def check_php_password(password, stored_hash):
    """
    from phppass: check certain kinds of phppassowrds

    :param password: the new, to be verified password
    :param stored_hash: the previously used password in a hashed form
    :return: boolean
    """

    return passlib_phpass.verify(password, stored_hash)
Exemple #2
0
def authenticateUser(username, password):
    users = wp.get_user(email=username)
    if len(users) == 0:
        #User does not exist
        return False
    hashedpass = users[0]['user_pass']
    if phpass.verify(secret=password.encode('utf-8'), hash=hashedpass):
        #Authentication succeeded
        return True
    return False
Exemple #3
0
def crack(password):
    hashed = phpass.verify(password, hash)
    hashedpass = str(hashed) + ":" + str(password)
    if hashedpass == "True:" + password :
            print bcolors.OKGREEN + "+---------------------------------------+"
            print bcolors.OKGREEN + "| Operation Completed !"
            print bcolors.OKGREEN + "| HASH > " + " " + hash
            print bcolors.OKGREEN + "| password >" + " " + password
            print bcolors.OKGREEN + "+---------------------------------------+"
            sys.exit(1)
Exemple #4
0
	def crack(password):
    	 hashed = phpass.verify(password, hash)
    	 hashedpass = str(hashed) + ":" + str(password)
    	 if hashedpass == "True:" + password :
	    		print bcolors.OKGREEN + "+---------------------------------------+"
	    		print bcolors.OKGREEN + "| Operation Completed !"
	    		print bcolors.OKGREEN + "| HASH > " + " " + hash
	    		print bcolors.OKGREEN + "| password >" + " " + password
	    		print bcolors.OKGREEN + "+---------------------------------------+"
	    		sys.exit(1)
Exemple #5
0
def main():
    #--------------------------------------------------
    # Recupera los parametros
    parser = argparse.ArgumentParser(add_help=False)
    parser.add_argument("-h", type=str, nargs='?')
    parser.add_argument("-d", type=str, nargs='?')

    args = parser.parse_args()

    if (args.h is None or args.d is None):
        ayuda_uso()
        exit()

    dicc = args.d
    hash = args.h.replace("'", "")

    #--------------------------------------------------
    # Presentacion
    print u'''
     _    _           _        _____                _             
    | |  | |         | |      / ____|              | |            
    | |__| | __ _ ___| |__   | |     _ __ __ _  ___| | _____ _ __ 
    |  __  |/ _` / __| '_ \  | |    | '__/ _` |/ __| |/ / _ \ '__|
    | |  | | (_| \__ \ | | | | |____| | | (_| | (__|   <  __/ |   
    |_|  |_|\__,_|___/_| |_|  \_____|_|  \__,_|\___|_|\_\___|_|   
                                                              
    '''

    #--------------------------------------------------
    # Código principal
    try:
        lista_pass = open(dicc).readlines()
        print u"[+] Se cargaron {:d} contraseñas del diccionario {}".format(
            len(lista_pass), dicc)
        print u"[+] Verificando, espere por favor...\n"

        inicio = time()

        for password in lista_pass:
            if (phpass.verify(password.rstrip(), hash)):
                print u"[+] Password encontrado: {}".format(password)
                muestra_duracion(inicio)
                exit()

        print u"[+] No se pudo encontrar el password buscado\n"
        muestra_duracion(inicio)

    except Exception, e:
        print e
        exit()
Exemple #6
0
def wpPHPass(hash):
    try:
        f = open(options.wl)
        for pwd in f.readlines():
            pwd = pwd.strip()
            d = phpass.verify(pwd, hash)
             
            if(d == True):
                print "WordPress(PHPass)\t\t[+] Senha encontrada: "+pwd
                return
        print "WordPress(PHPass)\t\t[-] Senha nao encontrada! :-("
    except IOError:
        print "Nao foi possivel abrir sua wordlist, tente novamente."
    except ValueError:
        print "WordPress(PHPass)\t\t Hash invalido"
    except Exception as e:
        print "Erro: "+str(e)
Exemple #7
0
    def login(mysql):
        username = request.data.get('username', '')
        password = request.data.get('password', '')

        cur = mysql.connection.cursor()
        result = cur.execute(
            'SELECT username, user_password FROM phpbb3_users WHERE username = %s',
            [username])
        data = cur.fetchone()
        cur.close()

        if result > 0 and phpass.verify(password, data['user_password']):
            session['logged_in'] = True
            session['username'] = username

            return {'message': 'Logged in successfully'}

        else:
            raise exceptions.ParseError(
                detail='Login or password are incorrect')
    def authenticate(self, handler, data):
        args = {}
        args["host"] = self.dbhost
        args["user"] = self.dbuser
        args["password"] = self.dbpassword
        args["db"] = self.dbname
        args["charset"] = "utf8mb4"
        args["cursorclass"] = pymysql.cursors.Cursor

        with pymysql.connect(**args) as cursor:
            sql =   "SELECT " \
                        "`user_pass` " \
                    "FROM " \
                        "`{0}users` " \
                    "WHERE " \
                        "`user_login` = %s" \
                    .format(self.table_prefix)
            if cursor.execute(sql, (data["username"], )) == 0:
                return None
            if phpass.verify(data["password"],cursor.fetchone()[0]) == True:
                return data["username"]
        return None
    def test_sqlresolver_passwords(self):
        """
        test that we can use pbkdf2 and bcrypt passwords with an sql resolver
        """

        users = {}

        # ------------------------------------------------------------------ --

        # create the User schema

        self.createUserTable()

        # ------------------------------------------------------------------ --

        # add users

        bach_password = "******"
        bach_password_hash = ('{PKCS5S2}ZYIjvFLd99ldgx5b7sqOlDCKNt31'
                              'UBX9HQKxTZwU50WfuZlWTNG5qBsCsFUMWwxC')

        users['bach'] = {
            'login': '******',
            'uid': '21.3.1685',
            'telephonenumber': '',
            'mobile': bach_password,
            'surname': 'Bach',
            'givenname': 'Johann Sebastian',
            'password': bach_password_hash,
            'mail': '*****@*****.**'
        }

        assert atlassian_pbkdf2_sha1.verify(bach_password, bach_password_hash)
        self.addUser(**users['bach'])

        # ------------------------------------------------------------------ --

        chopin_password = "******"
        chopin_password_hash = atlassian_pbkdf2_sha1.hash(chopin_password)

        users['chopin'] = {
            'login': '******',
            'uid': '22.10.1849',
            'telephonenumber': '',
            'mobile': chopin_password,
            'surname': 'Chopin',
            'givenname': 'Fryderyk Franciszek',
            'password': chopin_password_hash,
            'mail': '*****@*****.**'
        }

        assert atlassian_pbkdf2_sha1.verify(chopin_password,
                                            chopin_password_hash)
        self.addUser(**users['chopin'])

        # ------------------------------------------------------------------ --

        brahms_password = '******'
        brahms_password_hash = ('$2a$12$NT0I31Sa7ihGEWpka9ASYrEFk'
                                'huTNeBQ2xfZskIiiJeyFXhRgS.Sy')

        users['brahms'] = {
            'login': '******',
            'uid': '7.5.1833',
            'telephonenumber': '',
            'mobile': brahms_password,
            'surname': 'Brahms',
            'givenname': 'Johannes',
            'password': brahms_password_hash,
            'mail': '*****@*****.**'
        }

        assert passlib_bcrypt.verify(brahms_password, brahms_password_hash)

        self.addUser(**users['brahms'])

        # ------------------------------------------------------------------ --

        mozart_password = '******'
        mozart_password_hash = passlib_bcrypt.hash(mozart_password)

        users['mozart'] = {
            'login': '******',
            'uid': '27.1.1756',
            'telephonenumber': '',
            'mobile': mozart_password,
            'surname': 'Mozart',
            'givenname': 'Wolfgang Amadeus',
            'password': mozart_password_hash,
            'mail': '*****@*****.**'
        }

        assert passlib_bcrypt.verify(mozart_password, mozart_password_hash)

        self.addUser(**users['mozart'])

        # ------------------------------------------------------------------ --

        schubert_password = '******'
        schubert_password_hash = '$P$8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1'

        users['schubert'] = {
            'login': '******',
            'uid': '31.1.1797',
            'telephonenumber': '',
            'mobile': schubert_password,
            'surname': 'Schubert',
            'givenname': 'Franz Peter',
            'password': schubert_password_hash,
            'mail': '*****@*****.**'
        }

        assert passlib_phpass.verify(schubert_password, schubert_password_hash)

        self.addUser(**users['schubert'])

        # ------------------------------------------------------------------ --

        mendelssohn_password = '******'
        mendelssohn_password_hash = passlib_phpass.hash(mendelssohn_password)

        users['mendelssohn'] = {
            'login': '******',
            'uid': '31.2.1809',
            'telephonenumber': '',
            'mobile': mendelssohn_password,
            'surname': 'Mendelssohn',
            'givenname': 'Jakob Ludwig',
            'password': mendelssohn_password_hash,
            'mail': '*****@*****.**'
        }

        assert passlib_phpass.verify(mendelssohn_password,
                                     mendelssohn_password_hash)

        self.addUser(**users['mendelssohn'])

        # ------------------------------------------------------------- --

        # define resolver and realm

        realm = 'sqlRealm'

        self.addSqlResolver('my_sql_users')
        self.addSqlRealm(realm, 'my_sql_users', defaultRealm=True)

        # ------------------------------------------------------------- --

        # run the pbkdf2 atlasian test with user bach

        user = users['bach']['login']
        password = users['bach']['mobile']

        self.run_password_check(user, password, realm=realm)

        # run the pbkdf2 atlasian test with user chopin

        user = users['chopin']['login']
        password = users['chopin']['mobile']

        self.run_password_check(user, password, realm=realm)

        # run the bcrypt test with user brahms

        user = users['brahms']['login']
        password = users['brahms']['mobile']

        self.run_password_check(user, password, realm=realm)

        # run the bcrypt test with user mozart

        user = users['mozart']['login']
        password = users['mozart']['mobile']

        self.run_password_check(user, password, realm=realm)

        # run the php test with user schubert

        user = users['schubert']['login']
        password = users['schubert']['mobile']

        self.run_password_check(user, password, realm=realm)

        # run the php test with user mendelssohn

        user = users['mendelssohn']['login']
        password = users['mendelssohn']['mobile']

        self.run_password_check(user, password, realm=realm)

        return
Exemple #10
0
                if hash_type == "md5":
                    anjay = hashlib.md5(i.encode('utf-8')).hexdigest()
                elif hash_type == "sha1":
                    anjay = hashlib.sha1(i.encode('utf-8')).hexdigest()
                elif hash_type == "sha512":
                    anjay = hashlib.sha512(i.encode('utf-8')).hexdigest()
                elif hash_type == "sha384":
                    anjay = hashlib.sha384(i.encode('utf-8')).hexdigest()
                elif hash_type == "sha256":
                    anjay = hashlib.sha256(i.encode('utf-8')).hexdigest()
                elif hash_type == "sha224":
                    anjay = hashlib.sha224(i.encode('utf-8')).hexdigest()
                elif hash_type == "bcrypt":
                    if bcrypt.checkpw(i.encode('utf-8'),
                                      my_hash.encode('utf-8')):
                        anjay = my_hash
                    else:
                        anjay = i
                elif hash_type == "phpass":
                    if phpass.verify(i.encode('utf-8'),
                                     my_hash.encode('utf-8')):
                        anjay = my_hash
                    else:
                        anjay = i
                if anjay == my_hash:
                    print('[Found] ' + hash_type + ':' + my_hash + ' => ' + i)
                    z = input(
                        "Press any keys to continue | Ctrl + Z to Exit\n")
        except Exception as e:
            print(e)
Exemple #11
0
def verify_password(username, password):
    user = db.session.query(models.User).filter(models.User.username == username).first()
    if not user:
        return False

    return phpass.verify(password, user.password)
Exemple #12
0
    def test_sqlresolver_passwords(self):
        """
        test that we can use pbkdf2 and bcrypt passwords with an sql resolver
        """

        users = {}

        # ------------------------------------------------------------------ --

        # create the User schema

        self.createUserTable()

        # ------------------------------------------------------------------ --

        # add users

        bach_password = "******"
        bach_password_hash = ("{PKCS5S2}ZYIjvFLd99ldgx5b7sqOlDCKNt31"
                              "UBX9HQKxTZwU50WfuZlWTNG5qBsCsFUMWwxC")

        users["bach"] = {
            "login": "******",
            "uid": "21.3.1685",
            "telephonenumber": "",
            "mobile": bach_password,
            "surname": "Bach",
            "givenname": "Johann Sebastian",
            "password": bach_password_hash,
            "mail": "*****@*****.**",
        }

        assert atlassian_pbkdf2_sha1.verify(bach_password, bach_password_hash)
        self.addUser(**users["bach"])

        # ------------------------------------------------------------------ --

        chopin_password = "******"
        chopin_password_hash = atlassian_pbkdf2_sha1.hash(chopin_password)

        users["chopin"] = {
            "login": "******",
            "uid": "22.10.1849",
            "telephonenumber": "",
            "mobile": chopin_password,
            "surname": "Chopin",
            "givenname": "Fryderyk Franciszek",
            "password": chopin_password_hash,
            "mail": "*****@*****.**",
        }

        assert atlassian_pbkdf2_sha1.verify(chopin_password,
                                            chopin_password_hash)
        self.addUser(**users["chopin"])

        # ------------------------------------------------------------------ --

        brahms_password = "******"
        brahms_password_hash = (
            "$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy")

        users["brahms"] = {
            "login": "******",
            "uid": "7.5.1833",
            "telephonenumber": "",
            "mobile": brahms_password,
            "surname": "Brahms",
            "givenname": "Johannes",
            "password": brahms_password_hash,
            "mail": "*****@*****.**",
        }

        assert passlib_bcrypt.verify(brahms_password, brahms_password_hash)

        self.addUser(**users["brahms"])

        # ------------------------------------------------------------------ --

        mozart_password = "******"
        mozart_password_hash = passlib_bcrypt.hash(mozart_password)

        users["mozart"] = {
            "login": "******",
            "uid": "27.1.1756",
            "telephonenumber": "",
            "mobile": mozart_password,
            "surname": "Mozart",
            "givenname": "Wolfgang Amadeus",
            "password": mozart_password_hash,
            "mail": "*****@*****.**",
        }

        assert passlib_bcrypt.verify(mozart_password, mozart_password_hash)

        self.addUser(**users["mozart"])

        # ------------------------------------------------------------------ --

        schubert_password = "******"
        schubert_password_hash = "$P$8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1"

        users["schubert"] = {
            "login": "******",
            "uid": "31.1.1797",
            "telephonenumber": "",
            "mobile": schubert_password,
            "surname": "Schubert",
            "givenname": "Franz Peter",
            "password": schubert_password_hash,
            "mail": "*****@*****.**",
        }

        assert passlib_phpass.verify(schubert_password, schubert_password_hash)

        self.addUser(**users["schubert"])

        # ------------------------------------------------------------------ --

        mendelssohn_password = "******"
        mendelssohn_password_hash = passlib_phpass.hash(mendelssohn_password)

        users["mendelssohn"] = {
            "login": "******",
            "uid": "31.2.1809",
            "telephonenumber": "",
            "mobile": mendelssohn_password,
            "surname": "Mendelssohn",
            "givenname": "Jakob Ludwig",
            "password": mendelssohn_password_hash,
            "mail": "*****@*****.**",
        }

        assert passlib_phpass.verify(mendelssohn_password,
                                     mendelssohn_password_hash)

        self.addUser(**users["mendelssohn"])

        # ------------------------------------------------------------- --

        # define resolver and realm

        realm = "sqlRealm"

        self.addSqlResolver("my_sql_users")
        self.addSqlRealm(realm, "my_sql_users", defaultRealm=True)

        # ------------------------------------------------------------- --

        # run the pbkdf2 atlasian test with user bach

        user = users["bach"]["login"]
        password = users["bach"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        # run the pbkdf2 atlasian test with user chopin

        user = users["chopin"]["login"]
        password = users["chopin"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        # run the bcrypt test with user brahms

        user = users["brahms"]["login"]
        password = users["brahms"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        # run the bcrypt test with user mozart

        user = users["mozart"]["login"]
        password = users["mozart"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        # run the php test with user schubert

        user = users["schubert"]["login"]
        password = users["schubert"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        # run the php test with user mendelssohn

        user = users["mendelssohn"]["login"]
        password = users["mendelssohn"]["mobile"]

        self.run_password_check(user, password, realm=realm)

        return
Exemple #13
0
from passlib.hash import phpass

var1 = "changeme"
var2 = "123456"
var3 = "password"
salt1 = "ZDzPE45C"
salt2 = "C54EPzDZ"
salt3 = "PEzS45CZ"

myHash1 = phpass.hash(var1, salt=salt1)
myHash2 = phpass.hash(var2, salt=salt2)
myHash3 = phpass.hash(var3, salt=salt3)

print("PHPPass Hash of {}: {}".format(var1, myHash1))
print("PHPPass Hash of {}: {}".format(var2, myHash2))
print("PHPPass Hash of {}: {}\n".format(var3, myHash3))

print("PHPPass Verification of Hash {}: {}".format(var1, phpass.verify(var1, myHash1)))
print("PHPPass Verification of Hash {}: {}".format(var1, phpass.verify(var2, myHash2)))
print("PHPPass Verification of Hash {}: {}\n".format(var1, phpass.verify(var3, myHash3)))

print("Dummy Test of {} Hash: {}".format(var3, phpass.verify("passward", myHash3)))
Exemple #14
0
 def verify(self, password, encoded):
     if encoded.startswith('phpass'):
         encoded = encoded[6:]
     return phpass.verify(password, encoded)