Python — 项目3-破解使用crypt方法加密(已加salt参数)的登录密码
1、环境部署、
root@kali:~/python/anquangongji# pwd
/root/python/anquangongji
root@kali:~/python/anquangongji# ls
checkfile.py dictionary.txt passwordunix.txt scanmultports.py vulnftpbanner.txt
crarkpassword.py openfiletest.py scanerftpbanner.py vulnbanners.txt
root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji# cat passwordunix.txt
root:HXEtlo/Qz.0mA
xwb:HXEtlo/Qz.0mA
test:XWW7IhbgLDjB2
xwb1:XWW7IhbgLDjB2
root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji# cat dictionary.txt
123456
qwe123456
asd123456
root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji#
passwordunix.txt文件的内容生成方式是:
Python 2.7.13 (default, Jan 19 2017, 14:48:08)
[GCC 6.3.0 20170118] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt("123456","HX")
'HXEtlo/Qz.0mA'
>>> crypt.crypt("123456","HX")
'HXEtlo/Qz.0mA'
>>> crypt.crypt("qwe123456","XW")
'XWW7IhbgLDjB2'
2、源码与运行情况
root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji# cat crarkpassword.py
#!/usr/bin/python
# --*-- coding:utf-8 --*--
import crypt#导入加密模块
def testpasswd(cryptpasswd):
salt = cryptpasswd[0:2]#取出salt参数
#print salt
dictfile = open("dictionary.txt","r")
for word in dictfile.readlines():
word = word.strip("\n")#去除换行符
#print word
cryptword = crypt.crypt(word,salt)#使用crypt加密模块加密参数
#print cryptword
#print len(cryptword)
cryptpasswd1 = cryptpasswd.replace("\n","")#谨记!从系统文件中读取内容会自动加入一个"\n"换行字符
#print len(cryptpasswd1)
#print cryptpasswd1
if cryptword == cryptpasswd1:#字符长度相同,则进入
print '[+] : Found Pasword!!!,密码为:' + word + "\n"
return
print "[+] Password not found !! \n"
return
def main():
passfile = open("passwordunix.txt")
for line in passfile.readlines():
if ":" in line:
user = line.split(":")[0]#取出用户
#print user
cryptpasswd = line.split(":")[1].strip(' ')#取出登陆密码字段
#print cryptpasswd
print "[+] 破解密码中。。。。。。。" + user
testpasswd(cryptpasswd)
if __name__ == "__main__":
main()#前面必须是4个空格,否则无法运行
root@kali:~/python/anquangongji#
运行情况:
root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji# python crarkpassword.py
[+] 破解密码中。。。。。。。root
[+] : Found Pasword!!!,密码为:123456
[+] 破解密码中。。。。。。。xwb
[+] : Found Pasword!!!,密码为:123456
[+] 破解密码中。。。。。。。test
[+] : Found Pasword!!!,密码为:qwe123456
[+] 破解密码中。。。。。。。xwb1
[+] : Found Pasword!!!,密码为:qwe123456
root@kali:~/python/anquangongji#
在现代的类Unix系统中在/etc/shadow文件中存储了口令的hash,但是更多的是使用SHA-512等更安全的hash算法,如:
root@kali:~/python/anquangongji# cat /etc/passwd | grep ^root
root:x:0:0:root:/root:/bin/bash
root@kali:~/python/anquangongji# cat /etc/shadow | grep ^root
root:$6$Md.vwnjH$r2Ir4r5W/hnwBcXWMjUybN2UYovcUBy27I7xY1Oi7i0UgqaF.ZJQTPRr0s7.8GMVAAqB8XXXlQX2H3nw0YtE01:16609:0:99999:7:::
root@kali:~/python/anquangongji#
在Python中的hashlib库可以找到SHA-512的函数,这样就可以进一步升级脚本进行口令破解。