这里的问题是,如果我可以使用hashlib模块(sha512)使用用户已知的/ etc / shadow中的盐来清除文件中的文本,以重新创建用户的密码哈希?
将来自我的dictionary.txt的哈希与来自/ etc / shadow(passwords.txt - root:$6$1ZZlpDpQ$V1fZ.M2Y91Qzg7FCbj5rie/jHK6kOZB3rZVDXd1GldvyjFAYOl4Z2FZjc6uK9Q0lfvEjSiqRslGaddLVP2X3w0:17159:0:99999:7:::)的用户密码哈希进行比较,将告诉我列表中的密码是否确实正确。哪个似乎不起作用。
我错过了什么。
感谢所有帮助
import hashlib
import sys
def checkpass(passwd):
try:
semi_c = ':'
d_sign = '$'
pwdlist = passwd.split("$")
salt = pwdlist[2]
print 'Salt is : ' + salt
cryptPas = passwd.split(d_sign, 3)[3]
cryptPass = cryptPas.split(semi_c)[0]
print cryptPass
dictFile = open('dictionary.txt', 'r')
for word in dictFile.readlines():
word = word.strip('\n')
print 'Comparing to pass in list : ' + word + ' to ' + passwd + ' ---- '
cryptWord = hashlib.sha512(salt + word).hexdigest()
print 'Reproduced Hash : ' + cryptWord
if (cryptWord == cryptPass):
print '[+] Found Password : ' + word + '\n'
return cryptWord
else:
print '[-] Password not found.\n'
return cryptWord
except Exception, e:
print e
return
def main():
try:
passfile = open('password.txt')
passwd = passfile.readline()
semi_c = ':'
#print passwd
if semi_c in passwd:
user = passwd.split(semi_c)[0]
print '[*] Cracking Password for : ' + user
checkpass(passwd)
except Exception, e:
print e
return
if __name__ == '__main__':
main()