Welcome, guest | Sign In | My Account | Store | Cart

Password cracker (Python recipe) by Matthew Sherborne
ActiveState Code (http://code.activestate.com/recipes/535171/)

Nice algorythm for trying all different combinations. I had a password for an ssk (https) certificate with some 1337 (leet) characters in it, but I couldn't remember which ones, this little prog tries switching out each character with a l33t character trying all combinations...

Python, 63 lines
Download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import os

from commands import getoutput

leet = {
    'a': ('a', 'A', '4'),
    'b': ('B', '3', '8'),
    'c': ('c', 'C', 'k', 'K'),
    'd': ('d', 'D', ),
    'e': ('e', 'E', '3'),
    'f': ('f', 'F', ),
    'g': ('g', 'G', '6'),
    'h': ('h', 'H', '4'),
    'i': ('i', 'I', '1', '!', 'l'),
    'j': ('j', 'J', ),
    'k': ('k', 'K', 'c', 'C'),
    'l': ('l', 'L', ),
    'm': ('m', 'M', ),
    'n': ('n', 'N', ),
    'o': ('o', 'O', '0', ),
    'p': ('p', 'P', '9', ),
    'q': ('q', 'Q', '9', 'k', 'K', ),
    'r': ('r', 'R', ),
    's': ('s', 'S', '5', 'z', 'Z'),
    't': ('t', 'T', '7', '4'),
    'u': ('u', 'U', 'v', 'V'),
    'v': ('v', 'V', 'u', 'U'),
    'w': ('w', 'W', ),
    'x': ('x', 'X', ),
    'y': ('y', 'Y', ),
    'z': ('z', 'Z', 's', 'S', '5'),
}
    
command = 'openssl rsa -in mysecuresite.com.key -out tmp.key -passin pass:%s'
passwdBasic = 'thisisnottherealpassword'

def main():
    arrays = [leet[ltr] for ltr in passwdBasic]
    start = [ltrs[0] for ltrs in arrays]
    end = [ltrs[-1] for ltrs in arrays]
    indexes = [0] * len(arrays)
    maxes = [len(ltrs)-1 for ltrs in arrays]
    chrs = [ltrs[i] for ltrs, i in zip(arrays, indexes)]
    while chrs != end:
        passx = ''.join(chrs)
        open('tries.txt', 'a+').write(passx + '\n')
        out = getoutput(command)
        if 'bad decrypt' not in out:
            print 'GOT IT!', passx
            return
        # Next letter
        for i in range(len(indexes)-1, -1, -1):
            if indexes[i] <= maxes[i]-1:
                indexes[i] += 1
                break
            else:
                indexes[i] = 0
        # Make up the chrs
        chrs = [ltrs[i] for ltrs, i in zip(arrays, indexes)]


if __name__ == '__main__':
    main()

Of course to use it you'll need an ssl key with which you've forgotten the passwored. Or simply change 'command' to something else and change ('bad decrypt' not in out) to another test to see if you got it right.

You can create an ssl cert with this command:

openssl genrsa -des3 -out mysecureserver.key 1024

Tags: algorithms