Cracking hashes with Python

[Chris Angelico]

And dictionary is working, as is the brute force however the issue I have
having is with my chklength() as no matter how many characters I input it
skips the !=32 and goes straight to asking the user to chose either Brute
Force or Dictionary. I want an error to be shown if the hash is less than or
more than 32 characters but at present this chklength() doesn't work as I
thought it would.

You never pass it any argument. I don't know why it isn't throwing
TypeError at you.

ChrisA

 

[MRAB]

Hi,

So apparently when I've been staring at code all day and tired my brain
doesn't tell my hands to type half of what I want it to. I apologise for
my last post.

This is my code;

import md5
import sys

characters=range(48,57)+range(65,90)+range(97,122)

def chklength(hash):
if len(hash) != 32:
print '[-] Improper length for md5 hash.'
sys.exit(1)

def checkPassword(password):
#print password
m = md5.new(password)
if (m.hexdigest() == hash):
print "match [" + password + "]"
sys.exit()
def recurse(width, position, baseString):
for char in characters:
if (position < width - 1):
recurse(width, position + 1, baseString + "%c" % char)
checkPassword(baseString + "%c" % char)
print "Target Hash [" + hash+ " string: "+ baseString

def brute_force():
maxChars = 32
for baseWidth in range(1, maxChars + 1):
print "checking passwords width [" + `baseWidth` + "]"
recurse(baseWidth, 0, "")

def dictionary():
for line in File.readlines():
checkPassword(line.strip('\n'))
hash =raw_input("Input MD5 hash:")
option=raw_input("Choose method:1=Brute Force; 0=Dictionary")
if(option==1):
chklength()
brute_force()
else:
if(option==0):
File=open("C:\dictionary.txt")
chklength()
dictionary()
else:
print "Wrong method!"

And dictionary is working, as is the brute force however the issue I
have having is with my chklength() as no matter how many characters I
input it skips the !=32 and goes straight to asking the user to chose
either Brute Force or Dictionary. I want an error to be shown if the
hash is less than or more than 32 characters but at present this
chklength() doesn't work as I thought it would.

Can anyone point out an obvious error that I am missing?

[snip]

You're asking for the hash, then you're asking for the method. You're
not checking the length of the hash between the two.

BTW, 'raw_input' returns a string and a string != a number, e.g. "1" !=
1.

 

[Denis McMahon]

And dictionary is working, as is the brute force however the issue I
have having is with my chklength() as no matter how many characters I
input it skips the !=32 and goes straight to asking the user to chose
either Brute Force or Dictionary. I want an error to be shown if the
hash is less than or more than 32 characters but at present this
chklength() doesn't work as I thought it would.

Can anyone point out an obvious error that I am missing?

Yes - you don't need to type in the hashes by hand at all.

You have code to read the hashes from a web page as strings.

Read the hashes from the web into a list of hashes.
Read the dictionary file into a list of words.
for each word in the dictionary compare the hashed word with the list of
hashes, and if you get a match, output the word and the hash.

If you have code to get the hash strings from the web url, it is nuts to
output them to the screen and then type them back in to the cracking
program when you can just add the code to get them from the web to the
cracking program.