-
Notifications
You must be signed in to change notification settings - Fork 0
/
linux_dict_attack.py
executable file
·168 lines (133 loc) · 5.15 KB
/
linux_dict_attack.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/usr/bin/python3
"""
Title: Linux Dictionary Attack
Author: Kevin Diaz
Date: 03/25/19
Description:
Modules:
crypt -- Used for hashing
getopt -- Used for getting args from user
sys -- Used for closing app
time -- Used to get duration of the cracking function
"""
import crypt
import getopt
import sys
import time
FOUND = {}
NOTFOUND = {}
# TODO If no crack, give user option to choose another list or exit
# TODO Check formatting of input file
def test_pass(word_list, crypt_pass, user):
"""Hashes words from the list and checks if they match the password hash
Keyword arguments:
word_list -- The file location of the word list
crypt_pass -- The password hash to be cracked
user -- The linux username to which the password hash belongs
"""
global FOUND
global NOTFOUND
salt = crypt_pass.rsplit('$', 1)[0]
# Try user as password
crypt_word = crypt.crypt(user, salt)
if crypt_word == crypt_pass:
#print("[+]Found Password: "+user)
print("[+]Found password for %s: %s" % (user, user))
FOUND[user] = user
return
print("[-]Password Not Found.\n"+user)
# Try user backwards as password
crypt_word = crypt.crypt(user[::-1], salt)
if crypt_word == crypt_pass:
print("[+]Found password for %s: %s" % (user, user[::-1]))
FOUND[user] = user
return
print("[-]Password Not Found.\n"+user[::-1])
# Load wordlist and begin trying those words
with open(word_list) as dict_file:
for word in dict_file.readlines():
word = word.strip('\n')
crypt_word = crypt.crypt(word, salt)
if crypt_word == crypt_pass:
print("[+]Found password for %s: %s" % (user, word))
FOUND[user] = word
return
print("[-]Password Not Found.\n"+word)
NOTFOUND[user] = crypt_pass
def results():
"""Prints results of the cracking function to the screen and optionally a file"""
global FOUND
global NOTFOUND
if NOTFOUND:
print("-"*70)
print("The following passwords could not be cracked")
for key, val in NOTFOUND.items():
print("{0}: {1}".format(key, val))
if FOUND:
print("-"*70)
print("The following passwords were cracked! :)\n")
for key, val in FOUND.items():
print("{0}: {1}".format(key, val))
print("-"*70)
response = input("Would you like to save cracked passwords to a file?(y/n) ")
if response == "y":
with open('CrackedPasswords.txt', 'a') as output:
for key, val in FOUND.items():
output.write("User: {0}; Password: {1}\n".format(key, val))
elif response == "n":
pass
else:
print("Bad Input! Making a file anyways")
with open('CrackedPasswords.txt', 'a') as output:
for key, val in FOUND.items():
output.write("User: {0}; Password: {1}\n".format(key, val))
else:
print("No passwords were cracked :(")
print("Try using a different password list or a different method")
print("\nThank you for using my dictionary attack script!\n")
def main(argv):
"""Takes user args and loads the file with the hashed passwords for cracking"""
word_list = ""
hash_file = ""
try:
opts, argv = getopt.getopt(argv, "hw:f:", ["wordlist=", "file="])
except getopt.GetoptError:
print('USAGE: linux_dict_attack.py -w [--wordlist] <word_list> -f [--file] <hash_file>')
sys.exit(2)
for opt, arg in opts:
if opt in ("-h", "--help"):
print('USAGE: linux_dict_attack.py -w <word_list> -f <hash_file>\n')
print('You can provide a copy of a /etc/shadow file.')
print('Make sure you have removed lines with no hashes\n')
print('The delimiting character is a colon\n')
print('If you create your own file, it should contain format user:hash\n')
sys.exit()
elif opt in ("-w", "--wordlist"):
word_list = arg
elif opt in ("-f", "--file"):
hash_file = arg
if not word_list:
print('Please provide a word list and hash file\n')
print('USAGE: linux_dict_attack.py -w [--wordlist] <word_list> -f [--file] <hash_file>')
sys.exit()
if not hash_file:
print('Please provide a word list and hash file\n')
print('USAGE: linux_dict_attack.py -w [--wordlist] <word_list> -f [--file] <hash_file>')
sys.exit()
with open(hash_file) as pass_file:
for line in pass_file.readlines():
if ":" in line:
user = line.split(':')[0]
crypt_pass = line.split(':')[1].strip(' ').strip('\n')
print("[*]Cracking password for: "+user)
origin_time = time.time()
test_pass(word_list, crypt_pass, user)
time_inter = time.time() - origin_time
print("Elapsed time: "+str(time_inter)+'\n')
results()
if __name__ == "__main__":
try:
main(sys.argv[1:])
except KeyboardInterrupt:
print()
sys.exit(1)