Challenge: Code a basic hash cracker. Any language. Any hashing algorith

I decided password recovery / cracking would be a good subject for starting people on security related topics. For you complete /newfags/ a hash is pretty much a one way cryptographic function that in most cases is not reversible. In any modern authentication a password hash is stored rather than a plaintext password.

When you punch in your password on a web application to login the application takes your plaintext and feeds it to a cryptographic function then checks to see if it is equal to the stored value if it matches then access is granted. This way the application can function without every knowing your password.

Purpose of cracking a password hash. Recover a plaintext password user who forgot his password. There are a ton of application that can do this and I will discuss some of that later. Right now I just want to drop the basic concepts.

I'm going to do a dictionary attack against an MD5 hash for demonstration purposes. I'll go over the steps. It's actually pretty simple.

Legal disclaimer. Don't break into other people's computer systems or networks unless you have permission. You put on your own pants in the morning and you know the difference between right and wrong. If you don't know the laws where you are at look them up or consult an attorney before penetrating computers or networks that you do not own.

Alright let's have some fun.

#!/usr/bin/pythonimport sysimport hashlibmyhash = sys.argv[1]thehash = myhash.strip()dictionary = sys.argv[2]thedic=dictionary.strip()with open(thedic, 'r') as fa: for pwd in fa: newhash = hashlib.md5(pwd.encode("utf-8")).hexdigest() print 'Trying password ' + pwd.strip() +' ------> '+ newhash.strip() if newhash == thehash: print '\n\n\n\nPassword Found! '+pwd.strip()

Attached: passwordcracker.png (734x452, 90.83K)

Other urls found in this thread:

openwall.com/john/
hashcat.net/hashcat/
github.com/dstein64/LC4
youtube.com/watch?v=dmhdo1PXxGA
zedwood.com/article/cpp-md5-function
schneier.com/blog/archives/2018/05/lc4_another_pen.html
twitter.com/SFWRedditVideos

I chose to write this in python because python is very human readable. Other languages have things like pointers that speed things up a bit but the code is more complicated and for demo simple code is better.

I'll need sys for arguments and hashlib for the hashing algorithm.
import sysimport hashlib

To get hash value of a plaintext is pretty simple.
hashlib.md5('plaintextvalue'.encode("utf-8")).hexdigest()

I'm going to show you what is called a dictionary attack. Most of you have some idea what this is. /newfags/ pay attention. The program takes two arguments. The hash to be cracked and the path to the wordlist. What we will do is open a text file and read through it line by line and apply a hashing algorithm to each line then compare the hash value against the hash value supplied in the command line argument. If it matches, we'll output the plaintext value.

First let's look at command line argments. Ok this is not the most elegant way to do this but it's simple and easier for newbs to understand than argparse or opts. Let's just go with this.
myhash = sys.argv[1]thehash = myhash.strip()dictionary = sys.argv[2]thedic=dictionary.strip()

Now when we run the program with arguments it wills store the arguments as variables that we can work with further on.

Let's look at the cracking portion of this program a little more closely.

Open a file. I like this method. Basically we'll open the file from the file path supplied in argument two. You can name the file object whatever you want. I've been in the habit of naming them f or fa. It's easy to remember.
with open(thedic, 'r') as fa:

Nextly we need to iterate through the text file somehow. A for loop work for this. I'll name my iterator pwd. You can call it line of that makes more sense to you. You are getting a each line of text until python reaches the end of the file. Kinda line while != EOF or cat | while readline; do
for pwd in fa:
Now for each line of plaintext we'll plug that in our hashing function.
newhash = hashlib.md5(pwd.encode("utf-8")).hexdigest()
This next line is pretty much just for debugging. It tells you what each line is doing. Comment it out or remove it and the program will run much faster because it doesn't have to do the print statement.
print 'Trying password ' + pwd.strip() +' ------> '+ newhash.strip()
We need to create an if statement to compare the each newly generated hash to the argument originally supplied and output the corresponding plaintext value if the hash values match.
if newhash == thehash: print '\n\n\n\nPassword Found! '+pwd.strip()

That is about as basic of logic I could come up with for hash cracking. For a more advanced tutorial look on YouTube for your favorite programming language and hash cracking or just look up the individual parts of what I just told showed you. In C/C++ you'll have to use fstream ofstream stringstream etc and probably the easiest way for crypto is use openssl with C++

Also this is just an exercise before you go and reinvent the wheel try out some programs like
John The Ripper openwall.com/john/
Hashcat hashcat.net/hashcat/

I just mean for this to be a good mental exercise.

does this count?
import multiprocessingimport mathfrom typing import Dict, Optionalfrom string import ascii_letters, digitsfrom time import time, mktime, localtimefrom datetime import datetimefrom random import choicesfrom crypt import cryptSEARCH_STR = "ABC" # type: strSTATUS_INTERVAL = 60 # type: intNUM_TRIPS = 100 # type: intVALID_CHARS = "%s%s" % (ascii_letters, digits) # type: strTENTH = ".26AEIMQUYcgkosw" # type: strTABLE = str.maketrans( r":;?@[\]^_`", "ABCDEFGabcdef") # type: Dict[int, Optional[int]]def is_valid(given: str) -> bool: valid_length = not any([len(given) > 10, len(given) is 0]) # type: bool if valid_length: return all([c in VALID_CHARS for c in given]) try: if given[9] not in TENTH: valid = False except IndexError: valid = True if valid_length else False return valid# assert not is_valid("012345678910")# assert not is_valid("")# assert not is_valid("Ep8pui8Vw3")def gen_salt(p: str) -> str: pw = p[:8] # type: str salt = "%sH." % pw[1:3] # type: str salt = do_replacements(salt) return saltdef do_replacements(s: str) -> str: for c in s: if c not in VALID_CHARS: s = s.replace(c, ".") s = s.translate(TABLE) return s# assert(gen_salt('12訛345') == '2.H.')# assert(gen_salt('12345') == '23H.')# this makes sure that that dumb characters get replaced - this program doesn't ever actually generate any of those, but may as well conform to specdef gen_trip(p: str) -> str: return crypt(p, gen_salt(p))[-10:]# assert gen_trip("faggot") == 'Ep8pui8Vw2'def gen_pass(l: int = 8) -> str: return "".join(choices(VALID_CHARS, k=l)) # yes, I know you can have non-ascii characters in passwords, but you can't in the salt - I figured I'd just re-use itdef normalize(amount: float): size_name = ("B", "K", "M", "G", "T") i = int(math.floor(math.log(amount, 1024))) p = math.pow(1024, i) s = round(amount / p, 2) return "%s %s" % (s, size_name[i])def main(i): p = gen_pass() return {gen_trip(p): "#%s" % p}cnt = 0 # type: intif __name__ == "__main__": if is_valid(SEARCH_STR): start = time() # type: float elapsed = start + STATUS_INTERVAL # type: float found = False # type: bool pool = multiprocessing.Pool(multiprocessing.cpu_count()) while not found: now = time() # type: float r = pool.map_async(main, range(NUM_TRIPS)).get() cnt += NUM_TRIPS for pair in r: for trip in pair.keys(): if SEARCH_STR in trip: print(pair[trip], "=>", trip) # found = True if now > elapsed: avg = cnt / (now - start) # type: float elapsed = time() + STATUS_INTERVAL duration = datetime.fromtimestamp( mktime(localtime()) ) - datetime.fromtimestamp(start) print( "Trips/s: %s - Total trips: %s - Total duration: %s" % (normalize(avg), normalize(cnt), duration) )

from itertools import productfrom hashlib import md5my_hash = 'cb205edee16b24366c871cf55e781346'char_set = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'length = 1while True: for s in product(char_set, repeat=length): if md5(''.join(s)).hexdigest() == my_hash: print("Password found: " + ''.join(s)) break length += 1

your post exemplifies everything that had brought this board to shit, I'm glad most competent people stopped browsing this shithole long ago because of cuck faggots like you

Honestly I don't get what in the fuck a tripcode is and why moot uses #faggot as a trip code. This is pure autism to me.

Please elaborate. Where can I learn more about this? Thanks user.


Legit


Post code or fuck off.

Because they don't want users to register for accounts

How about turning this into a hashing algorithm?
github.com/dstein64/LC4

Why is this getting shilled everywhere all of a sudden?

LARPer spotted


Newfag spotted

kill yourself.

no, nigger, if I were to participate in your kiddie """challenge""", then I would be a larper, like you.

"Stylometric Fingerprint"

You realize that people can do stylometric analysis on your code to identify you just like they can do with writing samples. So you wouldn't want to use the same coding style for something you post on Zig Forums as for something that would go on your Github if that makes sense.

youtube.com/watch?v=dmhdo1PXxGA

What's the point of this thread if you're just going to import a library that does the whole thing for you?

Attached: ci0clqtx.png (673x462, 307.81K)

That’s pretty much what 90 percent of software development is these days fam

No wonder modern software is so shit.

Yep, software today would be far better if nobody used libraries and every single program reimplemented all of its hashing, encryption, encoding, and network functionality from scratch. That's a reasonable thought and not at all completely fucking retarded.

What is automation scripting? Take a bunch of programs that already exist. Write a script that calls programs and gets output from them. For some things like this hash cracking bullshit yeah you don't really even need a crypto libraries just a header and addtional file as with this C++ implementation. zedwood.com/article/cpp-md5-function You could code all of that and compile it or you could just $(echo -n password | md5sum | cut -d ' ' -f 1) Get the value as a variable in a bash script and work with it. Depends on if you value your time or maybe you want to write closed source software and sell it. Not sure what your motive (other then developing deeper understanding of a given language) for writing all of that extra code would be. Don't get me wrong. I see where you are coming from. I just don't give a shit.

If you need to reverse engineer the hashing algorithm that's another story. Godspeed.

But honestly most languages built in crypto.

Also why rewrite an library when you can just write a function or two and get the result you want.

Let's just make assumptions about file names without any reason or benefit.

It's python2. pwd is sequence of bytes. What you do here is implicitly decoding it with ascii and then encoding in utf. Which is either crash (if any byte in pwd > 0x7f) or noop - strictly worse than doing nothing.

Just useless

Break the loop after finding hash

PROTIPs:

1) learn what is actually passed in argv and how shell works.

2) learn distinction between string-of-codepoints and string-of-bytes.

Attached: 14974619165590.jpg (1920x2560, 398.52K)

...

hmmm

...

better than being from reddit, desu

this is more tech related than most threads on the board. go to 4chan /g/ if you like the consumerism threads more.

you just say that because you dont understand anything. brainlets always do it when they see complex things.

based


What do I not understand?

you don't understand that this faggot has turboautismo level 72 and reeees at everything he doesn't like.

captain autismo, please anhero asap, you're wasting oxygen

import Control.Monadimport Crypto.Hashimport Data.ByteArray.Encodingimport qualified Data.ByteString.Char8 as Bimport qualified Data.List as Limport System.Environmentimport System.IOmd5 :: String -> Digest MD5md5 = hash . B.packfind :: Digest MD5 -> String -> Stringfind d s = case L.find (\x -> md5 x == d) (lines s) of Nothing -> "Password not found." Just p -> "Password found: " ++ pfromBase16 :: String -> Maybe B.ByteStringfromBase16 = eitherToMaybe . convertFromBase Base16 . B.packeitherToMaybe :: Either b a -> Maybe aeitherToMaybe (Right x) = Just xeitherToMaybe _ = Nothingmain :: IO ()main = do name >= putStrLn Nothing -> putStrLn $ "invalid digest: " ++ digestStr _ -> putStrLn $ "usage: " ++ name ++ " "

schneier.com/blog/archives/2018/05/lc4_another_pen.html

Can we "crack" hashes by sending FOIA requests to a certain place in Utah?

Makes sense, even though the post is kinda old.

You're the reason programmers are mocked.

Point in case. There are known better methods to get md5 hash.

Anyone can do a fucking dictionary attack. It's simple, but slow to execute. There's better ways to crack weaker algorithms like md5 or SHA1.

ltfol

incompetence loser