I have a school assignment which consists of me having to crack a unix password file, the passwords were created using SHA-512,
I'm using python3, to write my password cracking script, which goes through a password file, adds the salt and compares each password until the hash is found.
Here is my code:
#!/usr/bin/env python3
import crypt
passFile = open('passwords.txt', 'r')
salt_MD5 = []
hash_MD5 = []
salt_SHA512 = []
hash_SHA512 = []
for line in passFile:
if "$6$" in line:
temp1 = line.split(":")
temp1 = temp1[1]
salt_SHA512.append(temp1[:11])
hash_SHA512.append(temp1)
if "$1$" in line:
temp1 = line.split(":")
temp1 = temp1[1]
salt_MD5.append(temp1[:11])
hash_MD5.append(temp1)
print(salt_MD5, hash_MD5)
print(salt_SHA512, hash_SHA512)
crackStation = open('1000000passwords.txt', 'r')
print("Searching for the password...")
counter = 0
for index in crackStation:
counter += 1
hashed_value_1 = crypt.crypt(index, salt_MD5[0])
hashed_value_2 = crypt.crypt(index, salt_MD5[1])
hashed_value512_1 = crypt.crypt(index, salt_SHA512[0])
hashed_value512_2 = crypt.crypt(index, salt_SHA512[1])
if counter % 50000 == 0:
print("Counter is at: " + str(counter) + " Left to iterate = " + str(1000000-counter))
# if hashed_value_1 == hash_MD5[0]:
# password_1 = index
# print("User one has been cracked password is: " + password_1)
# if hashed_value_2 == hash_MD5[1]:
# password_2 = index
# print("User two has been cracked password is: " + password_2)
if hashed_value512_1 == hash_SHA512[0]:
password_3 = index
print("User one has been cracked using password: " + password_3)
if hashed_value512_2 == hash_SHA512[1]:
password_4 = index
print("User one has been cracked using password: " + password_4)
print("Search Complete.")
try:
print(password_1, password_2, password_3, password_4)
except Exception as e:
print("Oh shit something went wrong :s" + e)
Please disregard the MD5, salt and hash, as that I will deal with later (professor claimed that some of the passwords in the file would be crackable and a fellow student confirmed that he was able to crack both the SHA-512 passwords therefore I commented the MD5 out for the sake of speed)
I'm curious to see WHAT type of encoding I should be using to read from the password file, So far I've tried 'mac_roman', to iterate through the dictionary file, and now I just didn't set an encoding, I'm assuming the default should be UTF-8, but I honestly don't know how to check to confirm.
If anyone has any suggestions on what I can do to get this working I'd really appreciate it!
(I'm attempting the default encoding right now, by not initializing one
crackStation = open('1000000passwords.txt', 'r')
)
If in the case that, that does in fact work I will let you know!
Additonal question:
Could someone tell me what the encoding would be for this password file,
adamkaplan:$6$S4Y0gQuy$QRkLo5t/6KONMAiQY9DIAPojv0Q8CBvDtNqe02sfR7rnEdw.QgSm0LU/JRcIc/Arn/PpK3lxroc19bVQDwUGQ/:17786:0:99999:7:::
cardib:$6$t84.Fvbo$8lKHpxBDnjoHhnFS3.A4ezNZmKfy5MLbe7UGZoOnWgz55j0g5TBx5LOQAujDiqkUuE50EACOZsydlBZgy5jkw/:17786:0:99999:7:::
the password hash isn't BASE64, and the reason I'm asking is because when I use different encodings within a dictionary file each encoding gives a different hash, so that's what is throwing me off, the fact that if I use UTF-8, I will receive a different hash verses latin-1
So what encoding would linux password file be using by default.
If I create a new linux account through the terminal and set a password and go back inside my password file I will have a newly made hash for that new usernames password, and the encoding that was used within that hashing algorithm is what I Would need, or atleast that's what I image would need in order to crack the password.
Hope that isn't too confusing :s
The solution that worked out for me, the reason I wasn't able to crack the passwords were because I failed to strip the new lines from the dictionary words,
simply doing a
line = line.rstrip()
solved my problem, I didn't need to do any type of encoding or anything to have the file work.