Cracking hashes with Python

[TheRandomPast]

Hi,

I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

 

[Chris Angelico]

I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashesthat I need to do so it doesn't have to be a large script just needs to beable to download the hashes from the website. Can anyone help me out?

Do you actually need to download them from that web site, or can you
simply embed them into your code? The latter would be far easier.

I'm going to assume that you don't need to do anything more
complicated than brute-force these, and I'll also assume that they're
unsalted hashes.

With a cryptographic hash function, you take text, put it into the
function, and get back a number (or a hex or binary string, which
comes to the same thing). You can't go from the number to the string;
however, you can generate a large number of strings to see if any of
them results in the same number. You can take "large number" all the
way, and generate every possible string of a certain length, or you
can go through a dictionary and generate words. Once you find
something that matches, you have a plausible guess that this is the
password.

There's a basic idea of what "cracking" a hash means. Put a bit of
code together, see how you go. If you get stuck, post your code and
how you're stuck, and we'll try to help; but we won't simply write
your code for you. (By the way, thanks for being up-front about it
being a school project. The honesty is appreciated, even though we
would almost certainly be able to tell even if you didn't. )

One last thing: Please get off Google Groups. It makes your posts look
ugly, which makes you look bad, and that's (probably!) unfair. Use a
better news client, or subscribe to the mailing list
(e-mail address removed) and read and post through that. There are a
number of regulars here who simply trash all Google Groups posts
unread, because they're just not worth reading - switching clients
will help you be heard, and will mean you don't annoy people with
form. Of course, if you want to annoy us with substance, that's your
God-given right.

ChrisA

 

[TheRandomPast]

Do you actually need to download them from that web site, or can you

simply embed them into your code? The latter would be far easier.



I'm going to assume that you don't need to do anything more

complicated than brute-force these, and I'll also assume that they're

unsalted hashes.



With a cryptographic hash function, you take text, put it into the

function, and get back a number (or a hex or binary string, which

comes to the same thing). You can't go from the number to the string;

however, you can generate a large number of strings to see if any of

them results in the same number. You can take "large number" all the

way, and generate every possible string of a certain length, or you

can go through a dictionary and generate words. Once you find

something that matches, you have a plausible guess that this is the

password.



There's a basic idea of what "cracking" a hash means. Put a bit of

code together, see how you go. If you get stuck, post your code and

how you're stuck, and we'll try to help; but we won't simply write

your code for you. (By the way, thanks for being up-front about it

being a school project. The honesty is appreciated, even though we

would almost certainly be able to tell even if you didn't. )



One last thing: Please get off Google Groups. It makes your posts look

ugly, which makes you look bad, and that's (probably!) unfair. Use a

better news client, or subscribe to the mailing list

(e-mail address removed) and read and post through that. There are a

number of regulars here who simply trash all Google Groups posts

unread, because they're just not worth reading - switching clients

will help you be heard, and will mean you don't annoy people with

form. Of course, if you want to annoy us with substance, that's your

God-given right.



ChrisA

Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.

What client do you suggest I use instead of google groups?

 

[Chris Angelico]

Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.

What client do you suggest I use instead of google groups?

Personally, I use the mailing list:

https://mail.python.org/mailman/listinfo/python-list

You can sign up by email, read the emails, respond to emails.
Alternatively, look for a news client for your platform - Mozilla
Thunderbird is a popular option.

Downloading the hashes from the web site depends a bit on how they're
formatted. Do you get a plain text file with one per line? Are they
given in hex? How is it all laid out?

ChrisA

 

[Steven D'Aprano]

Hi,

I have a school project to do where I've to download MD5 Hashes from a
particular website and write a code that will crack them.

A school project. Right. Heh.

And which website's hashes would this be?

Does anyone
know where I'll find out more information on how to do this? There's
only 4 hashes that I need to do so it doesn't have to be a large script
just needs to be able to download the hashes from the website. Can
anyone help me out?

The size of the script has nothing to do with the number of hashes you
have to crack. Whether it is one hash and one million, the script will be
exactly the same.

Do you have to write a program to download the hashes, or can you just
browse to the web address with your browser and save them?

If you have to write your own program, start here:

https://duckduckgo.com/?q=python+how+to+download+data+from+the+web

 

[TheRandomPast]

Hi,


I'm assuming you are taking a computer/network security course.

Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.


With that said, it's possible to "crack" or "decrypt" a md5 hash value bysearching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at http://www.md5crack.com/home.

Yatong

Hi, Thanks for answering.

I have already created a script that downloads the hash values and prints them on my GUI, now I'm just struggling to figure out how to pass these values into the next part of my code to crack them.

This is the code that downloads them;

def getMD5Pass(webpage):
print '[*] getMD5Pass()'
values = re.findall(r'([a-fA-F\d]{32})', webpage)
values.sort()
print '[+]', str(len(values)), 'Amount of MD5 passwords found :'

for value in values:

print value


3d4fe7a00bc6fb52a91685d038733d6f
cf673f7ee88828c9fb8f6acf2cb08403
1341daac6408df15c166a3e4580ee4b1

and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

import hashlib
def crackMD5Hash():
md5Hash = raw_input('What is the Hash to be decrypted : ')

This is as far as I've gotten so far. It's back to the drawing board.

 

[Chris Angelico]

and I've started the second part, the part to crack them. If anyone couldtell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

Okay. This is where the irreversible nature of hash functions comes
into play. You can't actually take the hash and go back to the
password; what you have to do is try lots of passwords and find one
that has the right hash.

Python has a data structure that lets you store keys and values, and
then see whether the key you're looking for is there. See if you can
use that.

ChrisA

 

[TheRandomPast .]

Hi,

Thanks. From what I've been able to find online I've created a dictionary
file with words and the words I know the hash values to be and I'm trying
to get it to use that however when I run this I get no errors but it
doesn't do anything, like ask me to input my hash value. Am i just being
stupid?

import sys, re, hashlib

def chklength(hashes):
if len(hashes) != 32:
print '[-] Improper length for md5 hash.'
sys.exit(1)

def dict_check():
md5hashes = raw_input('\nPlease enter the Hash value to be decrypted: ')

chklength(md5hashes)

wordlist = open('C:\dictionary.txt', r)
try:
words = wordlist
except(IOError):
print "[-] Error: Check the path.\n"
sys.exit(1)

words = words.readlines()
print "\n",len(words),"words loading…"

for word in words:
hash = hashlib.md5(word[:-1])
value = hash.hexdigest()

if hashes == value:
print "[+] Password is:"+word,"\n"
sys.exit(0)

print('\n1 – Dictionary Check')
print('2 – Exit')
selection = raw_input('\nSelect an option from above: ')
sys.stdout.flush()

 

[Chris Angelico]

Thanks. From what I've been able to find online I've created a dictionary
file with words and the words I know the hash values to be and I'm trying to
get it to use that however when I run this I get no errors but it doesn't do
anything, like ask me to input my hash value. Am i just being stupid?

The code you've pasted to us is a bit mangled. Can you try to post a
clean copy, please? No angle brackets in front of the lines, and
getting the indentation correct, because I think this might be your
problem:

wordlist = open('C:\dictionary.txt', r)
try:
words = wordlist
except(IOError):
print "[-] Error: Check the path.\n"
sys.exit(1)

The first part of the problem is that the sys.exit() call isn't
indented, so it's executed whether there's an exception thrown or not.

The second part of the problem is that you're catching an exception
only to emit a message and terminate. Don't. Just let the exception
happen; it'll... emit a message and terminate.

The third part of the problem is that you're bracketing the wrong part
of the code in the try/except. The simple assignment isn't going to
fail - the open call will. (Or maybe the readlines below it, but more
likely the open.)

So here's the fixed version of the above code:

words = open('C:/dictionary.txt', r)

Yep, it's really that simple. (Though there's another fragility in
what you had: the use of \d in a quoted string. It happens to have no
meaning, so it happens to work, but if you use "c:\textfile.txt",
you'll get quite the wrong result. You can double the backslash
"c:\\dictionary.txt", or you can use a raw string
r"c:\dictionary.txt", or you can use a forward slash, as I did above.)

See if that helps. If not, posting a clean copy of your current code
will help a lot.

ChrisA

 

[Robert Kern]

and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great.

What resources did your teacher give you? What have you been taught in class
about this subject?

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

 

[TheRandomPast .]

@RobertKern

- Teacher has taught us nothing about MD5. This being the script he wanted
us to write came as a surprise to everyone but complaints about projects
are constantly ignored. This particular teacher is complained about for
this reason every year but nothing ever changes.


This is my code. I hope it looks better? I'm sorry if it doesn't. I'm
trying to get the hang of posting by email

 import sys, re, hashlib

def dict_attack():
hashes = raw_input('\nPlease specify hash value: ')
chklength(hashes)

def chklength(hashes):
if len(hashes) != 32:
print '[-] Improper length for md5 hash.'
sys.exit(1)


wordlist = open('C:/dictionary.txt')
try:
words = wordlist
except(IOError):
print "[-] Error: Check your  path.\n"
sys.exit(1)

words = open('C:/dictionary.txt')
print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()

for word in words:
hash = hashlib.md5(word[:-1])
value = hash.hexdigest()

if hashes == value:
print "[+] Password is:"+word,"\n"
sys.exit(0)


print('\n1 – Dictionary Check')
print('2 – Exit')
selection = raw_input('\nSelect an option from above: ')
sys.stdout.flush()

if selection == "1":
dict_attack()
pass
elif selection == "2":
sys.exit(0)

print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()
- I'm guessing this is because it's not picking up my file but I can't see
why it shouldn't?

 

[Chris Angelico]

This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
to get the hang of posting by email

There are no BBCode tags here, so

 doesn't help you at all.
Other than that, looks good. Though if you're going to annotate your
code, please mark your comments with a hash; that way, we can simply
copy and paste your code and run it, which is a huge help. (In this
case, I can see what's going on without running it, but that's not
always true. Sometimes my crystal ball is faulty.)
[QUOTE]
wordlist = open('C:/dictionary.txt')
try:
words = wordlist
except(IOError):
print "[-] Error: Check your  path.\n"
sys.exit(1)[/QUOTE]

This now is functional but completely useless. You can drop this whole
block of code.
[QUOTE]
words = open('C:/dictionary.txt')
print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()[/QUOTE]

The problem is that you've left out the readlines() call, so you now
aren't looking at a list, you're looking at the file object itself.
But take heart! A file object is iterable, so as long as you don't
mind losing this line of status display, it'll all work.
[QUOTE]
for word in words:
hash = hashlib.md5(word[:-1])
value = hash.hexdigest()[/QUOTE]

This is all very well, but you actually don't do anything with the
hash and the value. Tip: This would be a good place to stash them all
somewhere so you can look them up quickly.

Side point: You're currently assuming that each word you get is
terminated by exactly a single newline. It'd be clearer to, instead of
slicing off the last character with the smiley [:-1] (not sure what
that represents - maybe he has a pen lid sticking out of his mouth?),
try stripping off whitespace. Strings have a method that'll do that
for you.
[QUOTE]
if hashes == value:
print "[+] Password is:"+word,"\n"
sys.exit(0)[/QUOTE]

This is where you'd look up in what you've stashed, except that at no
point before this do you query the user for the hash to look up.

I recommend you think in terms of an initialization phase, and then a
loop in which you ask the user for input. That would be the most
normal way to do things. As it is, there's no loop, so having an
"exit" option is actually fairly useless.

By the way, are you also learning about Python 3, or are you
exclusively studying Python 2? Python 2 is now a dead end; no new
features are being added to it, and it's to be supported with some bug
fixes for a while, and then security patches only after that;
meanwhile, Python 3 just keeps on getting better. We're now able to
play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
(which added a veritable ton of awesomeness over 3.2), and there are
features slated for 3.5 after that. Even if your course is teaching
only the old version, it'd be good for you, as a programmer, to
explore the differences in the new version; the sooner you get your
head around the difference between Unicode strings and collections of
bytes, the easier your life will be, and Py3 makes that distinction a
lot clearer than Py2 did.

ChrisA

 

[TheRandomPast .]

Thanks. I'll take that on board and let you know how I get on.

Thanks for all your help.

This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
to get the hang of posting by email

There are no BBCode tags here, so

 doesn't help you at all.
Other than that, looks good. Though if you're going to annotate your
code, please mark your comments with a hash; that way, we can simply
copy and paste your code and run it, which is a huge help. (In this
case, I can see what's going on without running it, but that's not
always true. Sometimes my crystal ball is faulty.)
[QUOTE]
wordlist = open('C:/dictionary.txt')
try:
words = wordlist
except(IOError):
print "[-] Error: Check your  path.\n"
sys.exit(1)[/QUOTE]

This now is functional but completely useless. You can drop this whole
block of code.
[QUOTE]
words = open('C:/dictionary.txt')
print "\n",len(words),"words loaded…" (This line now throws up an error
where it wasn't before: TypeError: object of type 'file' has no len()[/QUOTE]

The problem is that you've left out the readlines() call, so you now
aren't looking at a list, you're looking at the file object itself.
But take heart! A file object is iterable, so as long as you don't
mind losing this line of status display, it'll all work.
[QUOTE]
for word in words:
hash = hashlib.md5(word[:-1])
value = hash.hexdigest()[/QUOTE]

This is all very well, but you actually don't do anything with the
hash and the value. Tip: This would be a good place to stash them all
somewhere so you can look them up quickly.

Side point: You're currently assuming that each word you get is
terminated by exactly a single newline. It'd be clearer to, instead of
slicing off the last character with the smiley [:-1] (not sure what
that represents - maybe he has a pen lid sticking out of his mouth?),
try stripping off whitespace. Strings have a method that'll do that
for you.
[QUOTE]
if hashes == value:
print "[+] Password is:"+word,"\n"
sys.exit(0)[/QUOTE]

This is where you'd look up in what you've stashed, except that at no
point before this do you query the user for the hash to look up.

I recommend you think in terms of an initialization phase, and then a
loop in which you ask the user for input. That would be the most
normal way to do things. As it is, there's no loop, so having an
"exit" option is actually fairly useless.

By the way, are you also learning about Python 3, or are you
exclusively studying Python 2? Python 2 is now a dead end; no new
features are being added to it, and it's to be supported with some bug
fixes for a while, and then security patches only after that;
meanwhile, Python 3 just keeps on getting better. We're now able to
play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
(which added a veritable ton of awesomeness over 3.2), and there are
features slated for 3.5 after that. Even if your course is teaching
only the old version, it'd be good for you, as a programmer, to
explore the differences in the new version; the sooner you get your
head around the difference between Unicode strings and collections of
bytes, the easier your life will be, and Py3 makes that distinction a
lot clearer than Py2 did.

ChrisA[/QUOTE]

 

[Denis McMahon]

print value

...........^^^^^^^^^^^

so change this to:
crackMD5Hash( value )

Nah ....

def crackMD5Hash( hash ):
print "cracking hash:", hash
some code goes here ...
print "original string was:", result

Algorithms for cracking md5 hashes is not a python topic, but rather a
cryptography topic. When you find an algorithm to use, then if you have
trouble converting it into code we may be able to help with that bit.

 

[Denis McMahon]

- Teacher has taught us nothing about MD5. This being the script he
wanted us to write came as a surprise to everyone but complaints about
projects are constantly ignored. This particular teacher is complained
about for this reason every year but nothing ever changes.

ok .... forget about python for a minute.

write down the steps you need to follow to solve the problem in plain
english.

1) Get the list of hashes from a website
2) Brute force the hashes using a dictionary

But 2 needs a dictionary:

1) Load a dictionary
2) Get the list of hashes from a website
3) Brute force the hashes using a dictionary

So you need a function to load the dictionary (from a local file?), a
function to get the list of hashes, a function to try and brute force a
hash using the dictionary, and some logic to tie it all together.

global data: list of words, list of hashes

load_dictionary ( file )
read the words from the file

get_hashes( url )
read the hashes from the url

brute_force()
do every hash in hashes
do every word in words
if md5( word ) is hash
solved this hash!

load_dictionary( "dictionary file name" )
get_hashes( "http://www.website.tld/path/file.ext" )
brute_force()

 

[TheRandomPast .]

This is my code

import md5
import sys

def chklength(hashes):
if len(hashes) != 32:
print '[-] Improper length for md5 hash.'
sys.exit(1)
characters=range(48,57)+range(65,90)+range(97,122)
def checkPassword(password):
#print password
m = md5.new(password)
if (m.hexdigest() == hash):
print "match [" + password + "]"
sys.exit()

def recurse(width, position, baseString):
for char in characters:
if (position < width - 1):
recurse(width, position + 1, baseString + "%c" % char)
checkPassword(baseString + "%c" % char)
print "Target Hash [" + hash+ " string: "+ baseString
def brute_force():
maxChars = 32
for baseWidth in range(1, maxChars + 1):
print "checking passwords width [" + `baseWidth` + "]"
recurse(baseWidth, 0, "")
def dictionary():
for line in File.readlines():
checkPassword(line.strip('\n'))
hash =raw_input("Input MD5 hash:")
option=input("Choose method:1=Brute Force; 0=Dictionary")
if(option==1):
chklength()
brute_force()
else:
if(option==0):
File=open("dict.txt")
chklength()
dictionary()
else:
print "You picked wrong!"

IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why not?
I'm stumped.

 

[Chris Angelico]

Good to see another cricketer on the list

May I be bowled enough to suggest that "stumped" doesn't necessarily
imply a background in cricket?

*dives for cover*

ChrisA

 

[Tim Delaney]

May I be bowled enough to suggest that "stumped" doesn't necessarily
imply a background in cricket?

*dives for cover*

Surely that should have been "drives for cover" I guess I'll play on ...

Before I go look it up, I'm guessing that the etymology of "stumped" is
actually coming from the problem of a plough getting stuck on a stump (i.e.
can't progress any further). Not much of an issue anymore since the
invention of the stump-jump plough:
https://en.wikipedia.org/wiki/Stump-jump_plough

(Looked it up, my guess is considered the most likely origin of the term).

Tim Delaney

 

[Chris Angelico]

Before I go look it up, I'm guessing that the etymology of "stumped" is
actually coming from the problem of a plough getting stuck on a stump (i.e.
can't progress any further). Not much of an issue anymore since the
invention of the stump-jump plough:
https://en.wikipedia.org/wiki/Stump-jump_plough

Australian inventiveness! We were too lazy to dig out the stumps
before ploughing, so we came up with a solution.

ChrisA

 

[TheRandomPast .]

Hi,

So apparently when I've been staring at code all day and tired my brain
doesn't tell my hands to type half of what I want it to. I apologise for my
last post.

This is my code;

import md5
import sys

characters=range(48,57)+range(65,90)+range(97,122)

def chklength(hash):
if len(hash) != 32:
print '[-] Improper length for md5 hash.'
sys.exit(1)

def checkPassword(password):
#print password
m = md5.new(password)
if (m.hexdigest() == hash):
print "match [" + password + "]"
sys.exit()

def recurse(width, position, baseString):
for char in characters:
if (position < width - 1):
recurse(width, position + 1, baseString + "%c" % char)
checkPassword(baseString + "%c" % char)
print "Target Hash [" + hash+ " string: "+ baseString

def brute_force():
maxChars = 32
for baseWidth in range(1, maxChars + 1):
print "checking passwords width [" + `baseWidth` + "]"
recurse(baseWidth, 0, "")

def dictionary():
for line in File.readlines():
checkPassword(line.strip('\n'))
hash =raw_input("Input MD5 hash:")
option=raw_input("Choose method:1=Brute Force; 0=Dictionary")
if(option==1):
chklength()
brute_force()
else:
if(option==0):
File=open("C:\dictionary.txt")
chklength()
dictionary()
else:
print "Wrong method!"

And dictionary is working, as is the brute force however the issue I have
having is with my chklength() as no matter how many characters I input it
skips the !=32 and goes straight to asking the user to chose either Brute
Force or Dictionary. I want an error to be shown if the hash is less than
or more than 32 characters but at present this chklength() doesn't work as
I thought it would.

Can anyone point out an obvious error that I am missing?