It has been about a month since I have posted, that does not mean I have stopped coding. Lately I’ve been back on my “security” kick. Although for me it’s more of an obsession rather than just a kick. When it comes to security, a programming language like Python can make many common task a breeze to accomplish. Here I have a basic Linux password cracker that can crack the current SHA-512 shadowed hashes from a user supplied dictionary and detect whether a hash is the lesser used MD5 or SHA-256 format. Enjoy.
import crypt def testPass(cryptPass): hashType = cryptPass.split("$") if hashType == '1': print "[+] Hash Type is MD5" elif hashType == '5': print "[+] Hash Type is SHA-256" elif hashType == '6': print "[+] Hash Type is SHA-512" else: "[+] Hash Type is Unknown" salt = cryptPass.split("$") dictFile = open('dictionary.txt', 'r') for word in dictFile.readlines(): word = word.strip('\n') pepper = "$" + hashType + "$" + salt cryptWord = crypt.crypt(word, pepper) if cryptWord == cryptPass: print '[+] Found Password: ' + word + '\n' return print '[-] Password Not Found.\n' return def main(): passFile = open('passwords.txt') for line in passFile.readlines(): if ':' in line: user = line.split(':') cryptPass = line.split(':').strip(' ') print '[*] Cracking Password For: ' + user testPass(cryptPass) if __name__ == '__main__': main()