From 11c093ffdeb4bc9b3483c8183bdee82b13ede9fc Mon Sep 17 00:00:00 2001 From: Nicolas Valcarcel Date: Fri, 9 Aug 2019 00:13:42 -0500 Subject: [PATCH] password crackers, rainbow tables --- README.md | 49 +++++++++- crackers/crackpass.py | 16 +++ crackers/genrt.py | 15 +++ crackers/hashes-100.txt | 100 +++++++++++++++++++ crackers/hashes-200.txt | 200 ++++++++++++++++++++++++++++++++++++++ crackers/hashes-50.txt | 50 ++++++++++ crackers/rainbow-crack.py | 21 ++++ 7 files changed, 446 insertions(+), 5 deletions(-) create mode 100644 crackers/crackpass.py create mode 100644 crackers/genrt.py create mode 100644 crackers/hashes-100.txt create mode 100644 crackers/hashes-200.txt create mode 100644 crackers/hashes-50.txt create mode 100644 crackers/rainbow-crack.py diff --git a/README.md b/README.md index 9fb5651..3375e0b 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,52 @@ # Secure Coding with Python. ## Chapter 3: Weak Password Storage -### Fix -In order to keep password secure and secret we need to encrypt them before saving. Since we know MD5 has been long broken, we are going to use SHA256. +### Test +Every encryption algorithm can be theoretically cracked using brute-force attacks, this attack consist in trying multiple possible strings until one provides de desired hash. Said attacks are fairly expensive to perform as they take some time. -### Vulnerability -Even though we are storing passwords encrypted, our choice of algorithm allows an attacker to perform rainbow table attacks, given access to the password hashes. +Given that we know the algorithm used for a hash we can create a very simple dictionary brute-force attack against the hash. We will be using the [RockYou](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt) wordlist. -**Proceed to [next section](https://github.com/nxvl/secure-coding-with-python/tree/3.2-weak-password-storage/test)** +```text +> $ time python crackpass.py f75778f7425be4db0369d09af37a6c2b9a83dea0e53e7bd57412e4b060e607f7 rockyou.txt +Password is: supersecret +python crackpass.py rockyou.txt 0.32s user 0.01s system 99% cpu 0.325 total + +``` + +Now that's just 1 password, if we had to crack thousands of passwords, the effort starts getting significant. That's where rainbow tables kick in. +The [wikipedia definition](https://en.wikipedia.org/wiki/Rainbow_table) describes rainbow tables as: "A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes." + +Let's try to mass crack: +#### 50 hashes +```text +> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-50.txt +[...] +password for b'73d07a303cc50a5423ae72081cafe4e50a2fb1a0ef161d55e332e8533c5e25a0' is b"b'vane944218'" +password for b'2c2d908b313fb71b5592ae4a44dfad2dbedd1832915a97a547d58e4c09a8ee49' is b"b'Robert7681'" +python rainbow-crack.py rockyou-rainbow.txt 10.98s user 1.50s system 99% cpu 12.484 total +``` + +#### 100 hashes +```text +> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-100.txt +[...] +password for b'37325783f2e3763b14f25d3a28edc90fbd08283fffa9b446d827ad60c0d19272' is b"b'raaces'" +password for b'6df380dbe975a3bb65a880360e84584fdacea1455c27aa7ffef9a4b639592259' is b"b'mattlvu'" +python crackers/rainbow-crack.py ~/Downloads/rockyou-rainbow.txt 10.83s user 1.52s system 99% cpu 12.367 total +``` + +#### 200 hashes +```text +> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-200.txt +[...] +password for b'53ad0738f0356042ae89f837767078f39492fc9b29e60fe056be5cefa9e9b510' is b"b'shaiyshaiy'" +password for b'9459c1e60e359f9f646bfe92a3a1ff1167a3b6d816290d09a33cdf8a565b15c6' is b"b'kuizenga'" +python crackers/rainbow-crack.py ~/Downloads/rockyou-rainbow.txt 10.99s user 1.53s system 99% cpu 12.541 total +``` + +As can be seen with Rainbow tables the cracking time is fairly linear, it takes around 11s for almost any case, most of the time is probably spend on loading up the DB, which can be optimized, but for the sake of this example we have done on a non-ideal way. + +**Proceed to [next section](https://github.com/nxvl/secure-coding-with-python/tree/3.2-weak-password-storage/fix)** ## Index ### 1. Vulnerable Components diff --git a/crackers/crackpass.py b/crackers/crackpass.py new file mode 100644 index 0000000..05f7866 --- /dev/null +++ b/crackers/crackpass.py @@ -0,0 +1,16 @@ +from hashlib import sha256 +from sys import argv + + +def crack_hash(pass_hash, wordlist): + with open(wordlist, 'rb') as f: + for line in f: + password = line.strip() + calc_hash = sha256(password).hexdigest() + if calc_hash == pass_hash: + print("Password is: %s" % password.decode()) + break + + +if __name__ == '__main__': + crack_hash(argv[1], argv[2]) diff --git a/crackers/genrt.py b/crackers/genrt.py new file mode 100644 index 0000000..18c9693 --- /dev/null +++ b/crackers/genrt.py @@ -0,0 +1,15 @@ +from hashlib import sha256 +from sys import argv + + +def generate_rainbow_table(wordlist, outfile): + with open(outfile, 'w+') as o: + with open(wordlist, 'rb') as f: + for line in f: + password = line.strip() + calc_hash = sha256(password).hexdigest() + o.write("%s %s\n" % (calc_hash, password)) + + +if __name__ == '__main__': + generate_rainbow_table(argv[1], argv[2]) diff --git a/crackers/hashes-100.txt b/crackers/hashes-100.txt new file mode 100644 index 0000000..874760d --- /dev/null +++ b/crackers/hashes-100.txt @@ -0,0 +1,100 @@ +e81cd702f45e2e7669f4ee46cfd41f55040694d64c84122668199eb46899e1e0 +13c4e3ef8e919e354f4eae07f6c79f152f0dca7f40f090382fcce39d732291d9 +5e8343d3cdcf626fc3e6e5fb959016f1305431fc51f616db2167bb824a54d950 +638fb755dac52011c1a099ffae2bab379f53e2c806db087cbae005aa28fc7ffd +6506599c146c282c0e9c67610788061d639a10f50661819aa12b69193e962569 +1c80c78a10add2dbce880fa2f3299b223bc1847ed648d1d865b77e7729f55d68 +e26b9469acfbcb572f25bf6776b8b07c37f3c1e1e51941ec5935fe3d8fb9f7a1 +d28fc3e325b9b8ce74cd324f37e8214229b31b4582fdee7136f8fc18ec5789fe +ee11ac3da67fc9cab0d0ab7d800f604fa4de65b94674702c60d9c9919e0b7dba +9d1f8c5a611143ebdc17c183483e26b5c6eb15ba97e7bf353352ec75de1233ca +9cbdfa266904cca7ed403fafbe482837685bf9d089a90b4717d773fc40d4a874 +510b2ccd3053fbf9cbceef311402514f064e94c171481e0c8a4a4e133dc5ebf8 +654c8ea726af816a0124d591663c2691a092ccfa58a1f42849fcdcc3122c2ce6 +e5f864ea0d7269a27468d373be1f9acde13d2304d48a8f8725f780ebbc57f8c0 +219f192e4bd21df39882cc6eafeb8b63c78c50ae0396373b05634f8989be71d5 +8044852b44df7b65e74ee9c9c444ca12070cdf887b4bda37d8f62dcbd7cb8be6 +4ea9a818afe89eb32dba679be4311234227008efe1c3ddf98e09b16a6e6b5816 +398b8dc0bdd30d48c5b8b51573467ca6d530d43ee2c4d7352ec95576ea825998 +51825e4fdc820e546440effc9d273973425538e3b923ebab1e6b0f9d9c586844 +8a3c2a091d2392da9710a39098726191cbf2df191f0fc71f1077c7eb8e326288 +b0015e04819487053e83640ed33b8285672ac59a57e20ebfafd5391fe878ebc0 +2aeb1ed85d64925377d71de0885ec2270d843ca5f89688f25c00f5f9f034bc4f +8e0624fff2131d37a5a82be817f3c5d046f4e96452360846f03100a02daf03d3 +5c745ca6a66856873151aa989d69430e798c5e5f955ce8f77cb5ca3907912316 +70d1e28adab19e3f4c8b90eb73f00a98da93d9a8957bb0b592357530cc08f9ce +a671154da7e564bd83734a45a6088d7f079cf8712579db06b3ce9753efd2ed3a +27654f85b2e2dc3f7a80dd424038bb1b39bb3ba1e3dd6e503daa2c9587557b63 +de4aeb78238e19356785205d3e9c0de7381e38fe2c2f2a670c6bfb8266513445 +43f7b8b0d8d50eb978600b4b7239d7656b2c3f79224eb09fd6dde7e9fd683c6d +073ead7bd62826e4cdd36d56f2f6aa72a1eb6f7b31aee8739835ef07b2b43326 +bd755bb16bfc19ea376e86fe175a966f3c51abda07214e1b05ec5579b5fd5755 +01fa3f06b9ea8823fbbc69373e7010cd8fa36b0d6c78489e4e72ea25747c1b3c +e7370ddac4a1aa26e81f35f287b53fb6ca50f367a4406a9f8f6665fc5aeb7c62 +58f06ec2dcb63e7316ba74b7adaa64c770f1dcbd26edb0e7566c609c46c01473 +2906ebb069f2cde331aed104c78cf98c30aa635fb5dd190584a60d9313cd0a71 +d74fe4680680fe000fd59dcf21bbb7a8e86e79dcc0a69a1874ae20d78bb10bc0 +d0ae250011ee689413fbd3ce8787268caab565a21cf5e985dcb38741eab21afc +8e1cfc3955ac14d87c9187a94e7532927f25641924912d07eb7efe9acb79b3bd +8ec48e7bcc7cb1e13506dab437073a97370c6b85703e249746da82be01fa393a +28062ab09fe5dec66c342bd2baa8cb601a0db57f4495634d870aa696dfc278f9 +9d42a5d10a2f330405d0bd5cd9175a9622b5e61e8dd92f2cb63d4f480ae1d755 +0c3c7bca6e9fe8cad77157d6e4baed61c212979fdb5353a43d6b4f815d03f999 +440ff620fc4719bf58ccb4931daa67aacadb383160389c4ee5318bc467bed02c +ef0d7c11ee91e36beae8eef8e31a24d6f1782c32cfc448d5f344e5d65a9f692b +f28652874e325644fde887a8d8807ac4ade57c1cf72ad1366fe8d18376ad684b +8fc6f686750a315627e4b8168ea7d01665a8f4571654cd66b18e06e605de10b0 +1e48b2026fd2121311298200e354e7bdec1a14ccd13ef58c3a15af7d6a5f0421 +095bf0c6a5f3492e3dab986035ec245aafc9f9bfc669db92b05f129dcca2b914 +3177185e8749f54e126dae43e8ebfe28b68326c1bf19b99fd779f79156d61e28 +88fd3c52fb3022ab3c5bb10166a13fb036fe756d1a45ae8c690a3c9447e33085 +f706164ec3d77853813f2160cff075aebdfdd4cb51ac915c47108ff54734aea1 +bb54ac6aa7783208316abc8dbe00a322e122f76c146c0c7ea61bcd8e7adfcc89 +390f6e4a1992690615d59191d48c8a0be461b65013d4d8e7cba19f127dc10ce7 +062b9f8f5ce159a689a8021e0ac2d155b7ce4451508e8554171b75d86a972d69 +c7dc6b33fd3ec31a16f697703296c914aebee4835d8c0e53d80d74bf3c67da2a +50ea841ae71be7cc1cbf69f078c8e1974ce10bd1ac592ef5c475d2f369a2725b +9b1ff62aace141258ea096365784fd209f166622a1b129b206d21860f6db952a +bb21b1599932eb5f54c998b23842f031ca5921470c0e4b9566772199eb2c50f3 +8dddfd7bf3d53481e19fb5f7316abe019231e0839d823ba5c1c4804f120f85ca +8d57f3c4fef43f7dabeab37a9b88c962ecd8f3f7b96cbb5766e2f4050e86edaf +a76ac3ade1fd87507c84c24e4d4c26d081bba44160a6012aa9d4c91d3dfff7d3 +6252d24cb9c3c42f4d67734ca1b9f3f74512807b28aa9d55ec02219f5ee57037 +2ee2c170bf1d54cc8af36d1d01c642cefe1a4d106a15311161d6cb6564d4c45c +52b63ee84483ebd5cd67f9ea1fa06d6097ed2821d3681f77c050d8a4237478b4 +ff6d237c80cbf0367e96afe667d5f063781666b3ab3a816673dd8baa9134496f +ca1607d07197ae052a4833ae3cdbf71e3c635d91536546067f09809539aae679 +1dde76939123bcedc3fb8dce4402a7537d584c75789e69c320956e11178131e0 +5cb0b990367b54815c419690b04ff9dfd83845ac8d8933fb5041398cc6c5be0e +5423b768a32955edb9732167abd12168f9c1d7490140ce4d40acf95166f256cb +a94e483f8ed4650c66a858b1e4ca3557cedfd0af75355b5d8388a9fcdb51d297 +4cdfed51d2656fc5308de4af0f0eb43674b381c4e684ffccae5b8b4dd5ffffa8 +fa9792b52d406ddc35971e7a0cb9d7f8360bbe90d40421a0e385510a2d85dc83 +72a8bae4286d9491f3c648343b94c2b946ea57c22459a144bc0b2d562b04d746 +6e651d72fbbce06c4f90018e31f036cbe2cd5bb8e901ef51ee630e8f70c7e3be +1a5d3a640d8d74d82323111a8d5b36ccb6b76de703c58e94e0dcbedf610cd803 +758ccf2ec4bbc2b160c8a157085a848ecfa01652c1e2021b681a8087c2526d35 +0597a8321fa1ebee0585ad85b78617a04c6bc1bb3134028d58d36d193ae39730 +d1183eed718b0faf748f64f36f0bdfad81dcfae4f3e72644063598a1e782164b +93e6a689074df01298b269b69a54ea78dac72e7d79233cf5d129908564a334a7 +a4b4fe0cfb6a0e0d8e33a1f50e6678b2acc0f3d575a5bded1c2f7d2a7e4cb303 +bdef1a799690937938ba84ff766e228d10dddbf26e4a13529313179971a3dbf4 +45240a43716df1397660a63b84c599cefa06dd7b3ce9486fe0e7c85c304727ae +75a697aa7c2fdf811a29842d7fdc1d9e651c9183ca31640fccb041d5eb46178f +58a8f045cf8d743637ca74e1c54277660e0a6bc8149d1bed4dc36a3c661a0d34 +548b32b81f83853fdd126f80708c9adcb9c671c5a144bb572a9f9f27e6a15179 +f28c70a7effab15f59edbaf8cc865a98cc7bed6611f62e57900d8975746b9685 +3a8c80cde9ede15d75faffd04ac495231b90a8a35122e43ce47edfc4e7b2796f +15addf46ad8e277784abf4fef433f34cacf65b463cfc8c0b9259907c736dd0b8 +34bb185f13c5a569a9c4332b448a782d5071781776ccc9af595405e8a8874a26 +f4a405242c1920142f09aa257bd19baeb05148112512ea5eb851ca2490f2cc7b +06063cb5823237e72e1440e4a73355df788ca2f124e32f7dc30147ecc0f1accc +04d96988f96027d21d01d1978f3af3b44569079e556e9c3aa78e284827e479b2 +f3885f386f0a9405bad5f7f5116bcfeadb417edd4dac6626f538f9de89ee709a +5c4d4c64e2e45042d6080640b87782625b38d71107720e3b1a5bf91ed89bbb9f +5aa283623a291b6bf6b9c986ea2aed29bb921ecc99b77e3864c01d946de76ff6 +701bb3d56a7695c3f8f66fdc2d9a2d210d8eb3c87247455ca18d124a52d534f6 +a2682f5282b3d5867761cdff3e1016d75b268ef1e97a2e25c96d27c2b9cea57a +68234eb8292e1a1b846e6835d3adff50eedb3c15a41f8f5026c40b768597ad1d +37325783f2e3763b14f25d3a28edc90fbd08283fffa9b446d827ad60c0d19272 +6df380dbe975a3bb65a880360e84584fdacea1455c27aa7ffef9a4b639592259 diff --git a/crackers/hashes-200.txt b/crackers/hashes-200.txt new file mode 100644 index 0000000..401c1e6 --- /dev/null +++ b/crackers/hashes-200.txt @@ -0,0 +1,200 @@ +1dce2f0e7d81db360ce6492dfb0f14c16cbd75ca11c491c23992db326ba9494e +caa1e3f2866dd0a82d935dfdcc4f218a535fd0e4d33c7810e3400c1bd4282ce5 +5175dcf43d56645906033edb499646e0e62f75efdd3aefb63542b15aa56b5b95 +6504d266f15a90be32b86c12d2261f9044b1ec00db17db549db3183479da2a45 +0173f1701a1ba95812a145f6bc949f679f0a4bee711da669db7e21170b6258b4 +e718c9fa27f0a447e084b17dd71f3a5b48be8f97ccede979392137962ab344a1 +2c3c15f9cfdd3864b98214245ef8e131db5225722cc2daf24fc522701ec1c837 +f303ed053ec3b418d3eee979a82c347909b7f1b6bb901225652474d3f331bde7 +df4c041a5ebbc649fc04fbdab678d5afb6c9e258b56c8a5b0a288b5300524285 +c12adf13a4ba386ee9079e4af117ed34a8a0a6ee97e8ea4cc51215c62b2b8a0a +fbd5615b7b03181c84eab8c09eb8c88c3f0248298e087374747911624e5663c3 +447db47360637caa36e72a7ee15b7f0f6b3cb534900c1d338212137ecfd3f542 +3dbf3b2d2d9d04b2911dadaf1f7e23a7d92af3e149f146aa9d80117a6674c47d +b9e98bf504911f83d7582f0a64bd733d320b555385648d1fd51e6f19cf5f688a +1a787b092e112ab72e1055f5532971d7b2dea8632b773e38540d584dbd9317b7 +a4b499f0c401a3acb89ba396d7e39c04f9bbb651400e41b50e85907ae80d4d9e +c8ec0549303001b7370a9f11d1f2fa0ecb5555b7afa92ea62e6b8a5eceac33ef +0b2120543e216ba07f378df90d23a3ac3e7183358fda293ac6422d3972d73d78 +52d8f2b6755aa582bd76886df9088cac067449d5c5f3588ff3dbbc66ea4afa68 +91d02175c17d2684df75dccf53ee4ec89601820da213898621bec5649a866fe6 +34717ff54b4327fb68fff1da6fa9cb90d6ca14cb3217840bf283c66dcbb676b4 +52c6297d7bfd2fa589d5100485d02660b2cb8436f674ffa748ca26df7ee261ce +d4cfac06c8aa589b9dcbe955de38160be435f14470e51226f9ef0854cf0798ce +1e037d257ff861938c05e6865d516ed5330ee930707c3425b36ee5ff9064e3b3 +31b5ca13d0f7943f097c67f3760fa17434567fba616025a3b2d0726cd3ab9625 +5bf79febc92c7efb6c5476dc57dced1fc80875eaaf4dd091376ab67211c0b7cb +00cc9c5acde32bf15201c7c7a46df76a4901bcb94ab92c83b9635902852270d2 +85292d32e90338db3bb6a40ebc5188e1e629596f62ae6b7e15cac28067d1a430 +59e7c7121562bcd7df1ca8e9cb6778b312b5f57e66fcf20c634abf97b86029eb +3b7333662696ef8e4f6aefd3e9032f72b4662d5a559d79a5a70a43be9b1c806a +08d60a5fe4433838a3e6e928481802e44d6da0ca0795509c2d23da0a9f8e9aa8 +a79dd406f076b0f3b20ae759f04707e7a28871ea260e2f94e3471f216031cfc6 +fcf6f6231999d572a4422610ad90b2c31cf74f0be77bdca39fd2b9a6abcbc5d4 +e7acab0d513e31ba71103bb50783461e54979cfb1ce3eb25ba57eb4e15ab984d +3b4a78d630f27a0b2642f9f8fa2223cf7057f93669e679b3df9646798dd4a241 +eeff3058245a2259cc1fb137f748e4c72d9060aff92e84297915fef77f82fe05 +36e22e3fca8acaa60b923a9c507f47cff574c9d5362edf706ed5af4a9f67b172 +b00cfeeb1ac380a18df7878108a1fba0f950e7d3911a19b54e7dea6f2720db09 +cf73c8f2645269b2f54a7995135c9f5b0659872e1447284dc154c5a65da1a089 +ea170dc65093cf84b15863564ec40110d81f75d699835d3bf2e1c106be7abdc6 +487a2f09eb07207ee0970f3ba49751040cec379c8d16f8987f62858123263898 +8fdc10702c9376476a2909f313b34dad32819cdfd82743d72ceae45911b01de0 +19a2907fb6c8cf03dd7a4a9b635bebe0f78c3ccecea5a5ff9e347ddb68730b0d +5b371c8edba93431b638dee86cce296ba494a18f9d037a93db80a73d1a4c7cbe +c5267cead83d32e8d65a6d2bc9933044ccd17a1a86d20186a0ac7266313e0bd0 +6e8c5cb6687312830d83c21decdc3baeccd884c286cf84a5f4010c7efeb06d1c +cc1a8943c229e82b208f337bd9d1fc1ef5fc475027a360469aec5bd1fbc4fbfd +b9d8946fd77506db6c81d25e0372b7674e32407ed71c8b039cc0202f72e7f9cb +003d3c24f1f5aadbc9b5085a99b1cb07b2be5458bb91c2dee2c86d7fed541402 +70b59ae291ca682710ddee284d23a27f8a71282d506f7ca358df415a803addaf +d6e926b585e8ee20ba294e3394d218f4442179b84179c70e69bd590121dadf2f +bd1fb11d007ca8e7dfbe1dc31fd32124402c3f8df3574dfd7b4b7d931e0f8b65 +4855d3e1019cc1b0decd9f14cdf70e49ed80a83f97b55f2cb03dc97bff4e83e4 +240e651b4717db8a21019a954d30f277de986cc76d586c6ee0dfc8a7c4cdb671 +1584c59ea4bc1475ad7255c6d3db7f1877f6145da2b9fb46e72e64884c624997 +a758fbc3cad77bb75189fbe9ab5394e4a9fd58e2f46ea20fee532fe938588f79 +ea1a73de8629163c81efa68a584e8d9dc105572d0588ff196fe8c2bf5c25e7af +5f80f834a7d1713e102747d36ae1c7ebbef9bc29c404998bc33f0f93cbd9a1be +ab93f14dc0c6739cde8d72fc9b17496eee5c31f62b41c2583dbe0c8a969a5e74 +aff16c038aac01c9f36469d4a08326df58cbc94424b40172ef8dc6b50d28e3aa +488624ce02bbb06579a7b79945d31242e31400c35d533c4fe3256d8371f4f521 +4bf10096b5a84cff3daaf26607cc9df04984b85f86066f68d8143d323c99cfd1 +e0255ea16006164ed36735be2cd4c9355f08c0644e7a8112b9d8856d506df4a2 +785c810b7d853661a8a33dae6943ad405e58e6301464face0cdcb1e2c9971e4d +6ce1a842c7a268ef591fb6151cac826cc44a6fb8567888b6d7506b950abac999 +349af536b67a692bc147e817def209bf03aeefe29cc781af3ea0beaac6c3da27 +ffeadaf5208d2929d56087097e89571f9e3d255ba4aa59f4447a4bf610107108 +2a7d6f5a0c7bc3fce347e35ac657174afa861d5b727e177adf7b057644c678e0 +c78eb5b4f8eaee29a0bac1cf27de568897405ddbc30f4e3c8d373d8a944dfc1c +38972dae8ae95b260c6ad7289faff7a56a44bb7a2db7346fe73bcd2d06587eda +0bf72ff48c94ecfd436c27e1f5c84f7ed64fd34780812c2c1c6d6b60ff4a2230 +4e615af982ffa6731b575c7802191b12df1b1fefab55af097d5c46ac93304770 +62293e5da96e1a7ef7755ab16ad4750cb3643049f8a261f307a67fb1ba3e7777 +9528cc24e68fc1d14a0a8760079f23ded1c508a0911c6b2bb8c80907991258fa +704bb6c438b9fb7ed46dfd756fe19d5e42bf66acef7093f20c061824646d0ebd +83d2c2d8ca2dddbc6c60c193803eec5d83454676d2683ef3b1f01ada036e5a62 +360c43d724f833bc6c31a945f7eb1bf7476af94cfda4415b5f00ae4d75432c46 +c3a3b5ab2e2794bc1906436c59250cb684b9f771ec8738895c65268d2528711e +b16becef4d0f5ede39396a9134307e776b7403051f304d415f6c53fbe275e056 +35a034f78dc1847e41effed5658fc91ef41d475cf3e283a7eaaac18db5f8107e +440d2b1b2b7ab10c7ab3550e815c41134a4cd3678c7440c1e5c7662c027cb90a +1c809b0e89072e8a45df1c533b6a9c59689ce739c2e08e1223ce66e3cc31e54d +eef73eb9789c103135eb402b27d9ff4f17f1bb13d5557940bd971fc71dbb0f76 +96a7a82ef5a88c2f9c9b003313a5838445417f1ddcc1e2a1aa1f2bcbfaf341f2 +3cecafa5c4f8d7e7f44b4e23a02373d071b29c2d8768b3f119cf33559e3a6ed8 +103a7a8e327f51f9253499d310752196be7bf6237a2bb7f2efb684d1831a0e04 +fcf6fe987ed5c813c67f932b2a052fb2e768d47a620905e5dc7506047d2548e1 +ec3798c0ec5fb3557294bd291d5e978744c8f8e3bcd5c313031c3c43fc695af3 +b55eccb7f2779f26478940306d7f002c94e857980f7f2124a43e58d5a6c80d97 +d8e616c36cda02c565e1ec205f52128012358646530e00bf0779e6f683254312 +fdad45c5fd8b7a18c85f026d63413784750cc72c1608ea572bd32f4cd6434c58 +9f4ee9c6b164e226398c9b150ebbf015834b24d232402cd17248c3cfad6b6d05 +a12df7df92f770f5a18eca34b18a0f9b7a6f7ee86129315c8a8c09fd147f06bd +e69647742602a1b076df7338e9565ca2d97399eba352be885bac4eb749cc8bc8 +81b5fe0e78312e8a6241afab327e5c8d00b5ac59fe7236410fcb5cf4e4b37b73 +71c61b554a8ca76c2db89adaa0c5d6a84cffcf07de382462a6cb94c30794d14e +cf414cf3e4a7fc6ea02dbe4a197e79b1d0ddbae23a6552055ee041bc0fdbcbca +14033f19abb0a3f8c626699a29f9bf2aa06a0a89f60edbe46526d90acbfce565 +4f539ec74d0508ffc3750e6ea7200bfc0c46cc30f110f7685a8df25b1e3ea9bc +75e8dbfeb6ee5cdd9a95cbecfdca8b9381934cfb39bbad25504835b70d4058d6 +56a443b048fb1121f7d258f0ba4b2cd581e16850b910f588358a7dc1b29fdb8b +6c7a2cf1addd4c40539bede809e90eeb48aea7f8df6b7725cd36ff3402538ef4 +8bf709de1cf7d2385e1b143d80e010d83b0cb892554e3f29be38cf9f3e99e1b8 +dc8dac2d7790c48ec9abf0ae5880732b93ff94d1abad8a5207e6e78c7319e554 +608d8db55bd56ef4b2cab49c249d3bd880eae74495e432c4e93e2bd7fed4794b +4cb37a93183481ab76ff03554f45e2a7033bb9357f2f5dc5b6a20d7e5ec4fe60 +0fb3ab49d1517c2b88cc7dc693d6abd2ed6954e9670584aa4ec30ba703b52ac0 +d0275ff61ebce2b77fd1e64556940d43009ce83b4dff201f6371640e8862bb86 +40ab7879f521a694a24ec1844c04e6870ecf866b4cc20bcbb55f72cfcf5ee598 +17c742a12611322a2683b16c6c012731b1f009e799e0581054c52d02287817f4 +2447f76ec3d37f15d07a489ed7a4dd3eed8697fcc625d2991a6e6c44c8701d6f +8ba2affcb32854f0d830ae741f2b857dd9758d032fdeb7adc2e3310c61cd2a53 +eb03e3321cb4625fbe97ea36656273b14642951a6785c36624f0539da1b08936 +12c5285384a1a8b21d0951fa84fd8e37336dfdb01cf3b7546fe5e7e756bc23ad +53482f82a8ac3686020933861c7fc29287a2861dd2935355bca1b80d04a46d13 +d817c2a264b22ace07ce6c7ae536412f159aa299abe7be05f9c3cfa27fd1d62b +2fc92fe1436639052918dcbe1a38ed7f0afb4b77b5309563f0d5187ea79fd366 +a816a96d18444baff52b195ae08f4dd55b3dfd19163edc5460eabf1ba851376f +a94dbd9dc1c0bdf9e5ceb25085a3074a5d89eed4c54a49d17c6bdc7f8f7d9a84 +022d5001b44f0ad41e50340be44492f127508bac535064b94f3897d8764236dd +3d82c90ed67596e3228a2f524aef8495a59ed34c2e102f74848106958bc1f282 +6c8220a1ede13446202db411310347092364f1daaa3c7a6d8043477745eba7cd +f85b2b52dce9d266a6674f0485c41d735139d38909140b7bc026dfca31a0ad97 +5ee5359eb6a7524193066bc42f49a14d893cc2e9771602f6c55d24ce8d7530bd +1fcda092f4067e4824ac0752e7bcff85943ef1a90d62a373c956d92b6031f86b +9d2057d2995791033133db659db406261c7d818516edfc6db2d0364c3f2e24d5 +b1eeaf81494a894e8974d8e80badd10b759298c8b99845e453e2947dde5e39c8 +ef4add27f47ecb9b8f8430f667c33b912ed407746f7131f1aed7a0aee522f967 +e3b9cadaa9cb25bd6bc108161f660b6e7e6b3f6e870f1a558fffd51067d9692a +87585941ceae3ef8be0a05e15e05f7c5d6b7abeb1f6237f87ad0ed5e8a12c0b3 +36ac15277fb924062c735794c9cce04a3c74c2b79baed63781caf94bbc004d61 +165b61144e2eeaf4ecb6671f0f3b2e79c00250744c86dcb4febd3fffbe60c99d +283a8fe7481d6f813ea504d607b78f1bea3213e2fcc0203ba8a572809d2079df +e2d33178bd096f8823fbbdba3e9f5d21d37adb75012d69af5a80e1c77aaa8a7c +c82675ecceb70cbff9d7a36bc43dad01aad6d2c242f6ca33cd1e6f77599211a7 +f86f40d1ef94b670933d92f2940fdfaa89f99e9042cdf4b04d18890bcc207ea5 +de342a44749bd397674c5ced2df069a981e491bfbbe5bd7b76bb65669ba93e29 +e109d4150f9d01bf81b2370ca38e5bdc8ab4e4e1aa577cfa68da8c81af05ef22 +177726bb6bf26406aa1e75b013d4f3a726cd830c0a466b6955c8819810e53ddd +7280b8ce0a3c43e184e093717c107334405ee0b29a6d9b6065be0f99a59b4bb6 +8cb76ba56330af9a050448bfd37a79b7bd3c58d00f85d64e1cf707c25544a82e +d27c21d1a08e5c426d0cb2cfea1caad28ff4774877ede6064f2363b5d99c1a67 +9682f8dfaca3aa237408a371cf1aea4aea2cbd9e5ff226ab05dee17eb8e4ffd7 +2e9cb1c742e7902b0c07a679569cc3fcee48b2b8c65fb193dfc9b4ac3ca41572 +d4e9d17880b4344e8bb6fe37eddb191fbbbeae70121d3ccc1d93045e73444149 +cad4b4c939a5883d81d35f6bbdbac3b6094b166463352a00dd330052fa25dfac +d6423de14f29b2ad8fe4370f3c9e034ab8bbce8fe978914582ced3d56a384096 +93e6dee2d33bd55342caed240090ec3070096bab0541446b097ef454846553bd +767b5d9598d077f9f9d0b26bf4fc96952f44e5d1256f6d45ccae7826446caba7 +ef9fb632ba4cff540e65cad17cb06b1e5bab92a4460b39fa09e91afe275e6d3b +a9fc194bb1ec23bfd03819a51590bae0f551e0cb32a51748eb35c1548789b95e +8499e4cc9b161fa3ac866bfd5423f3ac9069cfed5109281085231212cf5469cc +38db10fdc2b0675e322666ec3ea9cf9cf9c4d55c4fc56e5bef751960c36b9d25 +44ec27452d84759245e757c8c3093f079ce1a3b18327d1a0f844ab839331e1d0 +f3ef3bcbdd329fc69f7769a88ea9b1298d3d8771918b719cfafe523abffc830e +d67db052f90df9812b6d499bd8d179fc263ba2214884389c28c3fbdb118103a0 +6312aba594180d52e80ab2f19fe873e84e370a9393a9f5f7140af87e495dad3b +992a8f384f4eb813d3b821b8fb6237529aacbfb18cf5988d49a5f31f1a9b8973 +923cee9d9f951060148bc7243f9567a5ac2b75f1f86f176353c917ab41137b14 +e30f54711130570d495cf9de59a8ff959deb31193e882201cdf7511855d3dc86 +b106a95303e5f8280e8f1074d77550f228ac8a00fed9b380c89b2e182f31374f +e5b8cdde1184afff9bb2d5eeaa14277d8617e929a96b93300da843f24f9e368c +32eacee7e81db19cbc8c456db68012efdd941a11d4c6fff11218ea2c4afa0104 +f5a2bbb7940ce07d9ca69c6f61cb174be8087aa863d4ad5b873ada3b475942b4 +a7413367d93a704a6a875812198f31e3cf9909442373313eeda05c38c855ed79 +6512c623238885ae84a98b31f989e587523fdada00758ddf1e7094903bf2358b +2d4c8982c5b60f10fc18c3fb932f33ca450e4fe8d961573b75d77032313e57bb +7693710ffe1e2b26185bc824932222aec990e0fa75367af140420806b9640efe +7ace7bf8448cdec8b1305eaf3d5bfbefa7782fb455693418d88c61cb069ae8d3 +7ddb60adbed0e2ef85ce9fc556dbab44381603a736c6c20a90d65d29503a6e89 +e6c0128790ed588e007ca84171b70a3049e823e8b27ba34b4feb35c8e50ea84f +67ddb4014f6279ce27ab5c03dfe5398e2c16081afa93d78fbbbf6c6df8dba1a1 +8d0fc4e5e0f71b861195578f40b28cb822d3f88d35cd239679d17221a82435f0 +94682dcf9ab35306e246d8fc52086ebe827d098286096266f6efa5f8d1e967a9 +c2e20bbe40446629ec20ed2d30dacdb047838e2d65ec5d0deea4a9d3bed23b13 +625722e2480a5ed8ed1124fe469a3f8d33f677ab5290c21fcc4b69bbcb69703a +9560945fb379dba503d3d557dac9157ffc78bab3961b080f86af571a0120a344 +0cf6c9737392c11d64c65fb6a6e6373fde4ec76eae3e94958e4b45eab8c0e77c +a41ec9dcc05f9fce70c40fcca00cae7ab39d4c73608860575815e31dd3830928 +81ad409c894591c881e109db40b2029e3164ca7dd5b08826f603e893f0bf2606 +d79432c3dda8ea2da2479d25eaf8624bdbe4eec426d7bace218d58f4007ced33 +db9a254f10bdb17fa7520ffe4e7ffdc71524ace7e990106bbb32b470f4e3b910 +32c9576272c0a88ac39adfc9322c1cc0e3b0e1e1f61dc364d9b2dc04b6e3a204 +2ecc653f74da67562d385c1c45bb1d424f87b7684140a659e1cd1fe5e49c6190 +708b540de3c0f63885a3b539aeb3ff1a2fb078b7db8bb63f7793ffa07c327c57 +606aad8d08b68fd727d74b9b518d16f0bb75f783595b34cc2eecee9912c7dd65 +6af58e39449d804e8f45afd827b2779b027ba101362d56495e1cac8464a63f0a +ce697f1330177157a1a27055a64df4c76360b89832518539eb843a86942cfbbb +2240960644ecbb3284d28471c1c7620bb60378b60965efa50cafbc8921a78706 +c3ea8318236008f741b80d2cddb09c1317e02382df0c6de39264ef6b22a39697 +94059d932cbe9ee1007d9b93b400853878daae10abb5f75c7d53d899a8eca362 +10bc9d7ad4316d138ba9157de0ac136c6ca21817ea292a8be4000985a94471a7 +68fc5089e0a57ca96be50ad215d1437f4c1b30d5c7cef17d615a4e417778bf9a +b6a90a81cd5662546159c0cecd264b7a5af8ed39f895d384da46b60e0281f0c5 +2425b4f37e1e45561b1159532019567fc29260ef7c87ca5ec926246096788d1d +6212cb11892d1658b3f7f3582978d886623ae43882223932ad1b4ff2fc8721e7 +c09cadedd102e74630cde46b3a727a6c51d3977be5f2520ecbf21ebcfcb2d2a1 +b76c4d49c7df724dce8fdc0807b1056e361dfa3138c4ee11ea5e500e4a50444f +53ad0738f0356042ae89f837767078f39492fc9b29e60fe056be5cefa9e9b510 +9459c1e60e359f9f646bfe92a3a1ff1167a3b6d816290d09a33cdf8a565b15c6 diff --git a/crackers/hashes-50.txt b/crackers/hashes-50.txt new file mode 100644 index 0000000..66ff15e --- /dev/null +++ b/crackers/hashes-50.txt @@ -0,0 +1,50 @@ +6623428aa1b5997a5b21370fbe8b463a5ed6d48a2d651fc88f2b70a9b5521aec +6c9e89315135be129cf1470ec12434fbab2b11dfe0e6f8f3b2be4d479ad9ccba +8a705bf2be8cbc24bb33484ee4f93a67893f47857ea5afd54fdffbb62e4008cf +88f02e9a222d1d3e61a7f63e727d54adcfacd1f214699c804dacda5f2f459042 +abfa032b4e46df460c589ed5451f036bf07ae315b5db1b365910623c7fdf5327 +c887487aea795e7ba5e90ca94c140f4356d6ada8f429f3f5d9224efa5357efbe +7d94411e094797464611ae7045742665fdca885dd5279b4d653aa0a388360487 +9d21d67f8a85d1e50f223553244d45a748b0fe9959663d62d506dd88403076b8 +2c760fcd49b1f28fed9042c8cbad0ef3d06103d9e42b147858bd5261f5bdf177 +188e9942cab5308440554840e7427ec278c2647bb49820f55c2876e2bdf8a5f8 +34fb4a497f44fa73f5a4fb738f1ca50f55312020428b580acd689d5bce73eeed +79dffc30134778c6486217cfbe5afb71223fe2e4b07512832c72a08602b464cc +0dc6f394d2bfa57a936d08000a839ce48144dd20358388f4443a3295d45a3e51 +5cb039ebebeea88fdf28fe3545713d6ea7f737cbc40f59b99365227beb86cdbb +3a9ba42b24349c778e444e4d517ef482f8b01ec8ed0d6baef718399182dcd6ef +b664c7bf7352c6942ac58c96e5f19096c1d6bb37fc3b215c9e6aa974e6c5d8de +4b577b4f288c5adadb7fcf08f202f8682f7eeb5ad9992e5b8fbed3721fb98469 +5cd211d68c1bbc0194a7569065a022cb84ced2c787c68a45378a8d3c12f0c04c +d1b5615b5baf69a16f3b007f096d4c7fd266a35a65a806099fc9876cc294ca7a +9d957c20e2e1fda84ea8a70365f6648aee171f4d90d875835d40a816e7eb4a9e +ca68a5c07ce7af849c117a8b30195d08b748fedb29728a6817f2f3cd217f39b3 +fd77ba4f46c8e1650c7a043fd4f9fe620e4359ef1d718b776189a50737dcccbc +7a2300d4f0b68e2e3a51c9d6dde5e077f816c845329836c426aa2bd43147b3b3 +eb79bc8c5c62c8b3ef2e0e31f32603809baf7c5e3fe05af6abba2698591fe796 +06c61195352b69c78d46785cb5dc4333a2dd34ea7a691ecf4b3582a292a556d3 +77a19f6d9c7d60ec6aa005b22948bb78f961ab687a81761ddc5bb5f0dfbde5c4 +dcb6f908dd7431775871dbf53fbb743779e977041d4e0a16f800eb73f301056d +4ee2c258edc8f44f0f928d696e4ee9f11463437d282168fc880bc06fdf259f42 +0273e5079f78380c1e8267856ae30ae0f5972efb42eaa48d914ec6833652556b +b25180c5f4018ec05a4c8872438caecd7a3080074650e97b1688e7318d713d20 +730c3c971e70021be87f6b870322f64f9c0baccd9f6ca30a6ac558344a064b9f +f24350b3346ff523d18e1d74f6d0bbae2d98f59a52da6ec6a0ba88c1b7a34241 +492081bca7a700eb99fb1e31b79149a00377b2d936ed1668fc59e04ccef5195a +9486b4727b768fd7d82181de04ba4738d1870f6b04d21ea2760f78dc2ee0647d +cce531e5ada4b5c2d90ee41f34baf8f0a2b9d3304ef025f650825c152df7d1d9 +5e6064b2b4981700600955def77663e870938b4595abf957ce458997c7c1d721 +33e231b7dc6bb0115d79017a3f5be4bb21d0437d0b6e8ee423a436b555c6edf1 +12478062a3b894601b6ee6069b22b18dba92603fbfab2eab9a74037c3e7ffc42 +2672b1474dfc52942a41e6c36784938ef5273b54278382cabf98e5d2667c768e +06b3f186de11c28e098d1d277854c5d53247e704535d2453fbc62e1e0c55a144 +6f6aae672b128a5e8f22bd6c99e82aa75776310030b4aaf1408c659bcc26b8d0 +5cbfa44ab070624e4273d23d5fa0de3aa78ae256272b53086e3413f72ea34c32 +7c6c6cc83d674f2b242b9da551754177368355a48875697a9e8a54017c736353 +8beec57039b8f04cd860554e5fb6392f5ceadccef194791a26913e6bcba36f0d +99474894f8f84037b2002742ed0d23744271ccaa70eb8c78c6b8ae1c03b76d86 +3cf674c575bac6e4429c2c544e0fff38cbdc143fe97b4a0eba15ab7409d85765 +4fdc48f26e5d030229f3d7390c48b24ce64305d1cae9b3320e2360a2340f84d0 +b168c391192926c71fceadda4d74ea5e84d4d3793d03ca636e0d1abb406657a4 +73d07a303cc50a5423ae72081cafe4e50a2fb1a0ef161d55e332e8533c5e25a0 +2c2d908b313fb71b5592ae4a44dfad2dbedd1832915a97a547d58e4c09a8ee49 diff --git a/crackers/rainbow-crack.py b/crackers/rainbow-crack.py new file mode 100644 index 0000000..9db16b4 --- /dev/null +++ b/crackers/rainbow-crack.py @@ -0,0 +1,21 @@ +from sys import argv + + +class RainbowCracker(): + def __init__(self, dbfile): + self.db = dict() + with open(dbfile, 'rb') as f: + for line in f: + k, v = line.strip().split(b' ', 1) + self.db[k] = v + + def crack_hashes(self, hashfile): + with open(hashfile, 'rb') as f: + for line in f: + pw = line.strip() + print("password for %s is %s" % (pw, self.db[pw])) + + +if __name__ == '__main__': + rc = RainbowCracker(argv[1]) + rc.crack_hashes(argv[2])