1 #!/usr/bin/env python 2 # -*- coding:UTF-8 -*- 3 4 import crypt 5 import sys 6 7 # 哈希密码的前两位就是盐的前两位,这里我们假设盐只有两位。 8 # 程序分两部分,一部分是打开字典,另一部分是哈希匹配密码 9 10 #standard DES, two salt 11 def desPass(cryptpass): 12 #get salt from the front place 13 saltf = cryptpass[0:2] 14 return saltf 15 16 #for $6$ 17 def sha512Pass(cryptpass): 18 saltf = "$6$"+cryptpass.split("$")[2] 19 return saltf 20 21 #for $5$ 22 def sha256Pass(cryptpass): 23 saltf = "$5$"+cryptpass.split("$")[2] 24 # saltf = "$5$rounds=5000$anexamplestringf" 25 return saltf 26 27 def main(): 28 banner = ''' 29 python CrackPass.py 5 30 one params is type for you are cracking 31 0 ---- standard DES for 2 salt 32 5 ---- sha256 crypt $5$salt$secret 33 6 ---- sha512 crypt $6$salt$secret 34 35 salt contains $5$salt 36 if $salt contain "$",will cause inaccuracy. Maybe you need set the salt by your hand,for example:# saltf = "$5$rounds=5000$anexamplestringf" 37 ''' 38 print banner 39 method = sys.argv[1] 40 passfile = open('Password','r') 41 #从文件中一行一行读取 42 for line in passfile.readlines(): 43 cryptpass = line.strip() 44 print "Cracking Password For: %s"%cryptpass 45 46 #select type 47 if method == "0": 48 salt = desPass(cryptpass) 49 elif method == "6": 50 salt = sha512Pass(cryptpass) 51 elif method == "5": 52 salt = sha256Pass(cryptpass) 53 print salt 54 dictfile = open('dictionary','r') 55 for word in dictfile.readlines(): 56 word = word.strip('\n') 57 cryWord = crypt.crypt(word,salt) 58 59 if cryptpass == cryWord: 60 print "Found passwd: %s"%word 61 print "ok" 62 return 63 print "Password not found!" 64 65 if __name__ == '__main__': 66 main()
现在只写了$6$ $5$开头的和一种普通的DES两位盐加密的
爆破linux一般用¥6¥
注意一般密文由3部分组成,以”$”分隔,第一部分为ID,第二部分为盐值,第三部分为加密密文
真正的盐值包括ID部分,我上面判断salt是根据$分割,默认是密文中只有三个$
有时salt中本来就含有$,
这时就需要自己指定salt了,saltf = "$5$rounds=5000$anexamplestringf"
可以观察出来,观察不出来,就多尝试
我的 QQ921658495 希望与大家交流
