182 lines
7.6 KiB
C#
182 lines
7.6 KiB
C#
using System.Security.Cryptography;
|
|
using System.Text;
|
|
|
|
namespace SHA1Hash
|
|
{
|
|
public partial class Form1 : Form
|
|
{
|
|
public Form1()
|
|
{
|
|
InitializeComponent();
|
|
}
|
|
|
|
private void btnZeroTrust_Click(object sender, EventArgs e)
|
|
{
|
|
txtDesc.Text = "";
|
|
txtOutput.Text = "";
|
|
txtResult.Text = "";
|
|
Application.DoEvents();
|
|
string input = txtInput.Text;
|
|
string hash = ComputeSHA1Hash(input);
|
|
txtOutput.Text = hash;
|
|
string iSha5 = hash.Substring(0, 5);
|
|
Random random = new Random((int)DateTime.Now.Ticks);
|
|
string iSha6 = hash.Substring(random.Next(6, 36), 3);
|
|
string rHash = hash.Substring(5);
|
|
txtOutput.Text = rHash;
|
|
lblStatus.Text = "web request...";
|
|
Application.DoEvents();
|
|
string returnString = Task.Run(async () => await SendGetRequestWithShaAsyncZeroTrust("https://www.home.daprogs.net/pwn/zerotrust.php", iSha5, iSha6)).GetAwaiter().GetResult();
|
|
//string returnString = Task.Run(async () => await SendGetRequestWithShaAsyncZeroTrust("https://www.daprogs.com/pwn/zerotrust.php", iSha5, iSha6)).GetAwaiter().GetResult();
|
|
lblStatus.Text = "response...";
|
|
Application.DoEvents();
|
|
lblStatus.Text = $"request sent: {iSha5}-{iSha6}";
|
|
Application.DoEvents();
|
|
if (returnString.Contains("BAD"))
|
|
{
|
|
if(returnString.ToLower().Contains(rHash.ToLower()))
|
|
{
|
|
txtResult.Text = "BAD - Your password is listed";
|
|
txtDesc.Text = $"{returnString.Replace("BAD:\r\n", "")}";
|
|
int selectStart = txtDesc.Text.IndexOf(rHash.ToUpper());
|
|
txtDesc.Select(selectStart, 35);
|
|
}
|
|
else
|
|
txtResult.Text = "OK - Not in list";
|
|
}
|
|
else
|
|
txtResult.Text = returnString;
|
|
|
|
txtInput.Focus();
|
|
txtInput.SelectAll();
|
|
}
|
|
|
|
private void btnHash_Click(object sender, EventArgs e)
|
|
{
|
|
txtDesc.Text = "";
|
|
txtOutput.Text = "";
|
|
txtResult.Text = "";
|
|
Application.DoEvents();
|
|
string input = txtInput.Text;
|
|
string hash = ComputeSHA1Hash(input);
|
|
txtOutput.Text = hash;
|
|
lblStatus.Text = "web request...";
|
|
Application.DoEvents();
|
|
string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.home.daprogs.net/pwn/indexapi.php", hash)).GetAwaiter().GetResult();
|
|
//string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.daprogs.com/pwn/indexapi.php", hash)).GetAwaiter().GetResult();
|
|
lblStatus.Text = "response...";
|
|
Application.DoEvents();
|
|
txtResult.Text = returnString;
|
|
lblStatus.Text = "...";
|
|
Application.DoEvents();
|
|
if (returnString.Contains("BAD"))
|
|
{
|
|
txtDesc.Text = "This password is in the master list.\r\n";
|
|
txtDesc.Text += $"It has been seen {txtResult.Text.Split(":")[1].Replace("\r\n", "")} times\r\n";
|
|
txtDesc.Text += "Even a value of 1 is bad.\r\n";
|
|
txtDesc.Text += "You need to change this password ASAP!\r\n";
|
|
}
|
|
txtInput.Focus();
|
|
txtInput.SelectAll();
|
|
}
|
|
|
|
public static string ComputeSHA1Hash(string input)
|
|
{
|
|
using (SHA1 sha1 = SHA1.Create())
|
|
{
|
|
byte[] inputBytes = Encoding.UTF8.GetBytes(input);
|
|
byte[] hashBytes = sha1.ComputeHash(inputBytes);
|
|
|
|
StringBuilder sb = new StringBuilder();
|
|
|
|
for (int i = 0; i < hashBytes.Length; i++)
|
|
{
|
|
sb.Append(hashBytes[i].ToString("x2"));
|
|
}
|
|
|
|
return sb.ToString();
|
|
}
|
|
}
|
|
|
|
async Task<string> SendGetRequestWithShaAsync(string url, string sha)
|
|
{
|
|
using (HttpClient client = new HttpClient())
|
|
{
|
|
try
|
|
{
|
|
string fullUrl = $"{url}?sha1={Uri.EscapeDataString(sha)}";
|
|
|
|
HttpResponseMessage response = await client.GetAsync(fullUrl);
|
|
response.EnsureSuccessStatusCode();
|
|
string responseBody = await response.Content.ReadAsStringAsync();
|
|
return responseBody;
|
|
}
|
|
catch (HttpRequestException e)
|
|
{
|
|
return $"Request exception: {e.Message}";
|
|
}
|
|
}
|
|
}
|
|
|
|
async Task<string> SendGetRequestWithShaAsyncZeroTrust(string url, string sha5, string sha6)
|
|
{
|
|
using (HttpClient client = new HttpClient())
|
|
{
|
|
try
|
|
{
|
|
string fullUrl = $"{url}?sha5={Uri.EscapeDataString(sha5)}&sha6={Uri.EscapeDataString(sha6)}";
|
|
HttpResponseMessage response = await client.GetAsync(fullUrl);
|
|
response.EnsureSuccessStatusCode();
|
|
string responseBody = await response.Content.ReadAsStringAsync();
|
|
return responseBody;
|
|
}
|
|
catch (HttpRequestException e)
|
|
{
|
|
return $"Request exception: {e.Message}";
|
|
}
|
|
}
|
|
}
|
|
|
|
private void btnCreateReport_Click(object sender, EventArgs e)
|
|
{
|
|
using (StreamWriter SW = new StreamWriter("userReport-tci.txt", false))
|
|
{
|
|
using (StreamReader SR = new StreamReader("passList-tci.csv"))
|
|
{
|
|
string passThing = SR.ReadToEnd();
|
|
string[] passList = passThing.Split("\r\n");
|
|
int cCount = 0;
|
|
int tCount = passList.Count();
|
|
foreach (string item in passList)
|
|
{
|
|
if (item.Contains(","))
|
|
{
|
|
string[] items = item.Split(",");
|
|
string email = items[0].Split(";")[0] + "@" + items[2];
|
|
string password = items[1];
|
|
if (password.Length > 0)
|
|
{
|
|
string hash = ComputeSHA1Hash(password);
|
|
txtOutput.Text = hash;
|
|
txtResult.Text = $"{cCount}/{tCount}";
|
|
lblStatus.Text = "web request...";
|
|
Application.DoEvents();
|
|
string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.home.daprogs.net/pwn/indexapi.php", hash)).GetAwaiter().GetResult();
|
|
//string returnString = Task.Run(async () => await SendGetRequestWithShaAsync("https://www.daprogs.com/pwn/indexapi.php", hash)).GetAwaiter().GetResult();
|
|
lblStatus.Text = "response...";
|
|
Application.DoEvents();
|
|
if (returnString.Contains("BAD"))
|
|
SW.WriteLine($"{email},Password is hacked!({returnString.Split(":")[1].Replace("\r\n", "")})");
|
|
}
|
|
}
|
|
cCount++;
|
|
}
|
|
}
|
|
}
|
|
txtOutput.Text = "Complete.";
|
|
lblStatus.Text = "Complete.";
|
|
Application.DoEvents();
|
|
}
|
|
}
|
|
}
|