Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #60465 > unrolled thread

Cracking hashes with Python

Back to article view | Back to comp.lang.python

Contents

  Cracking hashes with Python TheRandomPast <wishingforsam@gmail.com> - 2013-11-25 15:32 -0800
    Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-26 10:47 +1100
      Re: Cracking hashes with Python TheRandomPast <wishingforsam@gmail.com> - 2013-11-25 16:01 -0800
        Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-26 11:19 +1100
    Re: Cracking hashes with Python Steven D'Aprano <steve@pearwood.info> - 2013-11-26 02:55 +0000
      RE: Cracking hashes with Python Frank Cui <ycui@outlook.com> - 2013-11-25 23:46 -0300
        Re: Cracking hashes with Python TheRandomPast <wishingforsam@gmail.com> - 2013-11-26 02:30 -0800
          Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-26 21:39 +1100
          Re: Cracking hashes with Python "TheRandomPast ." <wishingforsam@gmail.com> - 2013-11-26 11:46 +0000
          Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-26 23:48 +1100
          Re: Cracking hashes with Python Robert Kern <robert.kern@gmail.com> - 2013-11-26 13:00 +0000
          Re: Cracking hashes with Python "TheRandomPast ." <wishingforsam@gmail.com> - 2013-11-26 14:18 +0000
            Re: Cracking hashes with Python Denis McMahon <denismfmcmahon@gmail.com> - 2013-11-26 18:33 +0000
          Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-27 01:46 +1100
          Re: Cracking hashes with Python "TheRandomPast ." <wishingforsam@gmail.com> - 2013-11-26 15:13 +0000
          Re: Cracking hashes with Python Denis McMahon <denismfmcmahon@gmail.com> - 2013-11-26 18:17 +0000
            Re: Cracking hashes with Python "TheRandomPast ." <wishingforsam@gmail.com> - 2013-11-26 23:06 +0000
            Re: Cracking hashes with Python Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-11-27 01:04 +0000
            Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-27 13:28 +1100
            Re: Cracking hashes with Python Tim Delaney <timothy.c.delaney@gmail.com> - 2013-11-27 13:55 +1100
            Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-27 13:58 +1100
            Re: Cracking hashes with Python "TheRandomPast ." <wishingforsam@gmail.com> - 2013-11-27 12:40 +0000
              Re: Cracking hashes with Python Denis McMahon <denismfmcmahon@gmail.com> - 2013-11-27 21:18 +0000
            Re: Cracking hashes with Python Chris Angelico <rosuav@gmail.com> - 2013-11-28 00:27 +1100
            Re: Cracking hashes with Python MRAB <python@mrabarnett.plus.com> - 2013-11-27 17:44 +0000

Page 1 of 2  [1] 2  Next page →

#60465 — Cracking hashes with Python

Hi, 

I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

[toc] | [next] | [standalone]

#60470

On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast <wishingforsam@gmail.com> wrote:
> I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

Do you actually need to download them from that web site, or can you
simply embed them into your code? The latter would be far easier.

I'm going to assume that you don't need to do anything more
complicated than brute-force these, and I'll also assume that they're
unsalted hashes.

With a cryptographic hash function, you take text, put it into the
function, and get back a number (or a hex or binary string, which
comes to the same thing). You can't go from the number to the string;
however, you can generate a large number of strings to see if any of
them results in the same number. You can take "large number" all the
way, and generate every possible string of a certain length, or you
can go through a dictionary and generate words. Once you find
something that matches, you have a plausible guess that this is the
password.

There's a basic idea of what "cracking" a hash means. Put a bit of
code together, see how you go. If you get stuck, post your code and
how you're stuck, and we'll try to help; but we won't simply write
your code for you. (By the way, thanks for being up-front about it
being a school project. The honesty is appreciated, even though we
would almost certainly be able to tell even if you didn't. :) )

One last thing: Please get off Google Groups. It makes your posts look
ugly, which makes you look bad, and that's (probably!) unfair. Use a
better news client, or subscribe to the mailing list
python-list@python.org and read and post through that. There are a
number of regulars here who simply trash all Google Groups posts
unread, because they're just not worth reading - switching clients
will help you be heard, and will mean you don't annoy people with
form. Of course, if you want to annoy us with substance, that's your
God-given right. :)

ChrisA

[toc] | [prev] | [next] | [standalone]

#60472

On Monday, 25 November 2013 23:47:52 UTC, Chris Angelico  wrote:
> On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast wrote:
> 
> > I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?
> 
> 
> 
> Do you actually need to download them from that web site, or can you
> 
> simply embed them into your code? The latter would be far easier.
> 
> 
> 
> I'm going to assume that you don't need to do anything more
> 
> complicated than brute-force these, and I'll also assume that they're
> 
> unsalted hashes.
> 
> 
> 
> With a cryptographic hash function, you take text, put it into the
> 
> function, and get back a number (or a hex or binary string, which
> 
> comes to the same thing). You can't go from the number to the string;
> 
> however, you can generate a large number of strings to see if any of
> 
> them results in the same number. You can take "large number" all the
> 
> way, and generate every possible string of a certain length, or you
> 
> can go through a dictionary and generate words. Once you find
> 
> something that matches, you have a plausible guess that this is the
> 
> password.
> 
> 
> 
> There's a basic idea of what "cracking" a hash means. Put a bit of
> 
> code together, see how you go. If you get stuck, post your code and
> 
> how you're stuck, and we'll try to help; but we won't simply write
> 
> your code for you. (By the way, thanks for being up-front about it
> 
> being a school project. The honesty is appreciated, even though we
> 
> would almost certainly be able to tell even if you didn't. :) )
> 
> 
> 
> One last thing: Please get off Google Groups. It makes your posts look
> 
> ugly, which makes you look bad, and that's (probably!) unfair. Use a
> 
> better news client, or subscribe to the mailing list
> 
> python-list@python.org and read and post through that. There are a
> 
> number of regulars here who simply trash all Google Groups posts
> 
> unread, because they're just not worth reading - switching clients
> 
> will help you be heard, and will mean you don't annoy people with
> 
> form. Of course, if you want to annoy us with substance, that's your
> 
> God-given right. :)
> 
> 
> 
> ChrisA

Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them. 

What client do you suggest I use instead of google groups?

[toc] | [prev] | [next] | [standalone]

#60474

On Tue, Nov 26, 2013 at 11:01 AM, TheRandomPast <wishingforsam@gmail.com> wrote:
> Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.
>
> What client do you suggest I use instead of google groups?

Personally, I use the mailing list:

https://mail.python.org/mailman/listinfo/python-list

You can sign up by email, read the emails, respond to emails.
Alternatively, look for a news client for your platform - Mozilla
Thunderbird is a popular option.

Downloading the hashes from the web site depends a bit on how they're
formatted. Do you get a plain text file with one per line? Are they
given in hex? How is it all laid out?

ChrisA

[toc] | [prev] | [next] | [standalone]

#60480

On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:

> Hi,
> 
> I have a school project to do where I've to download MD5 Hashes from a
> particular website and write a code that will crack them.

A school project. Right. Heh. :-)

And which website's hashes would this be?


> Does anyone
> know where I'll find out more information on how to do this? There's
> only 4 hashes that I need to do so it doesn't have to be a large script
> just needs to be able to download the hashes from the website. Can
> anyone help me out?

The size of the script has nothing to do with the number of hashes you 
have to crack. Whether it is one hash and one million, the script will be 
exactly the same.

Do you have to write a program to download the hashes, or can you just 
browse to the web address with your browser and save them?

If you have to write your own program, start here:

https://duckduckgo.com/?q=python+how+to+download+data+from+the+web


-- 
Steven

[toc] | [prev] | [next] | [standalone]

#60484

[Multipart message — attachments visible in raw view] — view raw

Hi,
I'm assuming you are taking a computer/network security course.
Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.
With that said, it's possible to "crack" or "decrypt" a md5 hash value by searching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at http://www.md5crack.com/home.

Yatong

> From: steve@pearwood.info
> Subject: Re: Cracking hashes with Python
> Date: Tue, 26 Nov 2013 02:55:58 +0000
> To: python-list@python.org
> 
> On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:
> 
> > Hi,
> > 
> > I have a school project to do where I've to download MD5 Hashes from a
> > particular website and write a code that will crack them.
> 
> A school project. Right. Heh. :-)
> 
> And which website's hashes would this be?
> 
> 
> > Does anyone
> > know where I'll find out more information on how to do this? There's
> > only 4 hashes that I need to do so it doesn't have to be a large script
> > just needs to be able to download the hashes from the website. Can
> > anyone help me out?
> 
> The size of the script has nothing to do with the number of hashes you 
> have to crack. Whether it is one hash and one million, the script will be 
> exactly the same.
> 
> Do you have to write a program to download the hashes, or can you just 
> browse to the web address with your browser and save them?
> 
> If you have to write your own program, start here:
> 
> https://duckduckgo.com/?q=python+how+to+download+data+from+the+web
> 
> 
> -- 
> Steven
> -- 
> https://mail.python.org/mailman/listinfo/python-list
 		 	   		  

[toc] | [prev] | [next] | [standalone]

#60493

On Tuesday, 26 November 2013 02:46:09 UTC, Frank Cui  wrote:
> Hi,
> 
> 
> I'm assuming you are taking a computer/network security course.
> 
> Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.
> 
> 
> With that said, it's possible to "crack" or "decrypt" a md5 hash value by searching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at http://www.md5crack.com/home.
> 
> Yatong
> 
> 
> > From: st...@pearwood.info
> > Subject: Re: Cracking hashes with Python
> > Date: Tue, 26 Nov 2013 02:55:58 +0000
> > To: pytho...@python.org
> > 
> > On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:
> > 
> > > Hi,
> > > 
> > > I have a school project to do where I've to download MD5 Hashes from a
> > > particular website and write a code that will crack them.
> > 
> > A school project. Right. Heh. :-)
> > 
> > And which website's hashes would this be?
> > 
> > 
> > > Does anyone
> > > know where I'll find out more information on how to do this? There's
> > > only 4 hashes that I need to do so it doesn't have to be a large script
> > > just needs to be able to download the hashes from the website. Can
> > > anyone help me out?
> > 
> > The size of the script has nothing to do with the number of hashes you 
> > have to crack. Whether it is one hash and one million, the script will be 
> > exactly the same.
> > 
> > Do you have to write a program to download the hashes, or can you just 
> > browse to the web address with your browser and save them?
> > 
> > If you have to write your own program, start here:
> > 
> > https://duckduckgo.com/?q=python+how+to+download+data+from+the+web
> > 
> > 
> > -- 
> > Steven
> > -- 
> > https://mail.python.org/mailman/listinfo/python-list

Hi, Thanks for answering. 

I have already created a script that downloads the hash values and prints them on my GUI, now I'm just struggling to figure out how to pass these values into the next part of my code to crack them. 

This is the code that downloads them;
>def getMD5Pass(webpage):
>    print '[*] getMD5Pass()'
>    values = re.findall(r'([a-fA-F\d]{32})', webpage)
>    values.sort()
>    print '[+]', str(len(values)), 'Amount of MD5 passwords found :'

>    for value in values:
        print value


3d4fe7a00bc6fb52a91685d038733d6f
cf673f7ee88828c9fb8f6acf2cb08403
1341daac6408df15c166a3e4580ee4b1

and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

>import hashlib
>def crackMD5Hash():
>    md5Hash = raw_input('What is the Hash to be decrypted  :  ')


This is as far as I've gotten so far. It's back to the drawing board. 

[toc] | [prev] | [next] | [standalone]

#60496

On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <wishingforsam@gmail.com> wrote:
> and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

Okay. This is where the irreversible nature of hash functions comes
into play. You can't actually take the hash and go back to the
password; what you have to do is try lots of passwords and find one
that has the right hash.

Python has a data structure that lets you store keys and values, and
then see whether the key you're looking for is there. See if you can
use that.

ChrisA

[toc] | [prev] | [next] | [standalone]

#60508

[Multipart message — attachments visible in raw view] — view raw

Hi,

Thanks. From what I've been able to find online I've created a dictionary
file with words and the words I know the hash values to be and I'm trying
to get it to use that however when I run this I get no errors but it
doesn't do anything, like ask me to input my hash value. Am i just being
stupid?

>import sys, re, hashlib

>def chklength(hashes):
  >  if len(hashes) != 32:
  >      print '[-] Improper length for md5 hash.'
  >  sys.exit(1)

>def dict_check():
  >  md5hashes = raw_input('\nPlease enter the Hash value to be decrypted:
')
  >  chklength(md5hashes)


>wordlist = open('C:\dictionary.txt', r)
>try:
>    words = wordlist
>except(IOError):
>  print "[-] Error: Check the path.\n"
>sys.exit(1)

>words = words.readlines()
>print "\n",len(words),"words loading…"

>for word in words:
>    hash = hashlib.md5(word[:-1])
>    value = hash.hexdigest()

>if hashes == value:
>    print "[+] Password is:"+word,"\n"
>sys.exit(0)


>print('\n1 – Dictionary Check')
>print('2 – Exit')
>selection = raw_input('\nSelect an option from above: ')
>sys.stdout.flush()

>if selection == "1":
>    dict_attack()
>    pass
>elif selection == "2":
>    sys.exit(0


On Tue, Nov 26, 2013 at 10:39 AM, Chris Angelico <rosuav@gmail.com> wrote:

> On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <wishingforsam@gmail.com>
> wrote:
> > and I've started the second part, the part to crack them. If anyone
> could tell me where I'd find more information on this subject and how to
> crack them that would be great. As I print them on screen I was thinking I
> could write a program that allows the md5 to be entered and then cracked.
>
> Okay. This is where the irreversible nature of hash functions comes
> into play. You can't actually take the hash and go back to the
> password; what you have to do is try lots of passwords and find one
> that has the right hash.
>
> Python has a data structure that lets you store keys and values, and
> then see whether the key you're looking for is there. See if you can
> use that.
>
> ChrisA
> --
> https://mail.python.org/mailman/listinfo/python-list
>

[toc] | [prev] | [next] | [standalone]

#60509

On Tue, Nov 26, 2013 at 10:46 PM, TheRandomPast .
<wishingforsam@gmail.com> wrote:
> Thanks. From what I've been able to find online I've created a dictionary
> file with words and the words I know the hash values to be and I'm trying to
> get it to use that however when I run this I get no errors but it doesn't do
> anything, like ask me to input my hash value. Am i just being stupid?

The code you've pasted to us is a bit mangled. Can you try to post a
clean copy, please? No angle brackets in front of the lines, and
getting the indentation correct, because I think this might be your
problem:

>wordlist = open('C:\dictionary.txt', r)
>try:
>    words = wordlist
>except(IOError):
>  print "[-] Error: Check the path.\n"
>sys.exit(1)

The first part of the problem is that the sys.exit() call isn't
indented, so it's executed whether there's an exception thrown or not.

The second part of the problem is that you're catching an exception
only to emit a message and terminate. Don't. :) Just let the exception
happen; it'll... emit a message and terminate.

The third part of the problem is that you're bracketing the wrong part
of the code in the try/except. The simple assignment isn't going to
fail - the open call will. (Or maybe the readlines below it, but more
likely the open.)

So here's the fixed version of the above code:

words = open('C:/dictionary.txt', r)

Yep, it's really that simple. (Though there's another fragility in
what you had: the use of \d in a quoted string. It happens to have no
meaning, so it happens to work, but if you use "c:\textfile.txt",
you'll get quite the wrong result. You can double the backslash
"c:\\dictionary.txt", or you can use a raw string
r"c:\dictionary.txt", or you can use a forward slash, as I did above.)

See if that helps. If not, posting a clean copy of your current code
will help a lot.

ChrisA

[toc] | [prev] | [next] | [standalone]

#60511

On 2013-11-26 10:30, TheRandomPast wrote:

> and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great.

What resources did your teacher give you? What have you been taught in class 
about this subject?

-- 
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

[toc] | [prev] | [next] | [standalone]

#60514

[Multipart message — attachments visible in raw view] — view raw

@RobertKern

- Teacher has taught us nothing about MD5. This being the script he wanted
us to write came as a surprise to everyone but complaints about projects
are constantly ignored. This particular teacher is complained about for
this reason every year but nothing ever changes.


This is my code. I hope it looks better? I'm sorry if it doesn't. I'm
trying to get the hang of posting by email :)

[code] import sys, re, hashlib

def dict_attack():
    hashes = raw_input('\nPlease specify hash value: ')
    chklength(hashes)

def chklength(hashes):
    if len(hashes) != 32:
        print '[-] Improper length for md5 hash.'
        sys.exit(1)


wordlist = open('C:/dictionary.txt')
try:
    words = wordlist
except(IOError):
    print "[-] Error: Check your  path.\n"
    sys.exit(1)

words = open('C:/dictionary.txt')
print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()

for word in words:
    hash = hashlib.md5(word[:-1])
    value = hash.hexdigest()

if hashes == value:
    print "[+] Password is:"+word,"\n"
    sys.exit(0)


print('\n1 – Dictionary Check')
print('2 – Exit')
selection = raw_input('\nSelect an option from above: ')
sys.stdout.flush()

if selection == "1":
    dict_attack()
    pass
elif selection == "2":
    sys.exit(0)[/code]


print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()
 - I'm guessing this is because it's not picking up my file but I can't see
why it shouldn't?


On Tue, Nov 26, 2013 at 1:00 PM, Robert Kern <robert.kern@gmail.com> wrote:

> On 2013-11-26 10:30, TheRandomPast wrote:
>
>  and I've started the second part, the part to crack them. If anyone could
>> tell me where I'd find more information on this subject and how to crack
>> them that would be great.
>>
>
> What resources did your teacher give you? What have you been taught in
> class about this subject?
>
> --
> Robert Kern
>
> "I have come to believe that the whole world is an enigma, a harmless
> enigma
>  that is made terrible by our own mad attempt to interpret it as though it
> had
>  an underlying truth."
>   -- Umberto Eco
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>

[toc] | [prev] | [next] | [standalone]

#60533

On Tue, 26 Nov 2013 14:18:33 +0000, TheRandomPast . wrote:

> - Teacher has taught us nothing about MD5. This being the script he
> wanted us to write came as a surprise to everyone but complaints about
> projects are constantly ignored. This particular teacher is complained
> about for this reason every year but nothing ever changes.

ok .... forget about python for a minute.

write down the steps you need to follow to solve the problem in plain 
english.

1) Get the list of hashes from a website
2) Brute force the hashes using a dictionary

But 2 needs a dictionary:

1) Load a dictionary
2) Get the list of hashes from a website
3) Brute force the hashes using a dictionary

So you need a function to load the dictionary (from a local file?), a 
function to get the list of hashes, a function to try and brute force a 
hash using the dictionary, and some logic to tie it all together.

global data: list of words, list of hashes

load_dictionary ( file )
	read the words from the file

get_hashes( url )
	read the hashes from the url

brute_force()
	do every hash in hashes
		do every word in words
			if md5( word ) is hash
				solved this hash!

load_dictionary( "dictionary file name" )
get_hashes( "http://www.website.tld/path/file.ext" )
brute_force()

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]

#60517

On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
<wishingforsam@gmail.com> wrote:
> This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
> to get the hang of posting by email :)

There are no BBCode tags here, so [code] doesn't help you at all.
Other than that, looks good. Though if you're going to annotate your
code, please mark your comments with a hash; that way, we can simply
copy and paste your code and run it, which is a huge help. (In this
case, I can see what's going on without running it, but that's not
always true. Sometimes my crystal ball is faulty.)

> wordlist = open('C:/dictionary.txt')
> try:
>     words = wordlist
> except(IOError):
>     print "[-] Error: Check your  path.\n"
>     sys.exit(1)

This now is functional but completely useless. You can drop this whole
block of code.

> words = open('C:/dictionary.txt')
> print "\n",len(words),"words loaded…" (This line now throws up an error
> where it wasn't before: TypeError: object of type 'file' has no len()

The problem is that you've left out the readlines() call, so you now
aren't looking at a list, you're looking at the file object itself.
But take heart! A file object is iterable, so as long as you don't
mind losing this line of status display, it'll all work.

> for word in words:
>     hash = hashlib.md5(word[:-1])
>     value = hash.hexdigest()

This is all very well, but you actually don't do anything with the
hash and the value. Tip: This would be a good place to stash them all
somewhere so you can look them up quickly.

Side point: You're currently assuming that each word you get is
terminated by exactly a single newline. It'd be clearer to, instead of
slicing off the last character with the smiley [:-1] (not sure what
that represents - maybe he has a pen lid sticking out of his mouth?),
try stripping off whitespace. Strings have a method that'll do that
for you.

> if hashes == value:
>     print "[+] Password is:"+word,"\n"
>     sys.exit(0)

This is where you'd look up in what you've stashed, except that at no
point before this do you query the user for the hash to look up.

I recommend you think in terms of an initialization phase, and then a
loop in which you ask the user for input. That would be the most
normal way to do things. As it is, there's no loop, so having an
"exit" option is actually fairly useless.

By the way, are you also learning about Python 3, or are you
exclusively studying Python 2? Python 2 is now a dead end; no new
features are being added to it, and it's to be supported with some bug
fixes for a while, and then security patches only after that;
meanwhile, Python 3 just keeps on getting better. We're now able to
play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
(which added a veritable ton of awesomeness over 3.2), and there are
features slated for 3.5 after that. Even if your course is teaching
only the old version, it'd be good for you, as a programmer, to
explore the differences in the new version; the sooner you get your
head around the difference between Unicode strings and collections of
bytes, the easier your life will be, and Py3 makes that distinction a
lot clearer than Py2 did.

ChrisA

[toc] | [prev] | [next] | [standalone]

#60520

[Multipart message — attachments visible in raw view] — view raw

Thanks. I'll take that on board and let you know how I get on.

Thanks for all your help.


On Tue, Nov 26, 2013 at 2:46 PM, Chris Angelico <rosuav@gmail.com> wrote:

> On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
> <wishingforsam@gmail.com> wrote:
> > This is my code. I hope it looks better? I'm sorry if it doesn't. I'm
> trying
> > to get the hang of posting by email :)
>
> There are no BBCode tags here, so [code] doesn't help you at all.
> Other than that, looks good. Though if you're going to annotate your
> code, please mark your comments with a hash; that way, we can simply
> copy and paste your code and run it, which is a huge help. (In this
> case, I can see what's going on without running it, but that's not
> always true. Sometimes my crystal ball is faulty.)
>
> > wordlist = open('C:/dictionary.txt')
> > try:
> >     words = wordlist
> > except(IOError):
> >     print "[-] Error: Check your  path.\n"
> >     sys.exit(1)
>
> This now is functional but completely useless. You can drop this whole
> block of code.
>
> > words = open('C:/dictionary.txt')
> > print "\n",len(words),"words loaded…" (This line now throws up an error
> > where it wasn't before: TypeError: object of type 'file' has no len()
>
> The problem is that you've left out the readlines() call, so you now
> aren't looking at a list, you're looking at the file object itself.
> But take heart! A file object is iterable, so as long as you don't
> mind losing this line of status display, it'll all work.
>
> > for word in words:
> >     hash = hashlib.md5(word[:-1])
> >     value = hash.hexdigest()
>
> This is all very well, but you actually don't do anything with the
> hash and the value. Tip: This would be a good place to stash them all
> somewhere so you can look them up quickly.
>
> Side point: You're currently assuming that each word you get is
> terminated by exactly a single newline. It'd be clearer to, instead of
> slicing off the last character with the smiley [:-1] (not sure what
> that represents - maybe he has a pen lid sticking out of his mouth?),
> try stripping off whitespace. Strings have a method that'll do that
> for you.
>
> > if hashes == value:
> >     print "[+] Password is:"+word,"\n"
> >     sys.exit(0)
>
> This is where you'd look up in what you've stashed, except that at no
> point before this do you query the user for the hash to look up.
>
> I recommend you think in terms of an initialization phase, and then a
> loop in which you ask the user for input. That would be the most
> normal way to do things. As it is, there's no loop, so having an
> "exit" option is actually fairly useless.
>
> By the way, are you also learning about Python 3, or are you
> exclusively studying Python 2? Python 2 is now a dead end; no new
> features are being added to it, and it's to be supported with some bug
> fixes for a while, and then security patches only after that;
> meanwhile, Python 3 just keeps on getting better. We're now able to
> play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
> (which added a veritable ton of awesomeness over 3.2), and there are
> features slated for 3.5 after that. Even if your course is teaching
> only the old version, it'd be good for you, as a programmer, to
> explore the differences in the new version; the sooner you get your
> head around the difference between Unicode strings and collections of
> bytes, the easier your life will be, and Py3 makes that distinction a
> lot clearer than Py2 did.
>
> ChrisA
> --
> https://mail.python.org/mailman/listinfo/python-list
>

[toc] | [prev] | [next] | [standalone]

#60532

On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:

>>    for value in values:
>         print value

..........^^^^^^^^^^^

so change this to:
          crackMD5Hash( value )

>> import hashlib 
>> def crackMD5Hash():

Nah .... 

def crackMD5Hash( hash ):
        print "cracking hash:", hash
        some code goes here ...
        print "original string was:", result

Algorithms for cracking md5 hashes is not a python topic, but rather a 
cryptography topic. When you find an algorithm to use, then if you have 
trouble converting it into code we may be able to help with that bit.

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]

#60560

[Multipart message — attachments visible in raw view] — view raw

This is my code

import md5
import sys

def chklength(hashes):
    if len(hashes) != 32:
        print '[-] Improper length for md5 hash.'
        sys.exit(1)
characters=range(48,57)+range(65,90)+range(97,122)
def checkPassword(password):
    #print password
    m = md5.new(password)
    if (m.hexdigest() == hash):
        print "match [" + password + "]"
        sys.exit()

def recurse(width, position, baseString):
    for char in characters:
        if (position < width - 1):
            recurse(width, position + 1, baseString + "%c" % char)
        checkPassword(baseString + "%c" % char)
        print "Target Hash [" + hash+ " string: "+ baseString
def brute_force():
    maxChars = 32
    for baseWidth in range(1, maxChars + 1):
        print "checking passwords width [" + `baseWidth` + "]"
        recurse(baseWidth, 0, "")
def dictionary():
    for line in File.readlines():
        checkPassword(line.strip('\n'))
hash =raw_input("Input MD5 hash:")
option=input("Choose method:1=Brute Force; 0=Dictionary")
if(option==1):
    chklength()
    brute_force()
else:
    if(option==0):
        File=open("dict.txt")
        chklength()
        dictionary()
    else:
        print "You picked wrong!"

IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why not?
I'm stumped.


On Tue, Nov 26, 2013 at 6:17 PM, Denis McMahon <denismfmcmahon@gmail.com>wrote:

> On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:
>
> >>    for value in values:
> >         print value
>
> ..........^^^^^^^^^^^
>
> so change this to:
>           crackMD5Hash( value )
>
> >> import hashlib
> >> def crackMD5Hash():
>
> Nah ....
>
> def crackMD5Hash( hash ):
>         print "cracking hash:", hash
>         some code goes here ...
>         print "original string was:", result
>
> Algorithms for cracking md5 hashes is not a python topic, but rather a
> cryptography topic. When you find an algorithm to use, then if you have
> trouble converting it into code we may be able to help with that bit.
>
> --
> Denis McMahon, denismfmcmahon@gmail.com
> --
> https://mail.python.org/mailman/listinfo/python-list
>

[toc] | [prev] | [next] | [standalone]

#60561

On 26/11/2013 23:06, TheRandomPast . wrote:
> This is my code
>
> import md5
> import sys
>
> def chklength(hashes):
>      if len(hashes) != 32:
>          print '[-] Improper length for md5 hash.'
>          sys.exit(1)
> characters=range(48,57)+range(65,90)+range(97,122)
> def checkPassword(password):
>      #print password
>      m = md5.new(password)
>      if (m.hexdigest() == hash):
>          print "match [" + password + "]"
>          sys.exit()
> def recurse(width, position, baseString):
>      for char in characters:
>          if (position < width - 1):
>              recurse(width, position + 1, baseString + "%c" % char)
>          checkPassword(baseString + "%c" % char)
>          print "Target Hash [" + hash+ " string: "+ baseString
> def brute_force():
>      maxChars = 32
>      for baseWidth in range(1, maxChars + 1):
>          print "checking passwords width [" + `baseWidth` + "]"
>          recurse(baseWidth, 0, "")
> def dictionary():
>      for line in File.readlines():
>          checkPassword(line.strip('\n'))
> hash =raw_input("Input MD5 hash:")
> option=input("Choose method:1=Brute Force; 0=Dictionary")
> if(option==1):
>      chklength()
>      brute_force()
> else:
>      if(option==0):
>          File=open("dict.txt")
>          chklength()
>          dictionary()
>      else:
>          print "You picked wrong!"
>
> IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why
> not? I'm stumped.
>

Good to see another cricketer on the list :)  Besides that stating "x 
isn't working" usually doesn't help us to help you.  However here it's 
obvious that you define chklength to take an argument hashes but call it 
without arguments.  You also use raw_input on one line and input on the 
next, not a good idea.  I haven't looked for anything else.

-- 
Python is the second best programming language in the world.
But the best has yet to be invented.  Christian Tismer

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#60565

On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence <breamoreboy@yahoo.co.uk> wrote:
> On 26/11/2013 23:06, TheRandomPast . wrote:
>> I'm stumped.
>
> Good to see another cricketer on the list :)

May I be bowled enough to suggest that "stumped" doesn't necessarily
imply a background in cricket?

*dives for cover*

ChrisA

[toc] | [prev] | [next] | [standalone]

#60568

[Multipart message — attachments visible in raw view] — view raw

On 27 November 2013 13:28, Chris Angelico <rosuav@gmail.com> wrote:

> On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence <breamoreboy@yahoo.co.uk>
> wrote:
> > On 26/11/2013 23:06, TheRandomPast . wrote:
> >> I'm stumped.
> >
> > Good to see another cricketer on the list :)
>
> May I be bowled enough to suggest that "stumped" doesn't necessarily
> imply a background in cricket?
>
> *dives for cover*
>

Surely that should have been "drives for cover" ;) I guess I'll play on ...

Before I go look it up, I'm guessing that the etymology of "stumped" is
actually coming from the problem of a plough getting stuck on a stump (i.e.
can't progress any further). Not much of an issue anymore since the
invention of the stump-jump plough:
https://en.wikipedia.org/wiki/Stump-jump_plough

(Looked it up, my guess is considered the most likely origin of the term).

Tim Delaney

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.lang.python

csiph-web