fixed CPE449 - PasswordAttacks

2022-08-29 12:00:58 -05:00 · 2022-08-29 12:00:58 -05:00 · 8877f512b9
commit 8877f512b9
parent 7dabaef6f6
3 changed files with 26 additions and 13 deletions
--- a/CPE449/passwordAttacks/dictionary.py
+++ b/CPE449/passwordAttacks/dictionary.py
@ -39,13 +39,14 @@ passwordList = passwordListFile.readlines()
 for hashedPassword in hashArr:
    for password in passwordList:
        # Compare hashes
-        cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index])
-        cmpHashPass = cmpHash.split("$")
-        cmpHashPass = cmpHashPass[3]
-        # print(cmpHashPass + " Password Hash: " + hashedPassword)
-        if compare_hash(cmpHashPass, hashedPassword):
-            print("Match found for userid " + userIDs[index] + ". Password = " + password)
-            break
-        else:
-            print("No match was found for " + userIDs[index] + ".")
+        if not password.startswith("#!comment:"):
+            cmpHash = crypt.crypt(password.rstrip().lstrip(), hashesAndSalt[index])
+            cmpHashPass = cmpHash.split("$")
+            cmpHashPass = cmpHashPass[3]
+            # print(cmpHashPass + " Password Hash: " + hashedPassword)
+            if compare_hash(cmpHashPass, hashedPassword):
+                print("Match found for userid " + userIDs[index] + ". Password = " + password)
+                break
+            else:
+                print("No match was found for " + userIDs[index] + ".")
    index += 1
--- a/CPE449/passwordAttacks/password-2011.lst
+++ b/CPE449/passwordAttacks/password-2011.lst
@ -1,3 +1,14 @@
+#!comment: This list has been compiled by Solar Designer of Openwall Project,
+#!comment: http://www.openwall.com/wordlists/
+#!comment:
+#!comment: This list is based on passwords most commonly seen on a set of Unix
+#!comment: systems in mid-1990's, sorted for decreasing number of occurrences
+#!comment: (that is, more common passwords are listed first).  It has been
+#!comment: revised to also include common website passwords from public lists
+#!comment: of "top N passwords" from major community website compromises that
+#!comment: occurred in 2006 through 2010.
+#!comment:
+#!comment: Last update: 2011/11/20 (3546 entries)
 123456
 12345
 password
--- a/CPE449/passwordAttacks/rainbowtable.py
+++ b/CPE449/passwordAttacks/rainbowtable.py
@ -11,10 +11,11 @@ passwordFile = open(passwordListFile)
 passwordList = passwordFile.readlines()

 for password in passwordList:
-    passCleanEncoded = password.rstrip().lstrip().encode("utf_16_le")
-    hash = hashlib.new("md4")
-    hash.update(passCleanEncoded)
-    hashDictonary[hash.hexdigest()] = password
+    if not password.startswith("#!comment:"):
+        passCleanEncoded = password.rstrip().lstrip().encode("utf_16_le")
+        hash = hashlib.new("md4")
+        hash.update(passCleanEncoded)
+        hashDictonary[hash.hexdigest()] = password

 hashDictonarySorted = sorted(hashDictonary)