100000) { break; } // Remove HTML tags $filtered_content = strip_tags($html['content']); // Remove punctuation $filtered_content = strip_punctuation($filtered_content); // Convert to array $single_word_array = explode(" ",$filtered_content); // Filter out strings that probably aren't valid for hashing foreach($single_word_array as $single_word) { if(strlen($single_word) < 32) { $filtered_word_array[] = $single_word; } } // Sort the array in order of most frequent word $filtered_word_array = array_count_values($filtered_word_array); arsort($filtered_word_array); $filtered_word_array = array_keys($filtered_word_array); } // Run through the array and check the user-requested MD5 hash vs the words in the array foreach($filtered_word_array as $plaintext) { $found = checkHash($query, $plaintext); if($found) { $found_location = "YAHOO_PAGE"; return $found; } } } } function searchGoogle($query) { global $filter; global $found_location; $html = get_web_page("http://www.google.com/search?q=$query"); // Remove the HTML tags (using Cal Henderson's libFilter class) if(isset($html['content'])) { // Some content is too big for the filter--skip it for now if(strlen($html['content']) > 100000) { break; } // Remove HTML tags $filtered_content = strip_tags($html['content']); // Remove punctuation $filtered_content = strip_punctuation($filtered_content); // Convert to array $single_word_array = explode(" ",$filtered_content); // Filter out strings that probably aren't valid for hashing foreach($single_word_array as $single_word) { if(strlen($single_word) < 32) { $filtered_word_array[] = $single_word; } } // Sort the array in order of most frequent word $filtered_word_array = array_count_values($filtered_word_array); arsort($filtered_word_array); $filtered_word_array = array_keys($filtered_word_array); } // Run through the array and check the user-requested MD5 hash vs the words in the array foreach($filtered_word_array as $plaintext) { $found = checkHash($query, $plaintext); if($found) { $found_location = "GOOGLE_SUMMARY"; return $found; } } } function checkHash($query, $plaintext) { $original = $plaintext; /* Check the hash, including upper- and lower-case versions of plaintext, as well as quote-less */ if(md5($plaintext) == $query) { return $plaintext; } elseif(md5(strtolower($plaintext)) == $query) { return strtolower($plaintext); } elseif(md5(strtoupper($plaintext)) == $query) { return strtoupper($plaintext); } else { return false; } } function get_web_page($url) { /* Gets a webpage and saves it into an array for further processing */ $options = array( 'http' => array( 'user_agent' => $_SERVER['HTTP_USER_AGENT'], // run as a web browser rather than a spider 'max_redirects' => 10, // stop after 10 redirects 'timeout' => 120, // timeout on response ) ); $context = stream_context_create( $options ); $page = @file_get_contents( $url, false, $context ); $result = array( ); if ( $page != false ) $result['content'] = $page; else if ( !isset( $http_response_header ) ) return null; // Bad url, timeout // Save the header $result['header'] = $http_response_header; // Get the *last* HTTP status code $nLines = count( $http_response_header ); for ( $i = $nLines-1; $i >= 0; $i-- ) { $line = $http_response_header[$i]; if ( strncasecmp( "HTTP", $line, 4 ) == 0 ) { $response = explode( ' ', $line ); $result['http_code'] = $response[1]; break; } } return $result; } function strip_punctuation($text) { /* strips punctuation from text, based on http://nadeausoftware.com/articles/2007/9/php_tip_how_strip_punctuation_characters_web_page */ $urlbrackets = '\[\]\(\)'; $urlspacebefore = ':;\'_\*%@&?!' . $urlbrackets; $urlspaceafter = '\.,:;\'\-_\*@&\/\\\\\?!#' . $urlbrackets; $urlall = '\.,:;\'\-_\*%@&\/\\\\\?!#' . $urlbrackets; $specialquotes = '\'"\*<>'; $fullstop = '\x{002E}\x{FE52}\x{FF0E}'; $comma = '\x{002C}\x{FE50}\x{FF0C}'; $arabsep = '\x{066B}\x{066C}'; $numseparators = $fullstop . $comma . $arabsep; $numbersign = '\x{0023}\x{FE5F}\x{FF03}'; $percent = '\x{066A}\x{0025}\x{066A}\x{FE6A}\x{FF05}\x{2030}\x{2031}'; $prime = '\x{2032}\x{2033}\x{2034}\x{2057}'; $nummodifiers = $numbersign . $percent . $prime; return preg_replace( array( // Remove separator, control, formatting, surrogate, open/close quotes. '/[\p{Z}\p{Cc}\p{Cf}\p{Cs}\p{Pi}\p{Pf}]/u', // Remove other punctuation except special cases '/\p{Po}(? Let's Crack Some MD5
" . $found . ""; } else { echo "Unable to crack via search engines"; } } else { echo "Light-force MD5 crack using search engines"; } ?>
Please enter an MD5 hash you wish to crack:
Result:
Congratulations!"; echo "
  • The hash $query has been deciphered to: $found
  • "; switch($found_location) { case "YAHOO_URL": echo "
  • The plain-text was found in a Yahoo URL
  • "; break; case "YAHOO_SUMMARY": echo "
  • The plain-text was found in Yahoo's summary of a page
  • "; break; case "YAHOO_PAGE": echo "
  • The plain-text was found in a page via Yahoo
  • "; break; case "GOOGLE_SUMMARY": echo "
  • The plain-text was found in Google's summary of a page
  • "; break; case "DATABASE": echo "
  • This plain-text had already been found via search engine
  • "; break; } echo "
  • Found in " . $time . " seconds
  • "; echo ""; } else { echo ""; } } ?>