def crack_password(account, word_list, status_bar, password_count):
""" Cracks the shadowed password """
shadowed = account.split(":")
username = shadowed[0]
hashed_pwd = shadowed[1]
lindex = hashed_pwd.rfind('$')
hash_algorithm = hashed_pwd[1:2]
salt = hashed_pwd[3:lindex]
algorithm = HASH_ALGORITHMS[hash_algorithm]
salt_format = "${}${}$".format(hash_algorithm, salt)
with open(word_list, 'r') as raw_passwords:
for raw_password in raw_passwords:
raw_password = raw_password.strip()
crypted = crypt(raw_password, salt_format)
if (compare_hash(crypted, shadowed[1])):
ua = UnixAccount(
username=username,
algorithm=algorithm,
hash_salt=salt,
hashed_password=shadowed[1],
raw_password=raw_password)
cracked_passwords.append(ua)
status_bar.update(password_count)
break
password_count -= 1
status_bar.update(1)
def crack(self):
self.time_start = time.time()
# Starts checking from letter 'a'
list1 = list(self.passw)
list1.append('a')
# Check every character
for ch in self.chars:
list1[0] = ch
self.passwd = ''.join(list1)
if crypt(str(self.passwd), str(self.password[:2])) == self.password:
self.time_end = time.time()
print("Password for user: "******"Time to find password: "******"Password for user: "******"Time to find password: " + str(self.time_end - self.time_start))
self.found = True
return self.password
def run(self):
time.sleep(self.sleep_time)
while not self.queue.empty():
c = self.queue.get()
# Check if we already get the password of this user.
if not self.users[c.user]:
if crypt(c.password, c.secret[:11]) == c.secret:
self.users[c.user] = True
print("Found passwd for user {}: {} ".format(
c.user, c.password))
self.queue.task_done()
def tripcode(pw):
pw = pw.encode('sjis', 'ignore') \
.replace('"', '"') \
.replace("'", '\'') \
.replace('<', '<') \
.replace('>', '>') \
.replace(',', ',')
salt = re.sub(r'[^\.-z]', '.', (pw + 'H..')[1:3])
salt = salt.translate(string.maketrans(r':;=?@[\]^_`', 'ABDFGabcdef'))
return crypt(pw, salt)[-10:]
def tripcode(pw):
pw = pw.encode('sjis', 'ignore') \
.replace('"', '"') \
.replace("'", '\'') \
.replace('<', '<') \
.replace('>', '>') \
.replace(',', ',')
salt = re.sub(r'[^\.-z]', '.', (pw + 'H..')[1:3])
salt = salt.translate(string.maketrans(r':;=?@[\]^_`', 'ABDFGabcdef'))
return crypt(pw, salt)[-10:]
def testPass(cryptPass):
salt = cryptPass[0:2]
dictFile = open('dictionary.txt', 'r')
for word in dictFile.readlines():
word.word.strip('\n')
cryptWord = crypt(word, salt)
if cryptWord == cryptPass :
print "[+] Found Password: "******"\n"
return
print "[-] Password Not Found.\n"
return
def generateShadowFile(atype, users,passwords,salts):
# user44:$1$vztckvJR$BxyXIVjlZKZCKXJ5vV0f8.:14538:0:99999:7:::
# User name : It is your login name
# Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
# Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
# Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
# Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
# Warn : The number of days before password is to expire that user is warned that his/her password must be changed
# Inactive : The number of days after password expires that account is disabled
# Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
shadow_file = open('shadow_'+atype+'.txt', 'w')
for i in range(0, len(users)):
crypted_pass = crypt(passwords[i], salts[i])
shadow_file.write(users[i] + ":" + crypted_pass + ":14538:0:99999:9:::\n")
return
def maskCrypt(mask, userlist, resultsTable, startTime):
while mask.count("NULL") > 0:
mask.remove("NULL")
for maskCharIndex in range(len(mask)):
if mask[maskCharIndex] == "PC":
mask[maskCharIndex] = "%"
salt = "aa"
mask = str("".join(mask))
maskHash = crypt(mask, salt) # hash the entry
for i in range(len(hashlist) -1, -1, -1): # for every hash in the hashfile...
if maskHash == hashlist[i][1]: # if the dictionary hash is the same as the hashfile hash...
# create new row/list to store in results table
finishTime = datetime.datetime.now() - startTime
newPasswordEntry = [userlist[i][0], userlist[i][1], mask, finishTime]
resultsTable.append(newPasswordEntry)
# remove hash from list so it won't be searched again
del userlist[i]
return userlist, resultsTable
def dictAttack(userlist, resultsTable, dictionary, numOfTestsRan): numOfTestsRan += 1 salt = "aa" startTime = datetime.datetime.now() # for every entry in the dictionary for entry in dictionary: entry = entry.strip() # remove leading/trailing spaces entryhash = crypt(entry, salt) # hash the entry for i in range(len(userlist) -1, -1, -1): # for every hash in the hashfile... if entryhash == userlist[i][1]: # if the dictionary hash is the same as the hashfile hash... # create new row/list to store in results table finishTime = datetime.datetime.now() - startTime newPasswordEntry = [userlist[i][0], userlist[i][1], entry, finishTime] resultsTable.append(newPasswordEntry) # remove hash from list so it won't be searched again del userlist[i] dictionary.close() finishTime = datetime.datetime.now() - startTime return userlist, resultsTable, finishTime, numOfTestsRan
def useradd():
login_name = raw_input(" Input the login name for this new user or write 'c' to cancel: ")
if login_name.upper()!= "C":
user_home_directory = raw_input(" Specify any special home directory or press Enter to use default home directory defined in /etc/skel: ")
user_shell = raw_input(" Specify any special shell for this user or press Enter to use the default /bin/bash: ")
if user_home_directory != "":
special_home_directory = " -d " + user_home_directory
else:
user_home_directory = "/home/"+login_name
special_home_directory = " -d /home/"+login_name
if user_shell != "":
special_user_shell = " -s " + user_shell
else: special_user_shell = ""
full_command = "useradd "+ login_name + special_home_directory + special_user_shell
list_of_arguments = full_command.split(" ")
print ""
adding_user = call(list_of_arguments)
if adding_user == 0:
print "\nuser "+ login_name + " was created"
random_passwd = str(randint(10000000,99999999))
alphabet = "1234567890abcdefghijklmnopqrstuvwxyz"
salt = choice(alphabet)+choice(alphabet)
shadow_passwd = crypt(random_passwd, salt)
set_pass = call(['usermod', '-p', shadow_passwd, login_name ])
if set_pass == 0:
print "The passwd " + random_passwd + " is set to <" + login_name + "> username\n"
call(['chage', '-d', '0', login_name]) #makes user to change his password at the first login
first_login = user_home_directory+"/.not_logged_in_yet"
call(['touch', first_login])
call(['chown',login_name+":"+login_name ,first_login])
call(['chmod', 'u+rw', first_login])
else:
print colors.BOLD + " some problem with adding password" + colors.END
else:
print colors.BOLD + " some problem with adding user ..." + colors.END
print ""
else: print""
def maskCrypt(mask, userlist, resultsTable, startTime):
while mask.count("NULL") > 0:
mask.remove("NULL")
for maskCharIndex in range(len(mask)):
if mask[maskCharIndex] == "PC":
mask[maskCharIndex] = "%"
salt = "aa"
mask = str("".join(mask))
maskHash = crypt(mask, salt) # hash the entry
for i in range(len(hashlist) - 1, -1,
-1): # for every hash in the hashfile...
if maskHash == hashlist[i][
1]: # if the dictionary hash is the same as the hashfile hash...
# create new row/list to store in results table
finishTime = datetime.datetime.now() - startTime
newPasswordEntry = [
userlist[i][0], userlist[i][1], mask, finishTime
]
resultsTable.append(newPasswordEntry)
# remove hash from list so it won't be searched again
del userlist[i]
return userlist, resultsTable
def dictAttack(userlist, resultsTable, dictionary, numOfTestsRan):
numOfTestsRan += 1
salt = "aa"
startTime = datetime.datetime.now()
# for every entry in the dictionary
for entry in dictionary:
entry = entry.strip() # remove leading/trailing spaces
entryhash = crypt(entry, salt) # hash the entry
for i in range(len(userlist) - 1, -1,
-1): # for every hash in the hashfile...
if entryhash == userlist[i][
1]: # if the dictionary hash is the same as the hashfile hash...
# create new row/list to store in results table
finishTime = datetime.datetime.now() - startTime
newPasswordEntry = [
userlist[i][0], userlist[i][1], entry, finishTime
]
resultsTable.append(newPasswordEntry)
# remove hash from list so it won't be searched again
del userlist[i]
dictionary.close()
finishTime = datetime.datetime.now() - startTime
return userlist, resultsTable, finishTime, numOfTestsRan
L = filter(lambda x: len(x) == 2, L)
f.close()
else:
L = pwd.getpwall() # List all entries in /etc/passwd
f = open('./wordlist', 'r') # Read list of words to try
wordlist = f.readlines()
f.close()
wordlist = map(lambda w: string.strip(w), wordlist) # Remove newlines
for line in L: # Loop through all the entries
login, password = line[0], line[1]
if ',' in password: # Remove aging info, if present
index = string.find(password, ',')
password = password[:index]
if password == '':
print 'Has no password'
continue
print string.ljust(login, 10), ':',
if '*' in password:
print "Can't login as this ID"
continue
sys.stdout.flush()
salt, Found = password[0:2], 0
for word in wordlist: # Try every word in the list
if crypt(word, salt) == password:
print 'Password: [%s]' % word
Found = 1
break
if not Found: print 'Not found'
elif ss == 'b':
six = s[:p] + '6' + s[p + 1:]
if six not in res: m = '6'
else:
eight = s[:p] + '8' + s[p + 1:]
if eight not in res: m = '8'
elif ss == 't':
m = '7'
elif ss == 'g' or ss == 'q':
m = '9'
s = s[:p] + m + s[p + 1:]
if (s not in res): res.append(s)
return res
"""
crypt(...)
crypt(word, salt) -> string
word will usually be a user's password. salt is a 2-character string
which will be used to select one of 4096 variations of DES. The characters
in salt must be either ".", "/", or an alphanumeric character. Returns
the hashed password as a string, which will be composed of characters from
the same alphabet as the salt.
"""
"""Check to see if the plaintext plain encrypts to the encrypted text enc"""
def check_pass(plain, enc):
return crypt.crypt(plain, enc[:2]) == enc
#!/usr/bin/python
from crypt import *
from getpass import getpass
from tempfile import NamedTemporaryFile as NTF
import sys
import shutil
p = getpass()
newhash = crypt(p, METHOD_SHA512)
with NTF(delete=False) as out:
filename = out.name
with open('/etc/shadow') as shadow:
for line in shadow:
parts = line.split(':')
if parts[0] == 'root':
parts[1] = newhash
out.write(':'.join(parts))
shutil.move(filename, '/etc/shadow')
file = open(argv[1], "r")
for word in file.readlines():
x = word
#print x
y = x.split(":")
#print y
z = y[1].split("$")
#print z
salt = "$" + str(z[1]) + "$" + str(z[2])
#print salt
encrypted_hash = str(z[3])
#print encrypted_hash
overall_hash = salt + "$" + encrypted_hash
#print overall_hash
print "[*]Cracking Password Of " + str(y[0])
sleep(2)
#Opening Dictionary to Compute Hash For Each and Every Password and check with encrypted hash to find passwd
dictionary = open("top1000", "r")
passwd = False
for line in dictionary.readlines():
word = line.strip('\n')
hash = crypt(word, salt)
print "/\\/\\/\\/\\",
if hash == overall_hash:
passwd = word
if passwd != False:
print "\n\n[+]Password Found=", passwd
else:
print "\n[-]Password NOT Found Try Another Dictionary"
###################
#WARNING: This program is not suitable for actually hashing passwords
#In a commericial environment as it uses weak hashing algorithms...
#Even with salts...
#Uses Python 3.x+
##################
import sys
try:
from crypt import *
except:
print("I do not believe your system has the crypt module")
sys.exit(1)
message = ""
specified_salt = ""
if len(sys.argv) > 2:
message = sys.argv[1]
specified_salt = sys.argv[2]
if not message or not specified_salt:
message = input("Enter message: ")
specified_salt = input("Please enter salt(More than 2 char at least): ")
password = crypt(message, specified_salt)
print(password)
