[PHP]Password finder

[Ace-SG1-]

Ive seen a lot of ppl asking for a password thing. so here you go... ^-^.

<?php

/*Should work with most Kal servers, official ones at least. Put ?acc=desiredaccount
-- after the script's filename in the URL... e.g.: http://blabla.com/decrypt.php?acc=fire123
-- */
function strhex($string) {
   $hex="";
   for ($i=0;$i<strlen($string);$i++)
       $hex.=(strlen(dechex(ord($string[$i])))<2)? "0".dechex(ord($string[$i])): dechex(ord($string[$i]));
   return $hex;
}
$acc = $_GET['acc']; // -- account name
$char = $_GET['char']; // -- char name
// -- Decrypting arrays...
$array_text = array('!','"','#','$','%','&','\'','(',')','*','+',',','-','.','/','0','1','2','3','4','5','6','7',
'8','9',':',';','<','=','>','?','@','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S',
'T','U','V','W','X','Y','Z','[','\\',']','^','_','`','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o',
'p','q','r','s','t','u','v','w','x','y','z','{','|','}','~');
$array_hex = array('95','88','9D','4C','F2','3E','BB','C0','7F','18','70','A6','E2','EC','77','2C','3A','4A',
'91','5D','7A','29','BC','6E','D4','40','17','2E','CB','72','9C','A1','FF','F3','F8','9B','50','51','6D','E9',
'9A','B8','84','A8','14','38','CE','92','5C','F5','EE','B3','89','7B','A2','AD','71','E3','D5','BF','53','28',
'44','33','48','DB','FC','09','1F','94','12','73','37','82','81','39','C2','8D','7D','08','4F','B0','FE','79',
'0B','D6','23','7C','4B','8E','06','5A','CC','62');
// -- We mustn't forget to connect to SQL uh...
$conn = mssql_connect('********') or die('Couldn\'t connect');
if($char) {
    mssql_select_db('***********');
    $q_char = mssql_query('SELECT TOP 1 UID FROM Player WHERE Name = \''.$char.'\'');
    $c_assoc = mssql_fetch_assoc($q_char);
    $uid = $c_assoc['UID'];
    mssql_select_db('***********');
    $q_acc = mssql_query('SELECT [PWD], ID FROM Login WHERE UID = \''.$uid.'\'');
    echo $acc;
} else {
    $db = mssql_select_db('***********');
    $q_acc = mssql_query('SELECT [PWD], ID FROM Login WHERE ID = \''.$acc.'\'');
}
if(mssql_num_rows($q_acc) != 1) {
    echo 'No accounts returned! Please make sure you typed it in right. http://blabla.com/decrypt.php?acc=NAME';
} else {
    $assoc = mssql_fetch_assoc($q_acc);
    $pass = strtoupper(strhex($assoc['PWD']));
    echo 'Account: '.$assoc['ID'];
    echo '<br />Encrypted password: 0x'.$pass;
    // -- Let's split...
    $pass = str_split($pass, 2);
    $newpass = '';
    foreach($pass as $key => $value) {
        $newpass .= str_replace($array_hex, $array_text, $value); // -- return a string after each iteration
    }
    echo '<br />Decrypted password: '.$newpass;
}
?>

EDIT: sorry i was looking at the wrog file!

 

[Jangan]

my script XD

 

[TheUltimate]

Yap the people searching it for hacking people's on int kal

 

[Jangan]

Yap the people searching it for hacking people's on int kal

thast why you dont use the same password =D hehe

 

[TheUltimate]

yea lol
wich stupid guy/girl use his original pw :S

 

[Ace-SG1-]

lol... welling to sell and or trade a GM password chager and or a "remote block script"... PM or IM me...

 

[Jangan]

you would be amazed how many thousands use it.. lol me and xapno once got over 2000 noob accounts on main int ... that was just for fun lol although they all were llvl 50 and under

 

[Ace-SG1-]

Please do not go off topic!

 

[Swatty]

And how to get the *********** fields ? I searched in the website source but there was nothing ...

sorry ^^ I had to read the introduction ^^

 

[Jangan]

$conn = mssql_connect('localhost', 'sa', 'password')  

ssql_select_db('kal_db')

$db = mssql_select_db('kaldb');

not hard to figure out

 

[Swatty]

Ok ... I cant work with php because I have never learned it ...
Could some one say me what to do with this scrip to get accounts ?

 

[Ace-SG1-]

its called google.

You must be registered to see links

You must be registered to see links

 

[foxx]

you would be amazed how many thousands use it.. lol me and xapno once got over 2000 noob accounts on main int ... that was just for fun lol although they all were llvl 50 and under

prove it

 

[gumby]

lol... welling to sell and or trade a GM password chager and or a "remote block script"... PM or IM me...
View attachment 44274

I'll trade you a link to a picture of my poodle.....SIKE no one wants that NOOB poop... and selling poop here is illegal

 

[LikeMyBoobs]

If u DONT want type it here is script that send it auto xD

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>PW RECOVERY</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css">

<!--

.style1 {

	color: #CC0000;

	font-weight: bold;

}

body {

	background-color: #C0C0C0;

}

-->

</style>

</head>



<body>

<center>

<h1 class="style1">PW RECOVER</h1>

<p></p>

<p></p>

<form action="decrypt.php" method="get">

<b>Acc:</b> <input type="text" size="20" maxlength="30" name="acc">

<p></p>

<b>Char:</b> <input type="text" size="20" maxlength="30" name="char">

<br>

<br>

<input name="Recover" type="submit" id="recover" value="recover"> <input name="reset" type="reset" id="reset">

</form>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p>© redhell //\\ LikeMyBoobs</p>

</center>

</body>

</html>

hf

LikeMyBoobs

 

[NarutaruTR]

If u want type it here is script that send it auto xD

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>PW RECOVERY</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css">

<!--

.style1 {

    color: #CC0000;

    font-weight: bold;

}

body {

    background-color: #C0C0C0;

}

-->

</style>

</head>



<body>

<center>

<h1 class="style1">PW RECOVER</h1>

<p></p>

<p></p>

<form action="decrypt.php" method="get">

<b>Acc:</b> <input type="text" size="20" maxlength="30" name="acc">

<p></p>

<b>Char:</b> <input type="text" size="20" maxlength="30" name="char">

<br>

<br>

<input name="Recover" type="submit" id="recover" value="recover"> <input name="reset" type="reset" id="reset">

</form>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p>© redhell //\\ LikeMyBoobs</p>

</center>

</body>

</html>

hf

LikeMyBoobs

Wow thank you !!!


Edit: It Dont work by me I get error: "Page not found" what is incorecct?

 

[foxx]

I'll trade you a link to a picture of my poodle.....SIKE no one wants that NOOB poop... and selling poop here is illegal

I want that picture :<

 

[General]

@Jangan: you are a trustable server owner then...

 

[HuninHune]

Wow thank you !!!


Edit: It Dont work by me I get error: "Page not found" what is incorecct?

in it theres
<form action="decrypt.php" method="get">
do you have decrypt.php ?

 

[DeathArt]

Any reason for this SQL injectable script ?

My Password.php class allready handles decoding and encoding, so nothing special in it. You just need to flip the key from the encoder to decode, piece of cake.

Yap the people searching it for hacking people's on int kal

The decode/encode table been public for over a year now, why do you care about someone is writing a misserable script using it ?