using System.Security.Cryptography; using System.Text; namespace SHA1Hash { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void btnZeroTrust_Click(object sender, EventArgs e) { txtDesc.Text = ""; txtOutput.Text = ""; txtResult.Text = ""; Application.DoEvents(); string input = txtInput.Text; string hash = ComputeSHA1Hash(input); txtOutput.Text = hash; string iSha5 = hash.Substring(0, 5); Random random = new Random((int)DateTime.Now.Ticks); string iSha6 = hash.Substring(random.Next(6, 36), 3); string rHash = hash.Substring(5); txtOutput.Text = rHash; lblStatus.Text = "web request..."; Application.DoEvents(); string returnString = Task.Run(async () => await SendGetRequestWithShaAsyncZeroTrust("https://www.home.daprogs.net/pwn/zerotrust.php", iSha5, iSha6)).GetAwaiter().GetResult(); //string returnString = Task.Run(async () => await SendGetRequestWithShaAsyncZeroTrust("https://www.daprogs.com/pwn/zerotrust.php", iSha5, iSha6)).GetAwaiter().GetResult(); lblStatus.Text = "response..."; Application.DoEvents(); lblStatus.Text = $"request sent: {iSha5}-{iSha6}"; Application.DoEvents(); if (returnString.Contains("BAD")) { if(returnString.ToLower().Contains(rHash.ToLower())) { txtResult.Text = "BAD - Your password is listed"; txtDesc.Text = $"{returnString.Replace("BAD:\r\n", "")}"; int selectStart = txtDesc.Text.IndexOf(rHash.ToUpper()); txtDesc.Select(selectStart, 35); } else txtResult.Text = "OK - Not in list"; } else txtResult.Text = returnString; txtInput.Focus(); txtInput.SelectAll(); } private void btnHash_Click(object sender, EventArgs e) { txtDesc.Text = ""; txtOutput.Text = ""; txtResult.Text = ""; Application.DoEvents(); string input = txtInput.Text; string hash = ComputeSHA1Hash(input); txtOutput.Text = hash; lblStatus.Text = "web request..."; Application.DoEvents(); string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.home.daprogs.net/pwn/indexapi.php", hash)).GetAwaiter().GetResult(); //string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.daprogs.com/pwn/indexapi.php", hash)).GetAwaiter().GetResult(); lblStatus.Text = "response..."; Application.DoEvents(); txtResult.Text = returnString; lblStatus.Text = "..."; Application.DoEvents(); if (returnString.Contains("BAD")) { txtDesc.Text = "This password is in the master list.\r\n"; txtDesc.Text += $"It has been seen {txtResult.Text.Split(":")[1].Replace("\r\n", "")} times\r\n"; txtDesc.Text += "Even a value of 1 is bad.\r\n"; txtDesc.Text += "You need to change this password ASAP!\r\n"; } txtInput.Focus(); txtInput.SelectAll(); } public static string ComputeSHA1Hash(string input) { using (SHA1 sha1 = SHA1.Create()) { byte[] inputBytes = Encoding.UTF8.GetBytes(input); byte[] hashBytes = sha1.ComputeHash(inputBytes); StringBuilder sb = new StringBuilder(); for (int i = 0; i < hashBytes.Length; i++) { sb.Append(hashBytes[i].ToString("x2")); } return sb.ToString(); } } async Task SendGetRequestWithShaAsync(string url, string sha) { using (HttpClient client = new HttpClient()) { try { string fullUrl = $"{url}?sha1={Uri.EscapeDataString(sha)}"; HttpResponseMessage response = await client.GetAsync(fullUrl); response.EnsureSuccessStatusCode(); string responseBody = await response.Content.ReadAsStringAsync(); return responseBody; } catch (HttpRequestException e) { return $"Request exception: {e.Message}"; } } } async Task SendGetRequestWithShaAsyncZeroTrust(string url, string sha5, string sha6) { using (HttpClient client = new HttpClient()) { try { string fullUrl = $"{url}?sha5={Uri.EscapeDataString(sha5)}&sha6={Uri.EscapeDataString(sha6)}"; HttpResponseMessage response = await client.GetAsync(fullUrl); response.EnsureSuccessStatusCode(); string responseBody = await response.Content.ReadAsStringAsync(); return responseBody; } catch (HttpRequestException e) { return $"Request exception: {e.Message}"; } } } private void btnCreateReport_Click(object sender, EventArgs e) { using (StreamWriter SW = new StreamWriter("userReport-tci.txt", false)) { using (StreamReader SR = new StreamReader("passList-tci.csv")) { string passThing = SR.ReadToEnd(); string[] passList = passThing.Split("\r\n"); int cCount = 0; int tCount = passList.Count(); foreach (string item in passList) { if (item.Contains(",")) { string[] items = item.Split(","); string email = items[0].Split(";")[0] + "@" + items[2]; string password = items[1]; if (password.Length > 0) { string hash = ComputeSHA1Hash(password); txtOutput.Text = hash; txtResult.Text = $"{cCount}/{tCount}"; lblStatus.Text = "web request..."; Application.DoEvents(); string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.home.daprogs.net/pwn/indexapi.php", hash)).GetAwaiter().GetResult(); //string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.daprogs.com/pwn/indexapi.php", hash)).GetAwaiter().GetResult(); lblStatus.Text = "response..."; Application.DoEvents(); if (returnString.Contains("BAD")) SW.WriteLine($"{email},Password is hacked!({returnString.Split(":")[1].Replace("\r\n", "")})"); } } cCount++; } } } txtOutput.Text = "Complete."; lblStatus.Text = "Complete."; Application.DoEvents(); } } }