def bruteforce_m(characters, salt, target, maximum, sentinel, result, boundaries): cartesian = itertools.product(characters, repeat=maximum) print(len(characters), salt, target, maximum, sentinel.value, boundaries) if boundaries[0] > 0: start = int_to_base_x_by_idx(characters, boundaries[0]) if len(start) < maximum: start_tuple = tuple([0] * (maximum - len(start)) + start) else: start_tuple = tuple(start) cartesian.__setstate__(start_tuple) for cidx in range(boundaries[0], boundaries[1] - 1): if sentinel.value: print( f"In a sub-process and noticed that it is set to 1 {os.getpid()}" ) return guess = next(cartesian) h = md5_crypt.using(salt=salt, salt_size=4).hash( "".join(guess)).strip().split("$")[3] if h == target: print(f"Found a match in {os.getpid()}") sentinel.value = True result.put("".join(guess)) #"".join(guess).encode("utf-8") return cidx, guess
def bruteforce_o(characters, salt, target, maximum): for idx, guess in enumerate(itertools.product(characters, repeat=maximum)): h = md5_crypt.using(salt=salt, salt_size=4).hash( "".join(guess)).strip().split("$")[3] if h == target: return guess
def run(self): """ Try every password from the list until it finds one with the same hash as hash """ logger.info('worker %d started', self._id) while True: try: user = password_t(*self._queue.get(block=False)) except Empty: break counter = 0 start = time.time() for password in self._passwords: hashed = md5_crypt.using(salt=user.salt).hash(password) # logger.debug('worker %d generated %s for %s', self._id, hashed, password) if hashed.split('$')[-1] == user.password: logger.info('found password %s for user %s', password, user.username) self._results[user.username] = password break counter += 1 if (counter % 10000) == 0: logger.debug("worker %d has tried %d passwords " "(avg rate = %d passwords/s)", self._id, counter, counter / (time.time() - start)) self._queue.task_done() logger.info('worker %d done', self._id)
def _anonymize_value(raw_val, lookup, reserved_words): """Generate an anonymized replacement for the input value. This function tries to determine what type of value was passed in and returns an anonymized value of the same format. If the source value has already been anonymized in the provided lookup, then the previous anon value will be used. """ # Separate enclosing text (e.g. quotes) from the underlying value sens_head, val, sens_tail = _extract_enclosing_text(raw_val) if val in reserved_words: logging.debug('Skipping anonymization of reserved word: "%s"', val) return raw_val if not val: logging.debug('Nothing to anonymize after removing special characters') return raw_val if val in lookup: anon_val = lookup[val] logging.debug('Anonymized input "%s" to "%s" (via lookup)', val, anon_val) return sens_head + anon_val + sens_tail anon_val = 'netconanRemoved{}'.format(len(lookup)) item_format = _check_sensitive_item_format(val) if item_format == _sensitive_item_formats.cisco_type7: # Not salting sensitive data, using static salt here to more easily # identify anonymized lines anon_val = cisco_type7.using(salt=9).hash(anon_val) if item_format == _sensitive_item_formats.numeric: # These are the ASCII character values for anon_val converted to decimal anon_val = str(int(b2a_hex(b(anon_val)), 16)) if item_format == _sensitive_item_formats.hexadecimal: # These are the ASCII character values for anon_val in hexadecimal anon_val = b2a_hex(b(anon_val)).decode() if item_format == _sensitive_item_formats.md5: old_salt_size = len(val.split('$')[2]) # Not salting sensitive data, using static salt here to more easily # identify anonymized lines anon_val = md5_crypt.using(salt='0' * old_salt_size).hash(anon_val) if item_format == _sensitive_item_formats.sha512: # Hash anon_val w/standard rounds=5000 to omit rounds parameter from hash output anon_val = sha512_crypt.using(rounds=5000).hash(anon_val) if item_format == _sensitive_item_formats.juniper_type9: # TODO(https://github.com/intentionet/netconan/issues/16) # Encode base anon_val instead of just returning a constant here # This value corresponds to encoding: Conan812183 anon_val = '$9$0000IRc-dsJGirewg4JDj9At0RhSreK8Xhc' lookup[val] = anon_val logging.debug('Anonymized input "%s" to "%s"', val, anon_val) return sens_head + anon_val + sens_tail
def dictionaryAttack(passwordList, listOfUsers): resultsFile = open("Results1.txt", "w") for user in listOfUsers: for password in passwordList[: 10000]: # I put this limitation on the program so that the runtime wouldnt be as long. We can extend the range or remove it to raise teh chances of finding a password hidden deeper in the file attempt = md5_crypt.using(salt=user[1]).hash( password ) # using the salt to encrypt the password from the passwordlist to attempt and match to user password if (attempt == user[2]): resultsFile.write("Username: "******" Password:"******"\n") break
def type5(): valid_pwd = False while not valid_pwd: try: pwd = pwd_input() except KeyboardInterrupt: sys.exit(0) else: if (pwd_check(pwd)): # Create the hash hash = md5_crypt.using(salt_size=4).hash(pwd) # Print the hash in Cisco Syntax print( '\n' + f"Your Cisco Type 5 password hash is: {hash}") valid_pwd = True
def crackPass(fullHash, algo, salt, wordList): dictFile = open(wordList, 'r') for word in dictFile.readlines(): word = word.strip('\n') if algo == hashTypes['MD5']: if md5_crypt.using(salt=salt, rounds=5000).verify(word, fullHash): print("[+] Found Password: "******"\n") return if algo == hashTypes['SHA-256']: if sha256_crypt.using(salt=salt, rounds=5000).verify(word, fullHash): print("[+] Found Password: "******"\n") return if algo == hashTypes['SHA-512']: if sha512_crypt.using(salt=salt, rounds=5000).verify(word, fullHash): print("[+] Found Password: "******"\n") return print("[-] Password Not Found.\n") return
# MacchiaroliM 5-17-2020 # Question F1 ############# #Create the hash for the word “hello” for the #different methods (you only have to give the #first six hex characters for the hash):MD5, SHA-1, SHA-256, SHA-512, DES #MD5 SHA1 SHA256 SHA512 DES #Also note the number hex characters that the hashed value uses:MD5, Sun MD5, SHA-1, SHA-256, SHA-512 ############# from passlib.hash import md5_crypt, sun_md5_crypt, sha1_crypt, sha256_crypt, sha512_crypt, des_crypt words = ["hello"] salt = "ZDzPE45C" for x in words: print("Hashes for \"" + x + "\":") md5 = md5_crypt.using(salt=salt).hash(x) print("MD5: " + md5) sha1 = sha1_crypt.using(salt=salt).hash( x) # .encrypt deprecatyed, using hash instead print("SHA1: " + sha1) sha256 = sha256_crypt.using(salt=salt).hash(x) print("SHA256: " + sha256) sha512 = sha512_crypt.using(salt=salt).hash(x) print("SHA512: " + sha512_crypt.using(salt=salt).hash(x)) des = des_crypt.using(salt=salt[:2]).hash(x) # first 2 chars of salt print("DES: " + des) print("") print("Hex length for \"" + x + "\":") print("MD5: " + str(len(md5))) print("Sun MD5: " + str(len(sun_md5_crypt.using(salt=salt).hash(x))))
filePath = 'bb_data/L/LBB2' vars = None with open(filePath + '.json') as inFile: vars = json.load(inFile) # Unix crypt(3) password hashes, using SHA-256 # Result: '$5$salt$encrypted_hash' root_salt = pwd.genword( length=8, chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz') admin_salt = pwd.genword( length=8, chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz') root_password = md5_crypt.using(salt=root_salt).hash("stiksCDPA") admin_password = md5_crypt.using(salt=admin_salt).hash("stiksCDPA") vars['root_password'] = root_password vars['admin_password'] = admin_password vars['snmp_contact'] = input('YourID:') env = Environment(loader=FileSystemLoader('.'), trim_blocks=True) print('------------------' + filePath + '------------------') print(env.get_template('backbone.conf.template').render(vars)) print('--------------------------------------------') print('') ip = '192.168.1.12' print('connecting to ' + ip + '...') dev = Device(host=ip, user='******', password='******')
from passlib.hash import md5_crypt h = md5_crypt.hash("password") print h md5_crypt.verify("password", h) md5_crypt.verify("secret", h) md5_crypt.using(salt_size=4).hash("password")
def hash(salt, msg): h = md5_crypt.using(salt=salt, salt_size=8) return h.hash(msg)
def hashPassword(password): from passlib.hash import md5_crypt return md5_crypt.using(salt_size=8).hash(password)
from passlib.hash import md5_crypt if __name__ == '__main__': #give your Hashed MD5+salt password codefull = "$1$.rquYmlo$yFWfaSKplZmp1Id2VZ6iT1" #give the salt value salt = ".rquYmlo" #give the path of your wordlist file = open('Wordlist.txt', 'r', -1, 'ISO-8859-1') with file as fp: line = fp.readline() cnt = 2 while line: line = (fp.readline()).rstrip("\n") line2 = (md5_crypt.using(salt=".rquYmlo").hash(line)) cnt += 1 print("{}: {}".format(cnt, line2)) if line2 == codefull: print("GOTTCHA!!! \n the password is: " + line) break
print(pretty(channel.recv(65535).decode())) print('-' * 20) time.sleep(1) channel.send('ps\n') time.sleep(1) ps = pretty(channel.recv(65535).decode()) print(ps) m = re.search('.* ps', ps, flags=re.M) pid = m[0].split(' ')[0] pid = f'{int(pid) + 1}' salt = 'awesome' h = md5.using(salt=salt).hash(pid.encode()) h = h.replace('$', '\\$') print(h) comm = f'./ch21 {h}\n' channel.send(comm) print(pretty(channel.recv(65535).decode())) time.sleep(1) channel.send('cat ./.passwd\n') print(pretty(channel.recv(65535).decode())) time.sleep(1) channel.send('cat ./.passwd\n') print(pretty(channel.recv(65535).decode()))