bytes)
Recovered.: 2/3 hashes, 2/3 salts
" K( y' f3 i+ z/ ]: LSpeed/sec.: 12.70M plains, 12.70M words
8 Z* g! D1 d" V6 w# ^% @& j1 j: SProgress..: 10000000000/10000000000 (100.00%)
Running…: 00:00:13:07
  x+ Q' I, b1 Q2 C' _Estimated.: –:–:–:–
0 e/ v* l  h! d- G, i3 S而10个数字即需要13分钟，这样的速度如果有服务器是8核或更多，或者自己GPU强劲，会更加快，我测试只是用了一个入门级的CPU。
在这里可以下载到一些字典，不过国人对这些字典貌似无视。
http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html