I’m going through a book called Violent Python, and the first program is building a password cracker. The example is great, but uses the crypt module, and DES for the example – this is a bit out of date. The author suggests trying to adapt the program for SHA512, which is used on many modern *nix systems.
So, I came up with this rudimentary program to crack SHA512 hashed passwords with 5k rounds from my /etc/shadow file. There are, of course, MUCH better ways to crack passwords, but hopefully this will be helpful to someone else going through this book.
#!/usr/bin/python # -*- coding: utf-8 -*- import crypt from passlib.hash import sha512_crypt def testPass(cryptPass, saltySalt): dictFile = open('dictionary.txt', 'r') for word in dictFile.readlines(): word = word.strip('\n') cryptWord = sha512_crypt.hash(word, salt=saltySalt, rounds=5000) if cryptWord == cryptPass: print '[+] Found Password: ' + word + '\n' return print '[-] Password Not Found.\n' return def main(): passFile = open('shadow.txt') for line in passFile.readlines(): if '$' in line: user = line.split(':') cryptPass = line.split(':') saltySalt = line.split('$') print '[*] Cracking Password For: ' + user testPass(cryptPass, saltySalt) if __name__ == '__main__': main()