<?php
$hash = 'e626d51g54t54765a88396c35d05';
$wordlist = fopen("/usr/share/wordlists/rockyou.txt","r");
$count = 0;
$start_time = microtime(true);
while(! feof($wordlist)) {
$str = fgets($wordlist);
$str = trim($str);
$genhash = md5(crypt($str,'fa'));
if($hash == $genhash){
echo "Password Found: ". $str."\n";
$end_time = microtime(true);
$execution_time = ($end_time - $start_time);
echo "Tried Passwords:=". $count."\n";
echo "Time taken in cracking = ".$execution_time." sec";
fclose($wordlist);
exit(0);
}
else
{
$count = $count+1;
}
}
fclose($wordlist);
?>
Serach for a CVE here first - Trickest/cve Apache CVE-2024-38475 - CVE-2024-38475 #version less than 2.4.51 CVE-2021-44790 - h ttps://www.exploit-db.com/exploits/51193 #Apache HTTP Server 2.4.50 CVE-2021-42013 - https://www.exploit-db.com/exploits/50406 use https://github.com/mrmtwoj/apache-vulnerability-testing for below CVE's CVE-2024-38472: Apache HTTP Server on Windows UNC SSRF CVE-2024-39573: mod_rewrite proxy handler substitution CVE-2024-38477: Crash resulting in Denial of Service in mod_proxy CVE-2024-38476: Exploitable backend application output causing internal redirects CVE-2024-38475: mod_rewrite weakness with filesystem path matching CVE-2024-38474: Weakness with encoded question marks in backreferences CVE-2024-38473: mod_proxy proxy encoding problem CVE-2023-38709: HTTP response splitting EXIM #suppodily should work for versions below Exim 4.96.1 - is not accurate CVE-2023-42115 - https://github.com/AdaHop-Cyber-Security/Pocy/tree/main
Comments
Post a Comment