#!/usr/bin/perl
#
# Blowfish hash analyzer
#
$cgi_url = "http://www.n3t.net/cgi-bin/blowfish.cgi";
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g;
$value =~ s/<([^>]|\n)*>//g;
$value =~ s/([;<>\*\|`&\$!#\(\)\[\]\{\}:'"\n])/\\$1/g;
$FORM{$name} = $value;
}
if($FORM{'action'} eq '') {
print "Content-type: text/html\n\n";
print "Blowfish Hash Analyser\n";
print "\n";
print "This is a simple blowfish \(master.passwd line etc\) analyser.
\n";
print "Here is an example of a user's entry in the passwd file using blowfish encryption
\n";
print "example:\$2a\$07\$DXeg5KuywPc\/21JgKT6SGOPYHxkwOK9IkcUUg4sI6La.7mqqOLKQe:1002:1002::0:0:example user:/home/example:/usr/local/bin/bash
\n";
print "Just put in your line and this script will break it down for you.
\n";
print "\n";
print "\n";
exit;
}
elsif($FORM{'action'} eq 'doitdamnit') {
$blst = $FORM{'blst'};
$blst =~ s/\\//g;
($name, $hash, $uid, $gid, $nada, $nada2, $nada3, $realn, $direc, $shell) = split(/:/,$blst,10);
($nill,$bl, $rnds, $hash2) = split(/\$/,$hash,4);
$passwd = substr($hash2,0,22);
$hashfin = substr($hash2,-31,31);
print "Content-type: text/html\n\n";
print "Crypt\n";
print "\n";
print "$blst
\n";
print "\nUsername : $name
Blowfish ID : $bl
Rounds : $rnds
\n";
print "Password Salt : $passwd
Hash : $hashfin
UserID : $uid
GroupID : $gid
\n";
print "Real Name : $realn
Home Directory : $direc
Shell : $shell\n\n";
print "
Analyse another...
\n";
print "\n";
print "\n";
print "\n";
exit;
}