Created
January 23, 2017 07:23
-
-
Save yashodhank/5c954d989e55e47253d420188bbba7a0 to your computer and use it in GitHub Desktop.
Attempt to brute force the hashing/encoding methods for stored passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from hashlib import sha1, sha256, sha224, sha384, sha512, md5 | |
from base64 import b64encode, b32encode | |
digest = "894b186bf79d4337c4f44140a2ec12b42d13a79f".decode("hex") | |
hexdigest = "894b186bf79d4337c4f44140a2ec12b42d13a79f" | |
methods = { | |
"encode_hex": lambda x: x.encode("hex"), | |
"sha1": lambda x: sha1(x).digest(), | |
"sha256": lambda x: sha256(x).digest(), | |
"sha224": lambda x: sha224(x).digest(), | |
"sha384": lambda x: sha384(x).digest(), | |
"sha512": lambda x: sha512(x).digest(), | |
"md5": lambda x: md5(x).digest(), | |
"b64": lambda x: b64encode(x), | |
"b32": lambda x: b32encode(x), | |
"utf8": lambda x: x.encode("utf-8"), | |
"utf16": lambda x: x.encode("utf-16"), | |
"utf16le": lambda x: x.encode('utf-16le'), | |
"utf32": lambda x: x.encode("utf-32"), | |
"utf32le": lambda x: x.encode("utf-32le"), | |
"double": lambda x: x + x, | |
"reverse": lambda x: x[::-1], | |
"shift_right": lambda x: ''.join([chr((ord(i) + 1) & 0xff) for i in x]), | |
"upper": lambda x: x.upper(), | |
"lower": lambda x: x.lower(), | |
} | |
def brute_force_hashing_method(plaintext, hexdigest): | |
digest = hexdigest.decode("hex") | |
hexdigest = hexdigest.lower() | |
queue = [(plaintext, [])] | |
while True: | |
s, m = queue.pop(0) | |
for method in methods.keys(): | |
try: | |
t = methods[method](s) | |
tm = m + [method] | |
#print "{0} {1} {2} {3}".format(method, [s], [t], tm) | |
if digest in t or hexdigest in t.lower(): | |
#print "WINNER! {0}, {1}".format(t, tm) | |
return t, tm | |
queue.append((t, tm)) | |
except UnicodeDecodeError: | |
continue | |
# A test to ensure this actually works | |
#print brute_force_hashing_method("qqww1122", sha1(b64encode("qqww1122".encode("utf-16le"))).hexdigest()) | |
print brute_force_hashing_method("qqww1122", "894b186bf79d4337c4f44140a2ec12b42d13a79f") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment