Wordpress PHPass hash bruteforce PHP script was published on June 11, 2008. It is filed under the security categories. Currently it's not tagged with anything because there is no ultimate tag worrior support (yes, Nick!). However you could leave a response or you could just view the comments or you could view the comments adn future comments using an RSS feed for comments on this post.

Bookmarkin'

del.icio.us
Digg it
Furl
ma.gnolia
Netvouz
Shadows
Spurl

Friends

Eat Lard - because it's healthy.
DNS the Net - DNS the planet.
Life Dork - Security Stuff.
Oleg M - Web designer who is better than yours
Rendrag - r e n d r a g

Wordpress PHPass hash bruteforce PHP script

Ok so I was a bit bored and was curious to know how Wordpress handled its authentication, turns out that it uses Solar Designers PHPass class, so I’ve decided to write a very simple Wordpress Bruteforcer for it.

<?php
require_once(‘./class-phpass.php’); //available at http://www.openwall.com/phpass/
$hash = “\$P\$BaahIvdhRXW8Q419WC/alyMUsY7S8I.”; // remember to quote out the $’s
$wp_hasher = new PasswordHash(8, TRUE);
$handle = @fopen (“wordlist.txt”,“r”);
if ($handle)
{
while (!feof ($handle))
{
$pass = fgets ($handle, 512);
$pass = str_replace (“\n“, “”, $pass );

if ($wp_hasher->CheckPassword ($pass, $hash1 ))
{
echo “FOUND: “ . $hash . “=” . $pass . “\n“;
exit;
}
}
}
fclose ($handle);
?>

Does seem to run a bit slow, but it serves its purpose.. If there is enough demand for a faster version I’ll consider writing one up, till then, peace.

Filed under: security -

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Bookmarkin'

Friends

Wordpress PHPass hash bruteforce PHP script

No Comments »

Leave a comment

Easy Navigation

Archived

Categories

Hello

Thingies

The Pages

Subscribe