Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Cracking hashes with Python

Reply
Thread Tools

Cracking hashes with Python

 
 
TheRandomPast
Guest
Posts: n/a
 
      11-25-2013
Hi,

I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?
 
Reply With Quote
 
 
 
 
Chris Angelico
Guest
Posts: n/a
 
      11-25-2013
On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast <(E-Mail Removed)> wrote:
> I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashesthat I need to do so it doesn't have to be a large script just needs to beable to download the hashes from the website. Can anyone help me out?


Do you actually need to download them from that web site, or can you
simply embed them into your code? The latter would be far easier.

I'm going to assume that you don't need to do anything more
complicated than brute-force these, and I'll also assume that they're
unsalted hashes.

With a cryptographic hash function, you take text, put it into the
function, and get back a number (or a hex or binary string, which
comes to the same thing). You can't go from the number to the string;
however, you can generate a large number of strings to see if any of
them results in the same number. You can take "large number" all the
way, and generate every possible string of a certain length, or you
can go through a dictionary and generate words. Once you find
something that matches, you have a plausible guess that this is the
password.

There's a basic idea of what "cracking" a hash means. Put a bit of
code together, see how you go. If you get stuck, post your code and
how you're stuck, and we'll try to help; but we won't simply write
your code for you. (By the way, thanks for being up-front about it
being a school project. The honesty is appreciated, even though we
would almost certainly be able to tell even if you didn't. )

One last thing: Please get off Google Groups. It makes your posts look
ugly, which makes you look bad, and that's (probably!) unfair. Use a
better news client, or subscribe to the mailing list
http://www.velocityreviews.com/forums/(E-Mail Removed) and read and post through that. There are a
number of regulars here who simply trash all Google Groups posts
unread, because they're just not worth reading - switching clients
will help you be heard, and will mean you don't annoy people with
form. Of course, if you want to annoy us with substance, that's your
God-given right.

ChrisA
 
Reply With Quote
 
 
 
 
TheRandomPast
Guest
Posts: n/a
 
      11-26-2013
On Monday, 25 November 2013 23:47:52 UTC, Chris Angelico wrote:
> On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast wrote:
>
> > I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

>
>
>
> Do you actually need to download them from that web site, or can you
>
> simply embed them into your code? The latter would be far easier.
>
>
>
> I'm going to assume that you don't need to do anything more
>
> complicated than brute-force these, and I'll also assume that they're
>
> unsalted hashes.
>
>
>
> With a cryptographic hash function, you take text, put it into the
>
> function, and get back a number (or a hex or binary string, which
>
> comes to the same thing). You can't go from the number to the string;
>
> however, you can generate a large number of strings to see if any of
>
> them results in the same number. You can take "large number" all the
>
> way, and generate every possible string of a certain length, or you
>
> can go through a dictionary and generate words. Once you find
>
> something that matches, you have a plausible guess that this is the
>
> password.
>
>
>
> There's a basic idea of what "cracking" a hash means. Put a bit of
>
> code together, see how you go. If you get stuck, post your code and
>
> how you're stuck, and we'll try to help; but we won't simply write
>
> your code for you. (By the way, thanks for being up-front about it
>
> being a school project. The honesty is appreciated, even though we
>
> would almost certainly be able to tell even if you didn't. )
>
>
>
> One last thing: Please get off Google Groups. It makes your posts look
>
> ugly, which makes you look bad, and that's (probably!) unfair. Use a
>
> better news client, or subscribe to the mailing list
>
> (E-Mail Removed) and read and post through that. There are a
>
> number of regulars here who simply trash all Google Groups posts
>
> unread, because they're just not worth reading - switching clients
>
> will help you be heard, and will mean you don't annoy people with
>
> form. Of course, if you want to annoy us with substance, that's your
>
> God-given right.
>
>
>
> ChrisA


Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.

What client do you suggest I use instead of google groups?
 
Reply With Quote
 
Chris Angelico
Guest
Posts: n/a
 
      11-26-2013
On Tue, Nov 26, 2013 at 11:01 AM, TheRandomPast <(E-Mail Removed)> wrote:
> Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.
>
> What client do you suggest I use instead of google groups?


Personally, I use the mailing list:

https://mail.python.org/mailman/listinfo/python-list

You can sign up by email, read the emails, respond to emails.
Alternatively, look for a news client for your platform - Mozilla
Thunderbird is a popular option.

Downloading the hashes from the web site depends a bit on how they're
formatted. Do you get a plain text file with one per line? Are they
given in hex? How is it all laid out?

ChrisA
 
Reply With Quote
 
Steven D'Aprano
Guest
Posts: n/a
 
      11-26-2013
On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:

> Hi,
>
> I have a school project to do where I've to download MD5 Hashes from a
> particular website and write a code that will crack them.


A school project. Right. Heh.

And which website's hashes would this be?


> Does anyone
> know where I'll find out more information on how to do this? There's
> only 4 hashes that I need to do so it doesn't have to be a large script
> just needs to be able to download the hashes from the website. Can
> anyone help me out?


The size of the script has nothing to do with the number of hashes you
have to crack. Whether it is one hash and one million, the script will be
exactly the same.

Do you have to write a program to download the hashes, or can you just
browse to the web address with your browser and save them?

If you have to write your own program, start here:

https://duckduckgo.com/?q=python+how...a+from+the+web


--
Steven
 
Reply With Quote
 
TheRandomPast
Guest
Posts: n/a
 
      11-26-2013
On Tuesday, 26 November 2013 02:46:09 UTC, Frank Cui wrote:
> Hi,
>
>
> I'm assuming you are taking a computer/network security course.
>
> Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.
>
>
> With that said, it's possible to "crack" or "decrypt" a md5 hash value bysearching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at*http://www.md5crack.com/home.
>
> Yatong
>
>
> > From: (E-Mail Removed)
> > Subject: Re: Cracking hashes with Python
> > Date: Tue, 26 Nov 2013 02:55:58 +0000
> > To: (E-Mail Removed)
> >
> > On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:
> >
> > > Hi,
> > >
> > > I have a school project to do where I've to download MD5 Hashes from a
> > > particular website and write a code that will crack them.

> >
> > A school project. Right. Heh.
> >
> > And which website's hashes would this be?
> >
> >
> > > Does anyone
> > > know where I'll find out more information on how to do this? There's
> > > only 4 hashes that I need to do so it doesn't have to be a large script
> > > just needs to be able to download the hashes from the website. Can
> > > anyone help me out?

> >
> > The size of the script has nothing to do with the number of hashes you
> > have to crack. Whether it is one hash and one million, the script will be
> > exactly the same.
> >
> > Do you have to write a program to download the hashes, or can you just
> > browse to the web address with your browser and save them?
> >
> > If you have to write your own program, start here:
> >
> > https://duckduckgo.com/?q=python+how...a+from+the+web
> >
> >
> > --
> > Steven
> > --
> > https://mail.python.org/mailman/listinfo/python-list


Hi, Thanks for answering.

I have already created a script that downloads the hash values and prints them on my GUI, now I'm just struggling to figure out how to pass these values into the next part of my code to crack them.

This is the code that downloads them;
>def getMD5Pass(webpage):
> print '[*] getMD5Pass()'
> values = re.findall(r'([a-fA-F\d]{32})', webpage)
> values.sort()
> print '[+]', str(len(values)), 'Amount of MD5 passwords found :'


> for value in values:

print value


3d4fe7a00bc6fb52a91685d038733d6f
cf673f7ee88828c9fb8f6acf2cb08403
1341daac6408df15c166a3e4580ee4b1

and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

>import hashlib
>def crackMD5Hash():
> md5Hash = raw_input('What is the Hash to be decrypted : ')



This is as far as I've gotten so far. It's back to the drawing board.


 
Reply With Quote
 
Chris Angelico
Guest
Posts: n/a
 
      11-26-2013
On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <(E-Mail Removed)> wrote:
> and I've started the second part, the part to crack them. If anyone couldtell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.


Okay. This is where the irreversible nature of hash functions comes
into play. You can't actually take the hash and go back to the
password; what you have to do is try lots of passwords and find one
that has the right hash.

Python has a data structure that lets you store keys and values, and
then see whether the key you're looking for is there. See if you can
use that.

ChrisA
 
Reply With Quote
 
TheRandomPast .
Guest
Posts: n/a
 
      11-26-2013
Hi,

Thanks. From what I've been able to find online I've created a dictionary
file with words and the words I know the hash values to be and I'm trying
to get it to use that however when I run this I get no errors but it
doesn't do anything, like ask me to input my hash value. Am i just being
stupid?

>import sys, re, hashlib


>def chklength(hashes):
> if len(hashes) != 32:
> print '[-] Improper length for md5 hash.'
> sys.exit(1)


>def dict_check():
> md5hashes = raw_input('\nPlease enter the Hash value to be decrypted:

')
> chklength(md5hashes)



>wordlist = open('C:\dictionary.txt', r)
>try:
> words = wordlist
>except(IOError):
> print "[-] Error: Check the path.\n"
>sys.exit(1)


>words = words.readlines()
>print "\n",len(words),"words loading…"


>for word in words:
> hash = hashlib.md5(word[:-1])
> value = hash.hexdigest()


>if hashes == value:
> print "[+] Password is:"+word,"\n"
>sys.exit(0)



>print('\n1 – Dictionary Check')
>print('2 – Exit')
>selection = raw_input('\nSelect an option from above: ')
>sys.stdout.flush()


>if selection == "1":
> dict_attack()
> pass
>elif selection == "2":
> sys.exit(0



On Tue, Nov 26, 2013 at 10:39 AM, Chris Angelico <(E-Mail Removed)> wrote:

> On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <(E-Mail Removed)>
> wrote:
> > and I've started the second part, the part to crack them. If anyone

> could tell me where I'd find more information on this subject and how to
> crack them that would be great. As I print them on screen I was thinking I
> could write a program that allows the md5 to be entered and then cracked.
>
> Okay. This is where the irreversible nature of hash functions comes
> into play. You can't actually take the hash and go back to the
> password; what you have to do is try lots of passwords and find one
> that has the right hash.
>
> Python has a data structure that lets you store keys and values, and
> then see whether the key you're looking for is there. See if you can
> use that.
>
> ChrisA
> --
> https://mail.python.org/mailman/listinfo/python-list
>


 
Reply With Quote
 
Chris Angelico
Guest
Posts: n/a
 
      11-26-2013
On Tue, Nov 26, 2013 at 10:46 PM, TheRandomPast .
<(E-Mail Removed)> wrote:
> Thanks. From what I've been able to find online I've created a dictionary
> file with words and the words I know the hash values to be and I'm trying to
> get it to use that however when I run this I get no errors but it doesn't do
> anything, like ask me to input my hash value. Am i just being stupid?


The code you've pasted to us is a bit mangled. Can you try to post a
clean copy, please? No angle brackets in front of the lines, and
getting the indentation correct, because I think this might be your
problem:

>wordlist = open('C:\dictionary.txt', r)
>try:
> words = wordlist
>except(IOError):
> print "[-] Error: Check the path.\n"
>sys.exit(1)


The first part of the problem is that the sys.exit() call isn't
indented, so it's executed whether there's an exception thrown or not.

The second part of the problem is that you're catching an exception
only to emit a message and terminate. Don't. Just let the exception
happen; it'll... emit a message and terminate.

The third part of the problem is that you're bracketing the wrong part
of the code in the try/except. The simple assignment isn't going to
fail - the open call will. (Or maybe the readlines below it, but more
likely the open.)

So here's the fixed version of the above code:

words = open('C:/dictionary.txt', r)

Yep, it's really that simple. (Though there's another fragility in
what you had: the use of \d in a quoted string. It happens to have no
meaning, so it happens to work, but if you use "c:\textfile.txt",
you'll get quite the wrong result. You can double the backslash
"c:\\dictionary.txt", or you can use a raw string
r"c:\dictionary.txt", or you can use a forward slash, as I did above.)

See if that helps. If not, posting a clean copy of your current code
will help a lot.

ChrisA
 
Reply With Quote
 
Robert Kern
Guest
Posts: n/a
 
      11-26-2013
On 2013-11-26 10:30, TheRandomPast wrote:

> and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great.


What resources did your teacher give you? What have you been taught in class
about this subject?

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with printing a bit pattern with printf and %x matt.jaffe@gmail.com C Programming 9 04-19-2013 12:14 PM
How to make an array of hashes to a single array with all thevalues of these hashes ? kazaam Ruby 12 09-13-2007 01:30 PM
using hashes as keys in hashes Steven Arnold Ruby 3 11-23-2005 03:25 PM
Hash of hashes, of hashes, of arrays of hashes Tim O'Donovan Perl Misc 5 10-28-2005 05:59 AM
Hashes of Hashes via subs Ben Holness Perl 8 10-08-2003 06:57 AM



Advertisments