1
0

fixed CPE449 - PasswordAttacks

This commit is contained in:
Andrew W 2022-08-29 12:00:58 -05:00
parent 7dabaef6f6
commit 8877f512b9
3 changed files with 26 additions and 13 deletions

View File

@ -39,13 +39,14 @@ passwordList = passwordListFile.readlines()
for hashedPassword in hashArr: for hashedPassword in hashArr:
for password in passwordList: for password in passwordList:
# Compare hashes # Compare hashes
cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index]) if not password.startswith("#!comment:"):
cmpHashPass = cmpHash.split("$") cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index])
cmpHashPass = cmpHashPass[3] cmpHashPass = cmpHash.split("$")
# print(cmpHashPass + " Password Hash: " + hashedPassword) cmpHashPass = cmpHashPass[3]
if compare_hash(cmpHashPass, hashedPassword): # print(cmpHashPass + " Password Hash: " + hashedPassword)
print("Match found for userid " + userIDs[index] + ". Password = " + password) if compare_hash(cmpHashPass, hashedPassword):
break print("Match found for userid " + userIDs[index] + ". Password = " + password)
else: break
print("No match was found for " + userIDs[index] + ".") else:
print("No match was found for " + userIDs[index] + ".")
index += 1 index += 1

View File

@ -1,3 +1,14 @@
#!comment: This list has been compiled by Solar Designer of Openwall Project,
#!comment: http://www.openwall.com/wordlists/
#!comment:
#!comment: This list is based on passwords most commonly seen on a set of Unix
#!comment: systems in mid-1990's, sorted for decreasing number of occurrences
#!comment: (that is, more common passwords are listed first). It has been
#!comment: revised to also include common website passwords from public lists
#!comment: of "top N passwords" from major community website compromises that
#!comment: occurred in 2006 through 2010.
#!comment:
#!comment: Last update: 2011/11/20 (3546 entries)
123456 123456
12345 12345
password password

View File

@ -11,10 +11,11 @@ passwordFile = open(passwordListFile)
passwordList = passwordFile.readlines() passwordList = passwordFile.readlines()
for password in passwordList: for password in passwordList:
passCleanEncoded = password.rstrip().lstrip().encode("utf_16_le") if not password.startswith("#!comment:"):
hash = hashlib.new("md4") passCleanEncoded = password.rstrip().lstrip().encode("utf_16_le")
hash.update(passCleanEncoded) hash = hashlib.new("md4")
hashDictonary[hash.hexdigest()] = password hash.update(passCleanEncoded)
hashDictonary[hash.hexdigest()] = password
hashDictonarySorted = sorted(hashDictonary) hashDictonarySorted = sorted(hashDictonary)