UAHCode/CPE449/passwordAttacks/dictionary.py

import crypt
from hmac import compare_digest as compare_hash
import sys


passwordFileArg = sys.argv[1]
passwordList = sys.argv[2]
passwordHashLines = [ ]
hashesAndSalt = []
userIDs = [ ]
hashesFromFile = []
hashArr = []
index = 0

passwordFile = open(passwordFileArg)
passwordHashes = passwordFile.readlines()

for line in passwordHashes:
    passwordHashLines.append(line)
    passwordHashArr = passwordHashLines[index].split(":")
    # Store salt + hashes, and hashes seperately as well
    hash = passwordHashArr[1]
    hashesAndSalt.append(hash)
    passHash = hash.split("$")
    userIDs.append(passwordHashArr[0])
    hashArr.append(passHash[3])
    # Use hashes
    hashesFromFile.append(passwordHashArr[1])
    index += 1

passwordFile.close()
index = 0

# Check hashes against passwords from file
passwordListFile = open(passwordList)
passwordList = passwordListFile.readlines()

# inner loop inside a loop over the password hashes
for hashedPassword in hashArr:
    for password in passwordList:
        # Compare hashes
        if not password.startswith("#!comment:"):
            cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index])
            cmpHashPass = cmpHash.split("$")
            cmpHashPass = cmpHashPass[3]
            # print(cmpHashPass + " Password Hash: " + hashedPassword)
            if compare_hash(cmpHashPass, hashedPassword):
                print("Match found for userid " + userIDs[index] + ". Password = " + password)
                break
            else:
                print("No match was found for " + userIDs[index] + ".")
    index += 1
first commit 2022-08-28 19:39:08 +00:00			`import crypt`
			`from hmac import compare_digest as compare_hash`
			`import sys`


			`passwordFileArg = sys.argv[1]`
			`passwordList = sys.argv[2]`
			`passwordHashLines = [ ]`
			`hashesAndSalt = []`
			`userIDs = [ ]`
			`hashesFromFile = []`
			`hashArr = []`
			`index = 0`

			`passwordFile = open(passwordFileArg)`
			`passwordHashes = passwordFile.readlines()`

			`for line in passwordHashes:`
			`passwordHashLines.append(line)`
			`passwordHashArr = passwordHashLines[index].split(":")`
			`# Store salt + hashes, and hashes seperately as well`
			`hash = passwordHashArr[1]`
			`hashesAndSalt.append(hash)`
			`passHash = hash.split("$")`
			`userIDs.append(passwordHashArr[0])`
			`hashArr.append(passHash[3])`
			`# Use hashes`
			`hashesFromFile.append(passwordHashArr[1])`
			`index += 1`

			`passwordFile.close()`
			`index = 0`

			`# Check hashes against passwords from file`
			`passwordListFile = open(passwordList)`
			`passwordList = passwordListFile.readlines()`

			`# inner loop inside a loop over the password hashes`
			`for hashedPassword in hashArr:`
			`for password in passwordList:`
			`# Compare hashes`
fixed CPE449 - PasswordAttacks 2022-08-29 17:00:58 +00:00			`if not password.startswith("#!comment:"):`
			`cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index])`
			`cmpHashPass = cmpHash.split("$")`
			`cmpHashPass = cmpHashPass[3]`
			`# print(cmpHashPass + " Password Hash: " + hashedPassword)`
			`if compare_hash(cmpHashPass, hashedPassword):`
			`print("Match found for userid " + userIDs[index] + ". Password = " + password)`
			`break`
			`else:`
			`print("No match was found for " + userIDs[index] + ".")`
first commit 2022-08-28 19:39:08 +00:00			`index += 1`