Cracking hashes with Python

Discussion in 'Python' started by TheRandomPast, Nov 25, 2013.

  1. Hi,

    I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?
    TheRandomPast, Nov 25, 2013
    #1
    1. Advertising

  2. On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast <> wrote:
    > I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashesthat I need to do so it doesn't have to be a large script just needs to beable to download the hashes from the website. Can anyone help me out?


    Do you actually need to download them from that web site, or can you
    simply embed them into your code? The latter would be far easier.

    I'm going to assume that you don't need to do anything more
    complicated than brute-force these, and I'll also assume that they're
    unsalted hashes.

    With a cryptographic hash function, you take text, put it into the
    function, and get back a number (or a hex or binary string, which
    comes to the same thing). You can't go from the number to the string;
    however, you can generate a large number of strings to see if any of
    them results in the same number. You can take "large number" all the
    way, and generate every possible string of a certain length, or you
    can go through a dictionary and generate words. Once you find
    something that matches, you have a plausible guess that this is the
    password.

    There's a basic idea of what "cracking" a hash means. Put a bit of
    code together, see how you go. If you get stuck, post your code and
    how you're stuck, and we'll try to help; but we won't simply write
    your code for you. (By the way, thanks for being up-front about it
    being a school project. The honesty is appreciated, even though we
    would almost certainly be able to tell even if you didn't. :) )

    One last thing: Please get off Google Groups. It makes your posts look
    ugly, which makes you look bad, and that's (probably!) unfair. Use a
    better news client, or subscribe to the mailing list
    and read and post through that. There are a
    number of regulars here who simply trash all Google Groups posts
    unread, because they're just not worth reading - switching clients
    will help you be heard, and will mean you don't annoy people with
    form. Of course, if you want to annoy us with substance, that's your
    God-given right. :)

    ChrisA
    Chris Angelico, Nov 25, 2013
    #2
    1. Advertising

  3. On Monday, 25 November 2013 23:47:52 UTC, Chris Angelico wrote:
    > On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast wrote:
    >
    > > I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

    >
    >
    >
    > Do you actually need to download them from that web site, or can you
    >
    > simply embed them into your code? The latter would be far easier.
    >
    >
    >
    > I'm going to assume that you don't need to do anything more
    >
    > complicated than brute-force these, and I'll also assume that they're
    >
    > unsalted hashes.
    >
    >
    >
    > With a cryptographic hash function, you take text, put it into the
    >
    > function, and get back a number (or a hex or binary string, which
    >
    > comes to the same thing). You can't go from the number to the string;
    >
    > however, you can generate a large number of strings to see if any of
    >
    > them results in the same number. You can take "large number" all the
    >
    > way, and generate every possible string of a certain length, or you
    >
    > can go through a dictionary and generate words. Once you find
    >
    > something that matches, you have a plausible guess that this is the
    >
    > password.
    >
    >
    >
    > There's a basic idea of what "cracking" a hash means. Put a bit of
    >
    > code together, see how you go. If you get stuck, post your code and
    >
    > how you're stuck, and we'll try to help; but we won't simply write
    >
    > your code for you. (By the way, thanks for being up-front about it
    >
    > being a school project. The honesty is appreciated, even though we
    >
    > would almost certainly be able to tell even if you didn't. :) )
    >
    >
    >
    > One last thing: Please get off Google Groups. It makes your posts look
    >
    > ugly, which makes you look bad, and that's (probably!) unfair. Use a
    >
    > better news client, or subscribe to the mailing list
    >
    > and read and post through that. There are a
    >
    > number of regulars here who simply trash all Google Groups posts
    >
    > unread, because they're just not worth reading - switching clients
    >
    > will help you be heard, and will mean you don't annoy people with
    >
    > form. Of course, if you want to annoy us with substance, that's your
    >
    > God-given right. :)
    >
    >
    >
    > ChrisA


    Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.

    What client do you suggest I use instead of google groups?
    TheRandomPast, Nov 26, 2013
    #3
  4. On Tue, Nov 26, 2013 at 11:01 AM, TheRandomPast <> wrote:
    > Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.
    >
    > What client do you suggest I use instead of google groups?


    Personally, I use the mailing list:

    https://mail.python.org/mailman/listinfo/python-list

    You can sign up by email, read the emails, respond to emails.
    Alternatively, look for a news client for your platform - Mozilla
    Thunderbird is a popular option.

    Downloading the hashes from the web site depends a bit on how they're
    formatted. Do you get a plain text file with one per line? Are they
    given in hex? How is it all laid out?

    ChrisA
    Chris Angelico, Nov 26, 2013
    #4
  5. On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:

    > Hi,
    >
    > I have a school project to do where I've to download MD5 Hashes from a
    > particular website and write a code that will crack them.


    A school project. Right. Heh. :)

    And which website's hashes would this be?


    > Does anyone
    > know where I'll find out more information on how to do this? There's
    > only 4 hashes that I need to do so it doesn't have to be a large script
    > just needs to be able to download the hashes from the website. Can
    > anyone help me out?


    The size of the script has nothing to do with the number of hashes you
    have to crack. Whether it is one hash and one million, the script will be
    exactly the same.

    Do you have to write a program to download the hashes, or can you just
    browse to the web address with your browser and save them?

    If you have to write your own program, start here:

    https://duckduckgo.com/?q=python how to download data from the web


    --
    Steven
    Steven D'Aprano, Nov 26, 2013
    #5
  6. On Tuesday, 26 November 2013 02:46:09 UTC, Frank Cui wrote:
    > Hi,
    >
    >
    > I'm assuming you are taking a computer/network security course.
    >
    > Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.
    >
    >
    > With that said, it's possible to "crack" or "decrypt" a md5 hash value bysearching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at http://www.md5crack.com/home.
    >
    > Yatong
    >
    >
    > > From:
    > > Subject: Re: Cracking hashes with Python
    > > Date: Tue, 26 Nov 2013 02:55:58 +0000
    > > To:
    > >
    > > On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:
    > >
    > > > Hi,
    > > >
    > > > I have a school project to do where I've to download MD5 Hashes from a
    > > > particular website and write a code that will crack them.

    > >
    > > A school project. Right. Heh. :)
    > >
    > > And which website's hashes would this be?
    > >
    > >
    > > > Does anyone
    > > > know where I'll find out more information on how to do this? There's
    > > > only 4 hashes that I need to do so it doesn't have to be a large script
    > > > just needs to be able to download the hashes from the website. Can
    > > > anyone help me out?

    > >
    > > The size of the script has nothing to do with the number of hashes you
    > > have to crack. Whether it is one hash and one million, the script will be
    > > exactly the same.
    > >
    > > Do you have to write a program to download the hashes, or can you just
    > > browse to the web address with your browser and save them?
    > >
    > > If you have to write your own program, start here:
    > >
    > > https://duckduckgo.com/?q=python how to download data from the web
    > >
    > >
    > > --
    > > Steven
    > > --
    > > https://mail.python.org/mailman/listinfo/python-list


    Hi, Thanks for answering.

    I have already created a script that downloads the hash values and prints them on my GUI, now I'm just struggling to figure out how to pass these values into the next part of my code to crack them.

    This is the code that downloads them;
    >def getMD5Pass(webpage):
    > print '[*] getMD5Pass()'
    > values = re.findall(r'([a-fA-F\d]{32})', webpage)
    > values.sort()
    > print '[+]', str(len(values)), 'Amount of MD5 passwords found :'


    > for value in values:

    print value


    3d4fe7a00bc6fb52a91685d038733d6f
    cf673f7ee88828c9fb8f6acf2cb08403
    1341daac6408df15c166a3e4580ee4b1

    and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

    >import hashlib
    >def crackMD5Hash():
    > md5Hash = raw_input('What is the Hash to be decrypted : ')



    This is as far as I've gotten so far. It's back to the drawing board.
    TheRandomPast, Nov 26, 2013
    #6
  7. On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <> wrote:
    > and I've started the second part, the part to crack them. If anyone couldtell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.


    Okay. This is where the irreversible nature of hash functions comes
    into play. You can't actually take the hash and go back to the
    password; what you have to do is try lots of passwords and find one
    that has the right hash.

    Python has a data structure that lets you store keys and values, and
    then see whether the key you're looking for is there. See if you can
    use that.

    ChrisA
    Chris Angelico, Nov 26, 2013
    #7
  8. Hi,

    Thanks. From what I've been able to find online I've created a dictionary
    file with words and the words I know the hash values to be and I'm trying
    to get it to use that however when I run this I get no errors but it
    doesn't do anything, like ask me to input my hash value. Am i just being
    stupid?

    >import sys, re, hashlib


    >def chklength(hashes):
    > if len(hashes) != 32:
    > print '[-] Improper length for md5 hash.'
    > sys.exit(1)


    >def dict_check():
    > md5hashes = raw_input('\nPlease enter the Hash value to be decrypted:

    ')
    > chklength(md5hashes)



    >wordlist = open('C:\dictionary.txt', r)
    >try:
    > words = wordlist
    >except(IOError):
    > print "[-] Error: Check the path.\n"
    >sys.exit(1)


    >words = words.readlines()
    >print "\n",len(words),"words loading…"


    >for word in words:
    > hash = hashlib.md5(word[:-1])
    > value = hash.hexdigest()


    >if hashes == value:
    > print "[+] Password is:"+word,"\n"
    >sys.exit(0)



    >print('\n1 – Dictionary Check')
    >print('2 – Exit')
    >selection = raw_input('\nSelect an option from above: ')
    >sys.stdout.flush()


    >if selection == "1":
    > dict_attack()
    > pass
    >elif selection == "2":
    > sys.exit(0



    On Tue, Nov 26, 2013 at 10:39 AM, Chris Angelico <> wrote:

    > On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast <>
    > wrote:
    > > and I've started the second part, the part to crack them. If anyone

    > could tell me where I'd find more information on this subject and how to
    > crack them that would be great. As I print them on screen I was thinking I
    > could write a program that allows the md5 to be entered and then cracked.
    >
    > Okay. This is where the irreversible nature of hash functions comes
    > into play. You can't actually take the hash and go back to the
    > password; what you have to do is try lots of passwords and find one
    > that has the right hash.
    >
    > Python has a data structure that lets you store keys and values, and
    > then see whether the key you're looking for is there. See if you can
    > use that.
    >
    > ChrisA
    > --
    > https://mail.python.org/mailman/listinfo/python-list
    >
    TheRandomPast ., Nov 26, 2013
    #8
  9. On Tue, Nov 26, 2013 at 10:46 PM, TheRandomPast .
    <> wrote:
    > Thanks. From what I've been able to find online I've created a dictionary
    > file with words and the words I know the hash values to be and I'm trying to
    > get it to use that however when I run this I get no errors but it doesn't do
    > anything, like ask me to input my hash value. Am i just being stupid?


    The code you've pasted to us is a bit mangled. Can you try to post a
    clean copy, please? No angle brackets in front of the lines, and
    getting the indentation correct, because I think this might be your
    problem:

    >wordlist = open('C:\dictionary.txt', r)
    >try:
    > words = wordlist
    >except(IOError):
    > print "[-] Error: Check the path.\n"
    >sys.exit(1)


    The first part of the problem is that the sys.exit() call isn't
    indented, so it's executed whether there's an exception thrown or not.

    The second part of the problem is that you're catching an exception
    only to emit a message and terminate. Don't. :) Just let the exception
    happen; it'll... emit a message and terminate.

    The third part of the problem is that you're bracketing the wrong part
    of the code in the try/except. The simple assignment isn't going to
    fail - the open call will. (Or maybe the readlines below it, but more
    likely the open.)

    So here's the fixed version of the above code:

    words = open('C:/dictionary.txt', r)

    Yep, it's really that simple. (Though there's another fragility in
    what you had: the use of \d in a quoted string. It happens to have no
    meaning, so it happens to work, but if you use "c:\textfile.txt",
    you'll get quite the wrong result. You can double the backslash
    "c:\\dictionary.txt", or you can use a raw string
    r"c:\dictionary.txt", or you can use a forward slash, as I did above.)

    See if that helps. If not, posting a clean copy of your current code
    will help a lot.

    ChrisA
    Chris Angelico, Nov 26, 2013
    #9
  10. TheRandomPast

    Robert Kern Guest

    On 2013-11-26 10:30, TheRandomPast wrote:

    > and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great.


    What resources did your teacher give you? What have you been taught in class
    about this subject?

    --
    Robert Kern

    "I have come to believe that the whole world is an enigma, a harmless enigma
    that is made terrible by our own mad attempt to interpret it as though it had
    an underlying truth."
    -- Umberto Eco
    Robert Kern, Nov 26, 2013
    #10
  11. @RobertKern

    - Teacher has taught us nothing about MD5. This being the script he wanted
    us to write came as a surprise to everyone but complaints about projects
    are constantly ignored. This particular teacher is complained about for
    this reason every year but nothing ever changes.


    This is my code. I hope it looks better? I'm sorry if it doesn't. I'm
    trying to get the hang of posting by email :)

    Code:
     import sys, re, hashlib
    
    def dict_attack():
    hashes = raw_input('\nPlease specify hash value: ')
    chklength(hashes)
    
    def chklength(hashes):
    if len(hashes) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)
    
    
    wordlist = open('C:/dictionary.txt')
    try:
    words = wordlist
    except(IOError):
    print "[-] Error: Check your  path.\n"
    sys.exit(1)
    
    words = open('C:/dictionary.txt')
    print "\n",len(words),"words loaded…" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()
    
    for word in words:
    hash = hashlib.md5(word[:-1])
    value = hash.hexdigest()
    
    if hashes == value:
    print "[+] Password is:"+word,"\n"
    sys.exit(0)
    
    
    print('\n1 – Dictionary Check')
    print('2 – Exit')
    selection = raw_input('\nSelect an option from above: ')
    sys.stdout.flush()
    
    if selection == "1":
    dict_attack()
    pass
    elif selection == "2":
    sys.exit(0)

    print "\n",len(words),"words loaded…" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()
    - I'm guessing this is because it's not picking up my file but I can't see
    why it shouldn't?


    On Tue, Nov 26, 2013 at 1:00 PM, Robert Kern <> wrote:

    > On 2013-11-26 10:30, TheRandomPast wrote:
    >
    > and I've started the second part, the part to crack them. If anyone could
    >> tell me where I'd find more information on this subject and how to crack
    >> them that would be great.
    >>

    >
    > What resources did your teacher give you? What have you been taught in
    > class about this subject?
    >
    > --
    > Robert Kern
    >
    > "I have come to believe that the whole world is an enigma, a harmless
    > enigma
    > that is made terrible by our own mad attempt to interpret it as though it
    > had
    > an underlying truth."
    > -- Umberto Eco
    >
    > --
    > https://mail.python.org/mailman/listinfo/python-list
    >
    TheRandomPast ., Nov 26, 2013
    #11
  12. On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
    <> wrote:
    > This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
    > to get the hang of posting by email :)


    There are no BBCode tags here, so
    Code:
     doesn't help you at all.
    Other than that, looks good. Though if you're going to annotate your
    code, please mark your comments with a hash; that way, we can simply
    copy and paste your code and run it, which is a huge help. (In this
    case, I can see what's going on without running it, but that's not
    always true. Sometimes my crystal ball is faulty.)
    [color=blue]
    > wordlist = open('C:/dictionary.txt')
    > try:
    >     words = wordlist
    > except(IOError):
    >     print "[-] Error: Check your  path.\n"
    >     sys.exit(1)[/color]
    
    This now is functional but completely useless. You can drop this whole
    block of code.
    [color=blue]
    > words = open('C:/dictionary.txt')
    > print "\n",len(words),"words loaded…" (This line now throws up an error
    > where it wasn't before: TypeError: object of type 'file' has no len()[/color]
    
    The problem is that you've left out the readlines() call, so you now
    aren't looking at a list, you're looking at the file object itself.
    But take heart! A file object is iterable, so as long as you don't
    mind losing this line of status display, it'll all work.
    [color=blue]
    > for word in words:
    >     hash = hashlib.md5(word[:-1])
    >     value = hash.hexdigest()[/color]
    
    This is all very well, but you actually don't do anything with the
    hash and the value. Tip: This would be a good place to stash them all
    somewhere so you can look them up quickly.
    
    Side point: You're currently assuming that each word you get is
    terminated by exactly a single newline. It'd be clearer to, instead of
    slicing off the last character with the smiley [:-1] (not sure what
    that represents - maybe he has a pen lid sticking out of his mouth?),
    try stripping off whitespace. Strings have a method that'll do that
    for you.
    [color=blue]
    > if hashes == value:
    >     print "[+] Password is:"+word,"\n"
    >     sys.exit(0)[/color]
    
    This is where you'd look up in what you've stashed, except that at no
    point before this do you query the user for the hash to look up.
    
    I recommend you think in terms of an initialization phase, and then a
    loop in which you ask the user for input. That would be the most
    normal way to do things. As it is, there's no loop, so having an
    "exit" option is actually fairly useless.
    
    By the way, are you also learning about Python 3, or are you
    exclusively studying Python 2? Python 2 is now a dead end; no new
    features are being added to it, and it's to be supported with some bug
    fixes for a while, and then security patches only after that;
    meanwhile, Python 3 just keeps on getting better. We're now able to
    play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
    (which added a veritable ton of awesomeness over 3.2), and there are
    features slated for 3.5 after that. Even if your course is teaching
    only the old version, it'd be good for you, as a programmer, to
    explore the differences in the new version; the sooner you get your
    head around the difference between Unicode strings and collections of
    bytes, the easier your life will be, and Py3 makes that distinction a
    lot clearer than Py2 did.
    
    ChrisA
    Chris Angelico, Nov 26, 2013
    #12
  13. Thanks. I'll take that on board and let you know how I get on.

    Thanks for all your help.


    On Tue, Nov 26, 2013 at 2:46 PM, Chris Angelico <> wrote:

    > On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
    > <> wrote:
    > > This is my code. I hope it looks better? I'm sorry if it doesn't. I'm

    > trying
    > > to get the hang of posting by email :)

    >
    > There are no BBCode tags here, so
    Code:
     doesn't help you at all.
    > Other than that, looks good. Though if you're going to annotate your
    > code, please mark your comments with a hash; that way, we can simply
    > copy and paste your code and run it, which is a huge help. (In this
    > case, I can see what's going on without running it, but that's not
    > always true. Sometimes my crystal ball is faulty.)
    >[color=green]
    > > wordlist = open('C:/dictionary.txt')
    > > try:
    > >     words = wordlist
    > > except(IOError):
    > >     print "[-] Error: Check your  path.\n"
    > >     sys.exit(1)[/color]
    >
    > This now is functional but completely useless. You can drop this whole
    > block of code.
    >[color=green]
    > > words = open('C:/dictionary.txt')
    > > print "\n",len(words),"words loaded…" (This line now throws up an error
    > > where it wasn't before: TypeError: object of type 'file' has no len()[/color]
    >
    > The problem is that you've left out the readlines() call, so you now
    > aren't looking at a list, you're looking at the file object itself.
    > But take heart! A file object is iterable, so as long as you don't
    > mind losing this line of status display, it'll all work.
    >[color=green]
    > > for word in words:
    > >     hash = hashlib.md5(word[:-1])
    > >     value = hash.hexdigest()[/color]
    >
    > This is all very well, but you actually don't do anything with the
    > hash and the value. Tip: This would be a good place to stash them all
    > somewhere so you can look them up quickly.
    >
    > Side point: You're currently assuming that each word you get is
    > terminated by exactly a single newline. It'd be clearer to, instead of
    > slicing off the last character with the smiley [:-1] (not sure what
    > that represents - maybe he has a pen lid sticking out of his mouth?),
    > try stripping off whitespace. Strings have a method that'll do that
    > for you.
    >[color=green]
    > > if hashes == value:
    > >     print "[+] Password is:"+word,"\n"
    > >     sys.exit(0)[/color]
    >
    > This is where you'd look up in what you've stashed, except that at no
    > point before this do you query the user for the hash to look up.
    >
    > I recommend you think in terms of an initialization phase, and then a
    > loop in which you ask the user for input. That would be the most
    > normal way to do things. As it is, there's no loop, so having an
    > "exit" option is actually fairly useless.
    >
    > By the way, are you also learning about Python 3, or are you
    > exclusively studying Python 2? Python 2 is now a dead end; no new
    > features are being added to it, and it's to be supported with some bug
    > fixes for a while, and then security patches only after that;
    > meanwhile, Python 3 just keeps on getting better. We're now able to
    > play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
    > (which added a veritable ton of awesomeness over 3.2), and there are
    > features slated for 3.5 after that. Even if your course is teaching
    > only the old version, it'd be good for you, as a programmer, to
    > explore the differences in the new version; the sooner you get your
    > head around the difference between Unicode strings and collections of
    > bytes, the easier your life will be, and Py3 makes that distinction a
    > lot clearer than Py2 did.
    >
    > ChrisA
    > --
    > https://mail.python.org/mailman/listinfo/python-list
    >[/color]
    TheRandomPast ., Nov 26, 2013
    #13
  14. On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:

    >> for value in values:

    > print value


    ...........^^^^^^^^^^^

    so change this to:
    crackMD5Hash( value )

    >> import hashlib
    >> def crackMD5Hash():


    Nah ....

    def crackMD5Hash( hash ):
    print "cracking hash:", hash
    some code goes here ...
    print "original string was:", result

    Algorithms for cracking md5 hashes is not a python topic, but rather a
    cryptography topic. When you find an algorithm to use, then if you have
    trouble converting it into code we may be able to help with that bit.

    --
    Denis McMahon,
    Denis McMahon, Nov 26, 2013
    #14
  15. On Tue, 26 Nov 2013 14:18:33 +0000, TheRandomPast . wrote:

    > - Teacher has taught us nothing about MD5. This being the script he
    > wanted us to write came as a surprise to everyone but complaints about
    > projects are constantly ignored. This particular teacher is complained
    > about for this reason every year but nothing ever changes.


    ok .... forget about python for a minute.

    write down the steps you need to follow to solve the problem in plain
    english.

    1) Get the list of hashes from a website
    2) Brute force the hashes using a dictionary

    But 2 needs a dictionary:

    1) Load a dictionary
    2) Get the list of hashes from a website
    3) Brute force the hashes using a dictionary

    So you need a function to load the dictionary (from a local file?), a
    function to get the list of hashes, a function to try and brute force a
    hash using the dictionary, and some logic to tie it all together.

    global data: list of words, list of hashes

    load_dictionary ( file )
    read the words from the file

    get_hashes( url )
    read the hashes from the url

    brute_force()
    do every hash in hashes
    do every word in words
    if md5( word ) is hash
    solved this hash!

    load_dictionary( "dictionary file name" )
    get_hashes( "http://www.website.tld/path/file.ext" )
    brute_force()

    --
    Denis McMahon,
    Denis McMahon, Nov 26, 2013
    #15
  16. This is my code

    import md5
    import sys

    def chklength(hashes):
    if len(hashes) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)
    characters=range(48,57)+range(65,90)+range(97,122)
    def checkPassword(password):
    #print password
    m = md5.new(password)
    if (m.hexdigest() == hash):
    print "match [" + password + "]"
    sys.exit()

    def recurse(width, position, baseString):
    for char in characters:
    if (position < width - 1):
    recurse(width, position + 1, baseString + "%c" % char)
    checkPassword(baseString + "%c" % char)
    print "Target Hash [" + hash+ " string: "+ baseString
    def brute_force():
    maxChars = 32
    for baseWidth in range(1, maxChars + 1):
    print "checking passwords width [" + `baseWidth` + "]"
    recurse(baseWidth, 0, "")
    def dictionary():
    for line in File.readlines():
    checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
    chklength()
    brute_force()
    else:
    if(option==0):
    File=open("dict.txt")
    chklength()
    dictionary()
    else:
    print "You picked wrong!"

    IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why not?
    I'm stumped.


    On Tue, Nov 26, 2013 at 6:17 PM, Denis McMahon <>wrote:

    > On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:
    >
    > >> for value in values:

    > > print value

    >
    > ..........^^^^^^^^^^^
    >
    > so change this to:
    > crackMD5Hash( value )
    >
    > >> import hashlib
    > >> def crackMD5Hash():

    >
    > Nah ....
    >
    > def crackMD5Hash( hash ):
    > print "cracking hash:", hash
    > some code goes here ...
    > print "original string was:", result
    >
    > Algorithms for cracking md5 hashes is not a python topic, but rather a
    > cryptography topic. When you find an algorithm to use, then if you have
    > trouble converting it into code we may be able to help with that bit.
    >
    > --
    > Denis McMahon,
    > --
    > https://mail.python.org/mailman/listinfo/python-list
    >
    TheRandomPast ., Nov 26, 2013
    #16
  17. On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence <> wrote:
    > On 26/11/2013 23:06, TheRandomPast . wrote:
    >> I'm stumped.

    >
    > Good to see another cricketer on the list :)


    May I be bowled enough to suggest that "stumped" doesn't necessarily
    imply a background in cricket?

    *dives for cover*

    ChrisA
    Chris Angelico, Nov 27, 2013
    #17
  18. TheRandomPast

    Tim Delaney Guest

    On 27 November 2013 13:28, Chris Angelico <> wrote:

    > On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence <>
    > wrote:
    > > On 26/11/2013 23:06, TheRandomPast . wrote:
    > >> I'm stumped.

    > >
    > > Good to see another cricketer on the list :)

    >
    > May I be bowled enough to suggest that "stumped" doesn't necessarily
    > imply a background in cricket?
    >
    > *dives for cover*
    >


    Surely that should have been "drives for cover" ;) I guess I'll play on ...

    Before I go look it up, I'm guessing that the etymology of "stumped" is
    actually coming from the problem of a plough getting stuck on a stump (i.e.
    can't progress any further). Not much of an issue anymore since the
    invention of the stump-jump plough:
    https://en.wikipedia.org/wiki/Stump-jump_plough

    (Looked it up, my guess is considered the most likely origin of the term).

    Tim Delaney
    Tim Delaney, Nov 27, 2013
    #18
  19. On Wed, Nov 27, 2013 at 1:55 PM, Tim Delaney
    <> wrote:
    > Before I go look it up, I'm guessing that the etymology of "stumped" is
    > actually coming from the problem of a plough getting stuck on a stump (i.e.
    > can't progress any further). Not much of an issue anymore since the
    > invention of the stump-jump plough:
    > https://en.wikipedia.org/wiki/Stump-jump_plough
    >


    Australian inventiveness! We were too lazy to dig out the stumps
    before ploughing, so we came up with a solution.

    ChrisA
    Chris Angelico, Nov 27, 2013
    #19
  20. Hi,

    So apparently when I've been staring at code all day and tired my brain
    doesn't tell my hands to type half of what I want it to. I apologise for my
    last post.

    This is my code;

    import md5
    import sys

    characters=range(48,57)+range(65,90)+range(97,122)

    def chklength(hash):
    if len(hash) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)

    def checkPassword(password):
    #print password
    m = md5.new(password)
    if (m.hexdigest() == hash):
    print "match [" + password + "]"
    sys.exit()

    def recurse(width, position, baseString):
    for char in characters:
    if (position < width - 1):
    recurse(width, position + 1, baseString + "%c" % char)
    checkPassword(baseString + "%c" % char)
    print "Target Hash [" + hash+ " string: "+ baseString

    def brute_force():
    maxChars = 32
    for baseWidth in range(1, maxChars + 1):
    print "checking passwords width [" + `baseWidth` + "]"
    recurse(baseWidth, 0, "")

    def dictionary():
    for line in File.readlines():
    checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=raw_input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
    chklength()
    brute_force()
    else:
    if(option==0):
    File=open("C:\dictionary.txt")
    chklength()
    dictionary()
    else:
    print "Wrong method!"

    And dictionary is working, as is the brute force however the issue I have
    having is with my chklength() as no matter how many characters I input it
    skips the !=32 and goes straight to asking the user to chose either Brute
    Force or Dictionary. I want an error to be shown if the hash is less than
    or more than 32 characters but at present this chklength() doesn't work as
    I thought it would.

    Can anyone point out an obvious error that I am missing?


    On Wed, Nov 27, 2013 at 2:58 AM, Chris Angelico <> wrote:

    > On Wed, Nov 27, 2013 at 1:55 PM, Tim Delaney
    > <> wrote:
    > > Before I go look it up, I'm guessing that the etymology of "stumped" is
    > > actually coming from the problem of a plough getting stuck on a stump

    > (i.e.
    > > can't progress any further). Not much of an issue anymore since the
    > > invention of the stump-jump plough:
    > > https://en.wikipedia.org/wiki/Stump-jump_plough
    > >

    >
    > Australian inventiveness! We were too lazy to dig out the stumps
    > before ploughing, so we came up with a solution.
    >
    > ChrisA
    > --
    > https://mail.python.org/mailman/listinfo/python-list
    >
    TheRandomPast ., Nov 27, 2013
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Julie
    Replies:
    140
    Views:
    4,958
    George Neuner
    Jun 6, 2004
  2. Bart Torbert

    Cracking C structure

    Bart Torbert, Sep 8, 2004, in forum: C Programming
    Replies:
    2
    Views:
    561
    Ira Baxter
    Sep 10, 2004
  3. Tim O'Donovan

    Hash of hashes, of hashes, of arrays of hashes

    Tim O'Donovan, Oct 27, 2005, in forum: Perl Misc
    Replies:
    5
    Views:
    201
  4. Marc
    Replies:
    0
    Views:
    61
  5. Laszlo Nagy

    Re: Cracking hashes with Python

    Laszlo Nagy, Nov 27, 2013, in forum: Python
    Replies:
    0
    Views:
    79
    Laszlo Nagy
    Nov 27, 2013
Loading...

Share This Page