PHP md5 MySQL Db
<?php $dbh=mysql_connect ("localhost", "siliconb_md5", "<PASSWORD is normally here but hidden atm") or die ("I cannot connect to the database because I'm a faggot but more importantly" . mysql_error()); mysql_select_db ("siliconb_md5");
if ($_GET['action'] == 'search'){
$result = mysql_query("SELECT * FROM md5 WHERE hash = ".$hash." ORhash2 = ".$hash." OR hash3 = ".$hash." LIMIT 1");
if (mysql_num_rows($result) > 0 )
{ $ech = mysql_fetch_array($result);
echo $ech['plaintext']."<br>Added to the database by: ".$ech['user'];
} else {
echo 'Sorry, not found. If you find it out please add it.';
}
}
if ($_GET['action'] == 'add') {
$hash = $_GET['word'];
$i = 0;
$hashs = explode(";", $hash);
while ($hashs[$i]) {
$result = mysql_query("SELECT * FROM md5 WHERE plaintext = ".$hashs[$i]." LIMIT 1");
$num = mysql_num_rows($result);
if ($num > 1) {
echo "Already in database (".$hashs[$i].")</br>";
$i ++;
} else {
$memid = $_COOKIE[$cookie_pfx ."member_id"];
require_once "../includes/newfunctions.php";
$user = getUserfromID($memid);
while ($hashs = explode(";", $hash)) {
$insert = mysql_query("INSERT INTO md5 (plaintext, hash, hash2, hash3, user)
VALUES (".$hash.", ".md5($hashs[$i]).", ".md5(md5($hashs[$i])).", ".md5(md5(md5($hashs[$i]))).", ".$user.")");
if ($insert) {
echo "Added to database! (".$hashs[$i].")</br>";
}
$i ++;
}
}
}
}
?>
<form name="form1" method="get" action=""/ <table width="200" border="0"> <tr> <td> Word: </td> <td>
<input type="text" name="word" /> </td>
</tr> <tr> <td>Hash:</td> <td><input type="text" name="hash" /></td> </tr> <tr> <td>Action</td> <td> <select name="action"> <option value="search">Search</option> <option value="add">Add</option> </select> </td> </tr> <tr> <td colspan="2"><center><input type="submit" name="Submit" value="Go!!!"></center></td> </tr> </table> </form>
I keep getting errors with the mysql_num_rows everywhere. Any ideas?
Thanx
mozzer
[edit by SM]Disabled smileys[/edit]
mozzer wrote: Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/siliconb/public_html/cracker/index.php on line 21 mozzer
is the exact ouput. Though I know why the "mozzer" is there!
perhaps it is because you used mysql_numrows() where you should have used mysql_num_rows(). I don't know for sure, though, since I haven't ever tried using an SQL database.
Sorry about the double post but it now works but adds it in and then adds the wrong plaintext with blank encrpyted.
This is the new code
<?php <MySQL Connection Stuff>
if ($_GET['action'] == 'search'){ $result = mysql_query("SELECT * FROM md5 WHERE hash = '".$hash."' OR hash2 = '".$hash."' OR hash3 = '".$hash."'") or die(mysql_error()); ; if (mysql_num_rows($result) > 0 ) { $ech = mysql_fetch_array($result); echo $ech['plaintext']."<br>Added to the database by: ".$ech['user']; } else { echo 'Sorry, not found. If you find it out please add it.'; } }
if ($_GET['action'] == 'add') { $hash = $_GET['word']; $i = 0; $hashs = explode(";", $hash); while ($hashs[$i]) { $result = mysql_query("SELECT * FROM md5 WHERE plaintext = '".$hashs[$i]."'") or die(mysql_error()); $num = mysql_num_rows($result); if ($num > 1) { echo "Already in database (".$hashs[$i].")</br>"; $i ++; } else { $memid = $_COOKIE[$cookie_pfx ."member_id"]; require_once "../includes/newfunctions.php"; while ($hashs = explode(";", $hash)) { $insert = mysql_query("INSERT INTO md5 (plaintext, hash, hash2, hash3, user) VALUES ('".$hash."', '".md5($hashs[$i])."', '".md5(md5($hashs[$i]))."', '".md5(md5(md5($hashs[$i])))."', '".getUserfromID($memid)."')") or die(mysql_error()); ; if ($insert) { echo "Added to database! (".$hashs[$i].")</br>"; } $i ++; } } } }
?>
<form name="form1" method="get" action=""/ <table width="200" border="0"> <tr> <td> Word: </td> <td>
<input type="text" name="word" /> </td>
</tr> <tr> <td>Hash:</td> <td><input type="text" name="hash" /></td> </tr> <tr> <td>Action</td> <td> <select name="action"> <option value="search">Search</option> <option value="add">Add</option> </select> </td> </tr> <tr> <td colspan="2"><center><input type="submit" name="Submit" value="Go!!!"></center></td> </tr> </table> </form>
I didn't test it out or anything, but this should work (Click 'quote' if you want some formatting):
error_reporting( E_ALL ^ E_NOTICE );
@mysql_connect('localhost', 'root', 'rootpass') or die('Failed to connect to the database.');
require_once('../includes/newfunctions.php');
$memid = $_COOKIE[$cookie_pfx.'member_id'];
$action = isset($_GET['action']) ? $_GET['action'] : '';
$hash = isset($_GET['hash']) ? $_GET['hash'] : '';
if( $action == 'search' ) {
if( !preg_match('/^[a-f0-9]{32}$/', $hash) )
echo 'Sorry, but that is a invalid MD5 hash.';
elseif( !mysql_num_rows($result = mysql_query("SELECT plaintext, user FROM `md5` WHERE hash='$hash' or hash2='$hash' or hash3='$hash'")) )
echo 'We apologize, but that hash was not found in the database.<br/>'.
'If you find out the plaintext, please add it.';
else {
$r = mysql_fetch_assoc($result);
echo "{$r['plaintext']}<br/>&*92;nAdded to the database by <b>{$r['user']}</b>";
}
} elseif( $action == 'add' ) {
$hash = addslashes(urldecode(stripslashes($hash)));
foreach( explode(';', $hash) as $word ) {
if( mysql_num_rows(mysql_query("SELECT * FROM `md5` WHERE plaintext='$word'")) )
echo "Already in database ($word)<br/>&*92;n";
else {
$insert = "INSERT INTO md5 (plaintext, hash, hash2, hash3, user)".
' VALUES ("$hash", "'.md5($hash).'", "'.md5(md5($hash)).'", "'.md5(md5(md5($hash))).'", "'.getUserfromID($memid).'")';
if( mysql_query($insert) )
echo "Added ($word)<br/>&*92;n";
}
}
}
?>
<form name="form1">
<table width="400" border="0" align="center">
<tr>
<td>Hash/Word to add:</td>
<td><input type="text" name="hash"/></td>
</tr>
<tr>
<td>Action:</td>
<td>
<select name="action">
<option value="search">Search</option>
<option value="add">Add</option>
</select>
</td>
</tr>
<tr align="center">
<td colspan="2"><input type="submit" value="Go!"/></td>
</tr>
</table>
</form>```
I've been programming in PHP for about 6 years now.
To add wordlists, all you have to do is:
<?php
set_time_limit(0);
foreach( file('wordlist.txt') as $line ) {
$word = str_replace(array("*r", "*n"), '', $line);
mysql_query("INSERT query here");
}
?>
Change * to a backslash, for some reason the HBH filters try changing it
Wow, I've only been at it 3 months. Nice to talk to a true Guru.
Thanx for the help with the code
mozzer
EDIT: When I get something out of a remote db each new line gets encypted from some reason. Why?
set_time_limit(0);
$list = file($_GET['hash']);
foreach($list as $line ) {
$word = str_replace(array("*r", "*n", " "), '', $line);
if( mysql_num_rows(mysql_query("SELECT * FROM `md5` WHERE plaintext='".mysql_real_escape_string($word)."'")) )
echo "Already in database ($word)<br/>";
else {
$user = meh()
}
else {
$name2 = mysql_fetch_array($name);
}
$insert = "INSERT INTO md5 (plaintext, hash, hash2, hash3, user)".
' VALUES ("'.mysql_real_escape_string($word).'", "'.md5($word).'", "'.md5(md5($word)).'", "'.md5(md5(md5($word))).'", "'.$user.'")';
if( mysql_query($insert) )
echo "Added (".$word.")<br/>";
}
}
}```