声明，仅供学习，请勿用于非法用途！

首先需要获取到salt值和密文，自己有字典

我是做vulhub的cmsms复现的时候，用他的poc跑出来密文和盐值，发现这个是做了字段拼接再加密，也就是加盐了，然后没办法直接依靠在线网站做解密

这里自己琢磨了一下，用python写了一个简易工具，由于md5是不可逆的，但我们可以去尝试用盐值加上字典里的明文密码去拼接然后加密和密文做对比，暴力枚举

import optparse
import hashlib
import os
#输入盐值，密码字典路径，密文，程序将自动破解密码，python xxx.py -s xxxxxx -w yourPATH -m xxxxx 
parser = optparse.OptionParser()
parser.add_option("-s","--salt",action="store",dest="salt",help="Enter the salt of the password to decrypt,ex. 451292bfaed931a5")
parser.add_option("-w","--wordlist",action="store",dest="wordlist",help="Enter the path of the wordlist file")
parser.add_option("-m","--miwen",action="store",dest="miwen",help="Enter the miwen to decrypt,ex. 1234567890abcdef")
options,args = parser.parse_args()if not options.salt:parser.error("Please enter the salt of the password to decrypt")if not options.wordlist:parser.error("Please enter the path of the wordlist file")if not os.path.exists(options.wordlist):parser.error("The wordlist file does not exist")password = ""def crack_password():global passwordglobal wordlistglobal saltglobal miwenflag = Falsewordlist = open(options.wordlist)salt = options.saltmiwen = options.miwenfor word in wordlist:word = word.strip()  # 去掉换行符if hashlib.md5((salt + word).encode()).hexdigest() == miwen:password = wordflag = Truebreakif flag == False:password = 'password not found'wordlist.close()print("Password found: "+password)crack_password()