This script allows you to crack an MD5 hash. The script asks you for both the file where the hash resides (a .txt file normally, although a .dat will work just as well), as well as the wordlist (also a .txt or .dat) to be used. The program functions by hashing each line from the wordlist, and then comparing it to the hash specified. Very quick runtime!
Download
Copy to clipboard1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | #Begin Hash Cracker.py
import hashlib, sys
m = hashlib.md5()
hash = ""
hash_file = raw_input("What is the file name in which the hash resides? ")
wordlist = raw_input("What is your wordlist? (Enter the file name) ")
try:
hashdocument = open(hash_file,"r")
except IOError:
print "Invalid file."
raw_input()
sys.exit()
else:
hash = hashdocument.readline()
hash = hash.replace("\n","")
try:
wordlistfile = open(wordlist,"r")
except IOError:
print "Invalid file."
raw_input()
sys.exit()
else:
pass
for line in wordlistfile:
m = hashlib.md5() #flush the buffer (this caused a massive problem when placed at the beginning of the script, because the buffer kept getting overwritten, thus comparing incorrect hashes)
line = line.replace("\n","")
m.update(line)
word_hash = m.hexdigest()
if word_hash==hash:
print "Collision! The word corresponding to the given hash is", line,
raw_input()
sys.exit()
print "The hash given does not correspond to any supplied word in the wordlist."
raw_input()
sys.exit()
#EoF
#Written by Neil Shah, 9th grade
|
This is an alternative to hash cracking online. It allows the user to modify the wordlist being used, and is extremely quick (much faster alternative to Rainbow Tables and other tools such as John the Ripper or Cain and Abel). The reason I wrote this program is for others to be able to benefit from this utility, while also improving my programming skills in Python. The replace function is used so that the string to be hashed does not include the '\n' or newline character while hashing (therefore generating incorrect hashes, and rendering the program useless). Enjoy!
"Cracked"? At first, I thought you'd inverted the md5 hash. You would have gotten some money for that!
Reply... Hah! Yeah, nice try. Well I don't know much about algorithm inversion. I haven't even taken Calculus yet. Still taking Pre-Calc now... I'll continue to work on these things if you guys think that they're any good. (Even if you hate them, I'll still continue Python, I enjoy it). The number one thing i need now from you all is feedback. Tell me how my program is, what more do you want it to be able to do. Be realistic, though =) .
-N
Please see the rainbow tables page for practical password cracking: http://en.wikipedia.org/wiki/Rainbow_table
I might write it like this... I thought seeing someone else's version of the program might be instructive; so, here's my go at it.
Notes: optparse is really handy. strip() is preferable for removing whitespace readlines() is nice
import sys import md5 from optparse import OptionParser
def getOptionsAndArgs(): parser = OptionParser("%prog [options] ") parser.add_option('-d', '--dict', action="store", dest="pathToWordList", default="/usr/share/dict/words", help="Path to word list") parser.add_option('-v', '--verbose', action="store_true", dest="verbose", default=False, help="Show words as they are searched")
def searchForCollisions(targetHash, pathToWordList, verbose=False): for word in open(pathToWordList, "r").readlines(): word = word.strip() hash2Test = md5.md5(word).hexdigest() if verbose: print "Searching...", word, hash2Test if hash2Test == targetHash: print "Collision Detected: The word is ", word return True return False
if __name__ == "__main__": options, args = getOptionsAndArgs()
**Oops, need the