Skip to content

Instantly share code, notes, and snippets.

@yashodhank
Created January 23, 2017 07:23
Show Gist options
  • Save yashodhank/5c954d989e55e47253d420188bbba7a0 to your computer and use it in GitHub Desktop.
Save yashodhank/5c954d989e55e47253d420188bbba7a0 to your computer and use it in GitHub Desktop.
Attempt to brute force the hashing/encoding methods for stored passwords
from hashlib import sha1, sha256, sha224, sha384, sha512, md5
from base64 import b64encode, b32encode
digest = "894b186bf79d4337c4f44140a2ec12b42d13a79f".decode("hex")
hexdigest = "894b186bf79d4337c4f44140a2ec12b42d13a79f"
methods = {
"encode_hex": lambda x: x.encode("hex"),
"sha1": lambda x: sha1(x).digest(),
"sha256": lambda x: sha256(x).digest(),
"sha224": lambda x: sha224(x).digest(),
"sha384": lambda x: sha384(x).digest(),
"sha512": lambda x: sha512(x).digest(),
"md5": lambda x: md5(x).digest(),
"b64": lambda x: b64encode(x),
"b32": lambda x: b32encode(x),
"utf8": lambda x: x.encode("utf-8"),
"utf16": lambda x: x.encode("utf-16"),
"utf16le": lambda x: x.encode('utf-16le'),
"utf32": lambda x: x.encode("utf-32"),
"utf32le": lambda x: x.encode("utf-32le"),
"double": lambda x: x + x,
"reverse": lambda x: x[::-1],
"shift_right": lambda x: ''.join([chr((ord(i) + 1) & 0xff) for i in x]),
"upper": lambda x: x.upper(),
"lower": lambda x: x.lower(),
}
def brute_force_hashing_method(plaintext, hexdigest):
digest = hexdigest.decode("hex")
hexdigest = hexdigest.lower()
queue = [(plaintext, [])]
while True:
s, m = queue.pop(0)
for method in methods.keys():
try:
t = methods[method](s)
tm = m + [method]
#print "{0} {1} {2} {3}".format(method, [s], [t], tm)
if digest in t or hexdigest in t.lower():
#print "WINNER! {0}, {1}".format(t, tm)
return t, tm
queue.append((t, tm))
except UnicodeDecodeError:
continue
# A test to ensure this actually works
#print brute_force_hashing_method("qqww1122", sha1(b64encode("qqww1122".encode("utf-16le"))).hexdigest())
print brute_force_hashing_method("qqww1122", "894b186bf79d4337c4f44140a2ec12b42d13a79f")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment