#!/usr/bin/python 
#Attempts to crack MySQL323 hash using wordlist. 
#https://darkc0de.com/ 
#d3hydr8[at]gmail[dot]com 
#rsauron[at]gmail[dot]com 
 
import sys 
 
def mysql323(clear): 
    # Taken almost verbatim from mysql's source 
    nr = 1345345333 
    add = 7 
    nr2 = 0x12345671 
    retval = "" 
    for c in clear: 
  if c == ' ' or c == '\t': 
      continue 
  tmp = ord(c) 
  nr ^= (((nr & 63) + add) * tmp) + (nr << 8) 
  nr2 += (nr2 << 8) ^ nr 
  add += tmp 
    res1 = nr & ((1 << 31) - 1) 
    res2 = nr2 & ((1 << 31) - 1) 
    return "%08lx%08lx" % (res1, res2) 
 
if len(sys.argv) != 3: 
  print "Usage: ./mysql323crack.py <hash> <wordlist>" 
  sys.exit(1) 
 
pw = sys.argv[1] 
if len(pw) != 16: 
  print "Improper hash length\n" 
    sys.exit(1) 
try: 
    words = open(sys.argv[2], "r") 
except(IOError): 
    print "Error: Check your wordlist path\n" 
    sys.exit(1) 
words = words.readlines() 
print "\nWords Loaded:",len(words) 
for word in words: 
  word = word.rstrip("\n") 
  if pw == mysql323(word): 
    print "\nPassword is:",word