Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Tuesday, 21 January 2014

How to hash and crack UNIX passwords in python

Crypt module

I am using the crypt module here, which is a one-way hash function based upon a modified DES algorithm. You can easily adjust the script to crack secure hash algorithms (SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA’s MD5 algorithm ) by using the hashlib  module.

Crypt Overview

import crypt
crypt.crypt("user", "AD")
'AD5Qg2vQhsLRw'

AD is the salt, which is a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways.

The python password cracking script

import crypt
def testPass(hashpass):
    salt = hashpass[0:2]
    dictionary = open('dictionary.txt', 'r') #this is our dictionary file
    for word in dictionary.readlines():
        word = word.strip('\n')
        crypto = crypt.crypt(word,salt)
        if crypto == hashpass:
            print "[+] Password: "+word+"\n"
            return
    print "[-] Password Not Found.\n"
    return

def main():
    hashpass = open('passwords.txt', 'r') #file with hashed password
    for line in hashpass.readlines():
        if ":" in line:
            user = line.split(':')[0]
            hashpass = line.split(':')[1].strip(' ')
            print "[*] Cracking Password For: "+user
            testPass(hashpass)
if __name__ == "__main__":
    main() 
 
Save the script as cracker.py.
You also need to create a dictionary.txt and password.txt  (with the hashed passwords) file to successfully run the program.

Create a new folder and put the three files into it, afterwards simply run 
python cracker.py

You can download all of the files here: Drive