OS X在Python中使用密码Bruteforce

时间:2014-08-23 04:04:44

标签: python macos sha1

我有几年前的旧Macbook,我不记得密码,但我记得当时我的密码中的一些字符,所以我想我可能会使用一个版本的一个随时可用的脚本。问题是,当我使用示例中的字符串测试哈希中的“password”时,我得到的值与提供的哈希值不同。因此,我永远无法获得旧密码。以下是从http://pastebin.com/Gv6VxEZ7

中提取的相关代码
#Should be 8 characters of salt + sha hash for "password" if I'm understanding this correctly
digest = "33BA7C74C318F5D3EF40EB25E1C42F312ACF905E20540226"
salt = "33BA7C74"
sha1 = "C318F5D3EF40EB25E1C42F312ACF905E20540226"

try:
    salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16)) # CONVERT SALT TO HEX

check("password", salt_hex, salt)

def check(password,salt_hex, salt): # HASH PASS AND COMPARE

    if not password.startswith("#!"): #IGNORE COMMENTS
            sha1_guess = hashlib.sha1(salt_hex+password).hexdigest()
            print("Trying with salt_hex " + password)
            print sha1_guess.upper()
            print "\n"
            sha1_guess = hashlib.sha1(salt+password).hexdigest()
            print("Trying with salt " + password)
            print sha1_guess.upper()
            print "\n"
            if sha1 in sha1_guess.upper():
                    print("Cleartext password is : "+password)
                    exit(0)

不幸的是,这两次尝试的输出都不正确

$ python sha_crack.py

试图破解...... 33BA7C74C318F5D3EF40EB25E1C42F312ACF905E20540226

尝试使用salt_hex密码 9D8F0A15CF344F7FB35A1918AA0636A025261627

尝试使用salt密码 E105192888CC1C34B7535AAA0425EC06F653A1B9

文章我正在测试显示此哈希用于“密码”

http://www.defenceindepth.net/2009/12/cracking-os-x-passwords.html

1 个答案:

答案 0 :(得分:0)

您正在使用的示例哈希是完全错误的。

如果我们改为使用JtR wiki中提供的测试向量,我们会看到代码按预期工作(正确的密码是" macintosh"根据Wiki) :

import binascii
import hashlib

hash = "0E6A48F765D0FFFFF6247FA80D748E615F91DD0C7431E4D9"
salt = binascii.unhexlify(hash[0:8])
sha1 = binascii.unhexlify(hash[8:])

passwords = ["123", "password", "macintosh"]
for password in passwords:
    if hashlib.sha1(salt + password).digest() == sha1:
        print "Password is \"%s\"" % password
        break