Jump to content

Help With Bash Script To PHP


BobZach

Recommended Posts

    

First off I want to thank everyone that is involved here in passing on the knowledge. After all that is what its all about. Okay so I want to do a campaign on password awareness and try to capitalize a little off of it. I came across the Breached_Compilation which is 1.4 billion email and plain text passwords. It has bash scripting in it to search and parse out the info from plain text documents which are in folders then prints the results in terminal. The other thing is that it posts the passwords in clear text. How would I obfuscate a portion of the clear text passwords? What would be the best way to integrate this to PHP? I am new to coding in PHP so any help is very much appreciated. Thanks an advance.

  • Here is the Bash script.
#!/bin/bash
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )

if [ "$1" != "" ]; then
	letter1=$(echo ${1,,}|cut -b1)
	if [[ $letter1 == [a-zA-Z0-9] ]]; then
		if [ -f "$dir/data/$letter1" ]; then
			grep -ai "^$1" "$dir/data/$letter1"
		else
			letter2=$(echo ${1,,}|cut -b2)
			if [[ $letter2 == [a-zA-Z0-9] ]]; then
				if [ -f "$dir/data/$letter1/$letter2" ]; then
					grep -ai "^$1" "$dir/data/$letter1/$letter2"
				else
					letter3=$(echo ${1,,}|cut -b3)
					if [[ $letter3 == [a-zA-Z0-9] ]]; then
						if [ -f "$dir/data/$letter1/$letter2/$letter3" ]; then
							grep -ai "^$1" "$dir/data/$letter1/$letter2/$letter3"
						fi
					else
						if [ -f "$dir/data/$letter1/$letter2/symbols" ]; then
							grep -ai "^$1" "$dir/data/$letter1/$letter2/symbols"
						fi
					fi
				fi
			else
				if [ -f "$dir/data/$letter1/symbols" ]; then
					grep -ai "^$1" "$dir/data/$letter1/symbols"
				fi
			fi
		fi
	else
		if [ -f "$dir/data/symbols" ]; then
			grep -ai "^$1" "$dir/data/symbols"
		fi
	fi
else
	echo "[*] Example: ./query name@domain.com"
fi

 

Link to comment
Share on other sites

Integrate with PHP or convert to PHP? Please clarify. I don't even see a password being used in this code.

As for your specific question, the answer depends on what you are trying to do. You could put an encrypted password in a file that is read protected then decrypt the password in your code to be used wherever.

Link to comment
Share on other sites

@gw1500se Thanks for your reply. Convert unless a better way. The script searches in content of folders for whatever email address you query and greps all the lines with that email and posts it back in my terminal window.

  • Here is an example of content in the plain text files.

johndoe@gmail.com:1234567

janedoe@yahoo.com:abc123

bobbydoe@yahoo.com:password123

jennydoe@mail.com:8675309

jennydoe@mail.com:letmein123

  • Example of using the bash script in terminal.

bash query.sh jennydoe@mail.com                      <---- Hit enter the script does its search checking for email in plain text doc.

jennydoe@mail.com:8675309                                <---- These results are displayed in the terminal window.

jennydoe@mail.com:letmein123                           <---- As you can see it is showing the plain text password. I do not want to expose peoples passwords online. 

                                                                                                      le**ei**23 vs letmein123 is better for people checking to see if the email and password was breached online.

Once again I will appreciate any help as I am very new to PHP. I have attached a picture of how in theory it should look. Thanks again.

example.jpg

Link to comment
Share on other sites

If you don't want to expose passwords I'd suggest just not showing them at all.  Just show a generic statement or maybe a count of the total passwords found.

As far as the script, for PHP you'd scan a directory tree using the RecursiveDirectoryIterator / RecursiveIteratorIterator.   It looks like the data may be stored in folders/files based on a prefix of the email so maybe you could just go straight to the file in question by building the file path and checking for it instead using file_exists.

Once you have the file(s), you can read them and check each line for the email using substr or explode.

  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.