FAQ
Hi,


I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

Search Discussions

  • Chris Angelico at Nov 25, 2013 at 11:47 pm

    On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast wrote:
    I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?

    Do you actually need to download them from that web site, or can you
    simply embed them into your code? The latter would be far easier.


    I'm going to assume that you don't need to do anything more
    complicated than brute-force these, and I'll also assume that they're
    unsalted hashes.


    With a cryptographic hash function, you take text, put it into the
    function, and get back a number (or a hex or binary string, which
    comes to the same thing). You can't go from the number to the string;
    however, you can generate a large number of strings to see if any of
    them results in the same number. You can take "large number" all the
    way, and generate every possible string of a certain length, or you
    can go through a dictionary and generate words. Once you find
    something that matches, you have a plausible guess that this is the
    password.


    There's a basic idea of what "cracking" a hash means. Put a bit of
    code together, see how you go. If you get stuck, post your code and
    how you're stuck, and we'll try to help; but we won't simply write
    your code for you. (By the way, thanks for being up-front about it
    being a school project. The honesty is appreciated, even though we
    would almost certainly be able to tell even if you didn't. :) )


    One last thing: Please get off Google Groups. It makes your posts look
    ugly, which makes you look bad, and that's (probably!) unfair. Use a
    better news client, or subscribe to the mailing list
    python-list at python.org and read and post through that. There are a
    number of regulars here who simply trash all Google Groups posts
    unread, because they're just not worth reading - switching clients
    will help you be heard, and will mean you don't annoy people with
    form. Of course, if you want to annoy us with substance, that's your
    God-given right. :)


    ChrisA
  • Marc at Nov 25, 2013 at 11:58 pm
    Hashes, by definition, are not reversible mathematically. The only way to
    figure out what they represent is to take plaintext that might be the
    plaintext based on anything you might know about the original plaintext
    (which is often nothing) and hash it; then see if the hash matches the one
    you have. If it does, you have figured out the plaintext; if it doesn't try
    again. For a tool that does this, look at Rainbow tables.




    ---------original message----------------------
    Hi,


    I have a school project to do where I've to download MD5 Hashes from a
    particular website and write a code that will crack them. Does anyone know
    where I'll find out more information on how to do this? There's only 4
    hashes that I need to do so it doesn't have to be a large script just needs
    to be able to download the hashes from the website. Can anyone help me out?
  • Laszlo Nagy at Nov 27, 2013 at 3:31 pm

    On 2013-11-26 00:58, Marc wrote:
    Hashes, by definition, are not reversible mathematically. The only way to
    figure out what they represent is to take plaintext that might be the
    plaintext based on anything you might know about the original plaintext
    (which is often nothing) and hash it; then see if the hash matches the one
    you have. If it does, you have figured out the plaintext; if it doesn't try
    again. For a tool that does this, look at Rainbow tables.
    There are also complete hash databases on the internet. They usually
    reverse-map hash values to most common values found in dictionaries.


    Here is an example:

    import hashlib
    h = hashlib.md5("test")
    h.hexdigest()
    '098f6bcd4621d373cade4e832627b4f6'
      >>>




    Then you go here:


    http://www.md5decrypter.co.uk/


    There are many other databases like this, search for them with "md5
    search" or "sha1 database" etc.
  • TheRandomPast at Nov 26, 2013 at 12:01 am

    On Monday, 25 November 2013 23:47:52 UTC, Chris Angelico wrote:
    On Tue, Nov 26, 2013 at 10:32 AM, TheRandomPast wrote:

    I have a school project to do where I've to download MD5 Hashes from a particular website and write a code that will crack them. Does anyone know where I'll find out more information on how to do this? There's only 4 hashes that I need to do so it doesn't have to be a large script just needs to be able to download the hashes from the website. Can anyone help me out?


    Do you actually need to download them from that web site, or can you

    simply embed them into your code? The latter would be far easier.



    I'm going to assume that you don't need to do anything more

    complicated than brute-force these, and I'll also assume that they're

    unsalted hashes.



    With a cryptographic hash function, you take text, put it into the

    function, and get back a number (or a hex or binary string, which

    comes to the same thing). You can't go from the number to the string;

    however, you can generate a large number of strings to see if any of

    them results in the same number. You can take "large number" all the

    way, and generate every possible string of a certain length, or you

    can go through a dictionary and generate words. Once you find

    something that matches, you have a plausible guess that this is the

    password.



    There's a basic idea of what "cracking" a hash means. Put a bit of

    code together, see how you go. If you get stuck, post your code and

    how you're stuck, and we'll try to help; but we won't simply write

    your code for you. (By the way, thanks for being up-front about it

    being a school project. The honesty is appreciated, even though we

    would almost certainly be able to tell even if you didn't. :) )



    One last thing: Please get off Google Groups. It makes your posts look

    ugly, which makes you look bad, and that's (probably!) unfair. Use a

    better news client, or subscribe to the mailing list

    python-list at python.org and read and post through that. There are a

    number of regulars here who simply trash all Google Groups posts

    unread, because they're just not worth reading - switching clients

    will help you be heard, and will mean you don't annoy people with

    form. Of course, if you want to annoy us with substance, that's your

    God-given right. :)



    ChrisA

    Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.


    What client do you suggest I use instead of google groups?
  • Chris Angelico at Nov 26, 2013 at 12:19 am

    On Tue, Nov 26, 2013 at 11:01 AM, TheRandomPast wrote:
    Hi, thanks for replying. I don't like google groups layout either I was just unsure as to what to use. I already have some code on the go I just couldn't figure out the best way to do what I wanted to do so I thought I'd ask and see if anyone could point me in the right direction. I *have* to download them, i know how many there are because I used a text editor to find them.

    What client do you suggest I use instead of google groups?

    Personally, I use the mailing list:


    https://mail.python.org/mailman/listinfo/python-list


    You can sign up by email, read the emails, respond to emails.
    Alternatively, look for a news client for your platform - Mozilla
    Thunderbird is a popular option.


    Downloading the hashes from the web site depends a bit on how they're
    formatted. Do you get a plain text file with one per line? Are they
    given in hex? How is it all laid out?


    ChrisA
  • Steven D'Aprano at Nov 26, 2013 at 2:55 am

    On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:


    Hi,

    I have a school project to do where I've to download MD5 Hashes from a
    particular website and write a code that will crack them.

    A school project. Right. Heh. :-)


    And which website's hashes would this be?



    Does anyone
    know where I'll find out more information on how to do this? There's
    only 4 hashes that I need to do so it doesn't have to be a large script
    just needs to be able to download the hashes from the website. Can
    anyone help me out?

    The size of the script has nothing to do with the number of hashes you
    have to crack. Whether it is one hash and one million, the script will be
    exactly the same.


    Do you have to write a program to download the hashes, or can you just
    browse to the web address with your browser and save them?


    If you have to write your own program, start here:


    https://duckduckgo.com/?q=python+how+to+download+data+from+the+web




    --
    Steven
  • Frank Cui at Nov 26, 2013 at 2:46 am
    Hi,
    I'm assuming you are taking a computer/network security course.
    Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.
    With that said, it's possible to "crack" or "decrypt" a md5 hash value by searching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at http://www.md5crack.com/home.


    Yatong

    From: steve at pearwood.info
    Subject: Re: Cracking hashes with Python
    Date: Tue, 26 Nov 2013 02:55:58 +0000
    To: python-list at python.org
    On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:

    Hi,

    I have a school project to do where I've to download MD5 Hashes from a
    particular website and write a code that will crack them.
    A school project. Right. Heh. :-)

    And which website's hashes would this be?

    Does anyone
    know where I'll find out more information on how to do this? There's
    only 4 hashes that I need to do so it doesn't have to be a large script
    just needs to be able to download the hashes from the website. Can
    anyone help me out?
    The size of the script has nothing to do with the number of hashes you
    have to crack. Whether it is one hash and one million, the script will be
    exactly the same.

    Do you have to write a program to download the hashes, or can you just
    browse to the web address with your browser and save them?

    If you have to write your own program, start here:

    https://duckduckgo.com/?q=python+how+to+download+data+from+the+web


    --
    Steven
    --
    https://mail.python.org/mailman/listinfo/python-list

    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131125/fad6ed1d/attachment.html>
  • TheRandomPast at Nov 26, 2013 at 10:30 am

    On Tuesday, 26 November 2013 02:46:09 UTC, Frank Cui wrote:
    Hi,


    I'm assuming you are taking a computer/network security course.

    Md5 hashing operation is designed to be mathematically unidirectional, you can only attempt to find a collision situation but it's technically impossible to reverse the operation.


    With that said, it's possible to "crack" or "decrypt" a md5 hash value by searching through a value-hash database to find the most commonly used password under a given hash value. You can see the tool at?http://www.md5crack.com/home.

    Yatong

    From: st... at pearwood.info
    Subject: Re: Cracking hashes with Python
    Date: Tue, 26 Nov 2013 02:55:58 +0000
    To: pytho... at python.org
    On Mon, 25 Nov 2013 15:32:41 -0800, TheRandomPast wrote:

    Hi,

    I have a school project to do where I've to download MD5 Hashes from a
    particular website and write a code that will crack them.
    A school project. Right. Heh. :-)

    And which website's hashes would this be?

    Does anyone
    know where I'll find out more information on how to do this? There's
    only 4 hashes that I need to do so it doesn't have to be a large script
    just needs to be able to download the hashes from the website. Can
    anyone help me out?
    The size of the script has nothing to do with the number of hashes you
    have to crack. Whether it is one hash and one million, the script will be
    exactly the same.

    Do you have to write a program to download the hashes, or can you just
    browse to the web address with your browser and save them?

    If you have to write your own program, start here:

    https://duckduckgo.com/?q=python+how+to+download+data+from+the+web


    --
    Steven
    --
    https://mail.python.org/mailman/listinfo/python-list

    Hi, Thanks for answering.


    I have already created a script that downloads the hash values and prints them on my GUI, now I'm just struggling to figure out how to pass these values into the next part of my code to crack them.


    This is the code that downloads them;
    def getMD5Pass(webpage):
    print '[*] getMD5Pass()'
    values = re.findall(r'([a-fA-F\d]{32})', webpage)
    values.sort()
    print '[+]', str(len(values)), 'Amount of MD5 passwords found :'
    for value in values:
             print value




    3d4fe7a00bc6fb52a91685d038733d6f
    cf673f7ee88828c9fb8f6acf2cb08403
    1341daac6408df15c166a3e4580ee4b1


    and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

    import hashlib
    def crackMD5Hash():
    md5Hash = raw_input('What is the Hash to be decrypted : ')



    This is as far as I've gotten so far. It's back to the drawing board.
  • Chris Angelico at Nov 26, 2013 at 10:39 am

    On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast wrote:
    and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great. As I print them on screen I was thinking I could write a program that allows the md5 to be entered and then cracked.

    Okay. This is where the irreversible nature of hash functions comes
    into play. You can't actually take the hash and go back to the
    password; what you have to do is try lots of passwords and find one
    that has the right hash.


    Python has a data structure that lets you store keys and values, and
    then see whether the key you're looking for is there. See if you can
    use that.


    ChrisA
  • TheRandomPast . at Nov 26, 2013 at 11:46 am
    Hi,


    Thanks. From what I've been able to find online I've created a dictionary
    file with words and the words I know the hash values to be and I'm trying
    to get it to use that however when I run this I get no errors but it
    doesn't do anything, like ask me to input my hash value. Am i just being
    stupid?

    import sys, re, hashlib
    def chklength(hashes):
    if len(hashes) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)
    def dict_check():
    md5hashes = raw_input('\nPlease enter the Hash value to be decrypted: ')
    chklength(md5hashes)


    wordlist = open('C:\dictionary.txt', r)
    try:
    words = wordlist
    except(IOError):
    print "[-] Error: Check the path.\n"
    sys.exit(1)
    words = words.readlines()
    print "\n",len(words),"words loading?"
    for word in words:
    hash = hashlib.md5(word[:-1])
    value = hash.hexdigest()
    if hashes == value:
    print "[+] Password is:"+word,"\n"
    sys.exit(0)


    print('\n1 ? Dictionary Check')
    print('2 ? Exit')
    selection = raw_input('\nSelect an option from above: ')
    sys.stdout.flush()
    if selection == "1":
    dict_attack()
    pass
    elif selection == "2":
    sys.exit(0



    On Tue, Nov 26, 2013 at 10:39 AM, Chris Angelico wrote:

    On Tue, Nov 26, 2013 at 9:30 PM, TheRandomPast wrote:
    and I've started the second part, the part to crack them. If anyone
    could tell me where I'd find more information on this subject and how to
    crack them that would be great. As I print them on screen I was thinking I
    could write a program that allows the md5 to be entered and then cracked.

    Okay. This is where the irreversible nature of hash functions comes
    into play. You can't actually take the hash and go back to the
    password; what you have to do is try lots of passwords and find one
    that has the right hash.

    Python has a data structure that lets you store keys and values, and
    then see whether the key you're looking for is there. See if you can
    use that.

    ChrisA
    --
    https://mail.python.org/mailman/listinfo/python-list
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131126/ee0846de/attachment.html>
  • Chris Angelico at Nov 26, 2013 at 12:48 pm

    On Tue, Nov 26, 2013 at 10:46 PM, TheRandomPast . wrote:
    Thanks. From what I've been able to find online I've created a dictionary
    file with words and the words I know the hash values to be and I'm trying to
    get it to use that however when I run this I get no errors but it doesn't do
    anything, like ask me to input my hash value. Am i just being stupid?

    The code you've pasted to us is a bit mangled. Can you try to post a
    clean copy, please? No angle brackets in front of the lines, and
    getting the indentation correct, because I think this might be your
    problem:

    wordlist = open('C:\dictionary.txt', r)
    try:
    words = wordlist
    except(IOError):
    print "[-] Error: Check the path.\n"
    sys.exit(1)

    The first part of the problem is that the sys.exit() call isn't
    indented, so it's executed whether there's an exception thrown or not.


    The second part of the problem is that you're catching an exception
    only to emit a message and terminate. Don't. :) Just let the exception
    happen; it'll... emit a message and terminate.


    The third part of the problem is that you're bracketing the wrong part
    of the code in the try/except. The simple assignment isn't going to
    fail - the open call will. (Or maybe the readlines below it, but more
    likely the open.)


    So here's the fixed version of the above code:


    words = open('C:/dictionary.txt', r)


    Yep, it's really that simple. (Though there's another fragility in
    what you had: the use of \d in a quoted string. It happens to have no
    meaning, so it happens to work, but if you use "c:\textfile.txt",
    you'll get quite the wrong result. You can double the backslash
    "c:\\dictionary.txt", or you can use a raw string
    r"c:\dictionary.txt", or you can use a forward slash, as I did above.)


    See if that helps. If not, posting a clean copy of your current code
    will help a lot.


    ChrisA
  • Robert Kern at Nov 26, 2013 at 1:00 pm

    On 2013-11-26 10:30, TheRandomPast wrote:


    and I've started the second part, the part to crack them. If anyone could tell me where I'd find more information on this subject and how to crack them that would be great.

    What resources did your teacher give you? What have you been taught in class
    about this subject?


    --
    Robert Kern


    "I have come to believe that the whole world is an enigma, a harmless enigma
       that is made terrible by our own mad attempt to interpret it as though it had
       an underlying truth."
        -- Umberto Eco
  • TheRandomPast . at Nov 26, 2013 at 2:18 pm
    @RobertKern


    - Teacher has taught us nothing about MD5. This being the script he wanted
    us to write came as a surprise to everyone but complaints about projects
    are constantly ignored. This particular teacher is complained about for
    this reason every year but nothing ever changes.




    This is my code. I hope it looks better? I'm sorry if it doesn't. I'm
    trying to get the hang of posting by email :)


    [code] import sys, re, hashlib


    def dict_attack():
         hashes = raw_input('\nPlease specify hash value: ')
         chklength(hashes)


    def chklength(hashes):
         if len(hashes) != 32:
             print '[-] Improper length for md5 hash.'
             sys.exit(1)




    wordlist = open('C:/dictionary.txt')
    try:
         words = wordlist
    except(IOError):
         print "[-] Error: Check your path.\n"
         sys.exit(1)


    words = open('C:/dictionary.txt')
    print "\n",len(words),"words loaded?" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()


    for word in words:
         hash = hashlib.md5(word[:-1])
         value = hash.hexdigest()


    if hashes == value:
         print "[+] Password is:"+word,"\n"
         sys.exit(0)




    print('\n1 ? Dictionary Check')
    print('2 ? Exit')
    selection = raw_input('\nSelect an option from above: ')
    sys.stdout.flush()


    if selection == "1":
         dict_attack()
         pass
    elif selection == "2":
         sys.exit(0)[/code]




    print "\n",len(words),"words loaded?" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()
      - I'm guessing this is because it's not picking up my file but I can't see
    why it shouldn't?




    On Tue, Nov 26, 2013 at 1:00 PM, Robert Kern wrote:

    On 2013-11-26 10:30, TheRandomPast wrote:

    and I've started the second part, the part to crack them. If anyone could
    tell me where I'd find more information on this subject and how to crack
    them that would be great.
    What resources did your teacher give you? What have you been taught in
    class about this subject?

    --
    Robert Kern

    "I have come to believe that the whole world is an enigma, a harmless
    enigma
    that is made terrible by our own mad attempt to interpret it as though it
    had
    an underlying truth."
    -- Umberto Eco

    --
    https://mail.python.org/mailman/listinfo/python-list
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131126/9813a4b7/attachment.html>
  • Chris Angelico at Nov 26, 2013 at 2:46 pm

    On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast . wrote:
    This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
    to get the hang of posting by email :)

    There are no BBCode tags here, so [code] doesn't help you at all.
    Other than that, looks good. Though if you're going to annotate your
    code, please mark your comments with a hash; that way, we can simply
    copy and paste your code and run it, which is a huge help. (In this
    case, I can see what's going on without running it, but that's not
    always true. Sometimes my crystal ball is faulty.)

    wordlist = open('C:/dictionary.txt')
    try:
    words = wordlist
    except(IOError):
    print "[-] Error: Check your path.\n"
    sys.exit(1)

    This now is functional but completely useless. You can drop this whole
    block of code.

    words = open('C:/dictionary.txt')
    print "\n",len(words),"words loaded?" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()

    The problem is that you've left out the readlines() call, so you now
    aren't looking at a list, you're looking at the file object itself.
    But take heart! A file object is iterable, so as long as you don't
    mind losing this line of status display, it'll all work.

    for word in words:
    hash = hashlib.md5(word[:-1])
    value = hash.hexdigest()

    This is all very well, but you actually don't do anything with the
    hash and the value. Tip: This would be a good place to stash them all
    somewhere so you can look them up quickly.


    Side point: You're currently assuming that each word you get is
    terminated by exactly a single newline. It'd be clearer to, instead of
    slicing off the last character with the smiley [:-1] (not sure what
    that represents - maybe he has a pen lid sticking out of his mouth?),
    try stripping off whitespace. Strings have a method that'll do that
    for you.

    if hashes == value:
    print "[+] Password is:"+word,"\n"
    sys.exit(0)

    This is where you'd look up in what you've stashed, except that at no
    point before this do you query the user for the hash to look up.


    I recommend you think in terms of an initialization phase, and then a
    loop in which you ask the user for input. That would be the most
    normal way to do things. As it is, there's no loop, so having an
    "exit" option is actually fairly useless.


    By the way, are you also learning about Python 3, or are you
    exclusively studying Python 2? Python 2 is now a dead end; no new
    features are being added to it, and it's to be supported with some bug
    fixes for a while, and then security patches only after that;
    meanwhile, Python 3 just keeps on getting better. We're now able to
    play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
    (which added a veritable ton of awesomeness over 3.2), and there are
    features slated for 3.5 after that. Even if your course is teaching
    only the old version, it'd be good for you, as a programmer, to
    explore the differences in the new version; the sooner you get your
    head around the difference between Unicode strings and collections of
    bytes, the easier your life will be, and Py3 makes that distinction a
    lot clearer than Py2 did.


    ChrisA
  • TheRandomPast . at Nov 26, 2013 at 3:13 pm
    Thanks. I'll take that on board and let you know how I get on.


    Thanks for all your help.




    On Tue, Nov 26, 2013 at 2:46 PM, Chris Angelico wrote:

    On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
    wrote:
    This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
    to get the hang of posting by email :)
    There are no BBCode tags here, so [code] doesn't help you at all.
    Other than that, looks good. Though if you're going to annotate your
    code, please mark your comments with a hash; that way, we can simply
    copy and paste your code and run it, which is a huge help. (In this
    case, I can see what's going on without running it, but that's not
    always true. Sometimes my crystal ball is faulty.)
    wordlist = open('C:/dictionary.txt')
    try:
    words = wordlist
    except(IOError):
    print "[-] Error: Check your path.\n"
    sys.exit(1)
    This now is functional but completely useless. You can drop this whole
    block of code.
    words = open('C:/dictionary.txt')
    print "\n",len(words),"words loaded?" (This line now throws up an error
    where it wasn't before: TypeError: object of type 'file' has no len()
    The problem is that you've left out the readlines() call, so you now
    aren't looking at a list, you're looking at the file object itself.
    But take heart! A file object is iterable, so as long as you don't
    mind losing this line of status display, it'll all work.
    for word in words:
    hash = hashlib.md5(word[:-1])
    value = hash.hexdigest()
    This is all very well, but you actually don't do anything with the
    hash and the value. Tip: This would be a good place to stash them all
    somewhere so you can look them up quickly.

    Side point: You're currently assuming that each word you get is
    terminated by exactly a single newline. It'd be clearer to, instead of
    slicing off the last character with the smiley [:-1] (not sure what
    that represents - maybe he has a pen lid sticking out of his mouth?),
    try stripping off whitespace. Strings have a method that'll do that
    for you.
    if hashes == value:
    print "[+] Password is:"+word,"\n"
    sys.exit(0)
    This is where you'd look up in what you've stashed, except that at no
    point before this do you query the user for the hash to look up.

    I recommend you think in terms of an initialization phase, and then a
    loop in which you ask the user for input. That would be the most
    normal way to do things. As it is, there's no loop, so having an
    "exit" option is actually fairly useless.

    By the way, are you also learning about Python 3, or are you
    exclusively studying Python 2? Python 2 is now a dead end; no new
    features are being added to it, and it's to be supported with some bug
    fixes for a while, and then security patches only after that;
    meanwhile, Python 3 just keeps on getting better. We're now able to
    play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
    (which added a veritable ton of awesomeness over 3.2), and there are
    features slated for 3.5 after that. Even if your course is teaching
    only the old version, it'd be good for you, as a programmer, to
    explore the differences in the new version; the sooner you get your
    head around the difference between Unicode strings and collections of
    bytes, the easier your life will be, and Py3 makes that distinction a
    lot clearer than Py2 did.

    ChrisA
    --
    https://mail.python.org/mailman/listinfo/python-list
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131126/5714d269/attachment.html>
  • Denis McMahon at Nov 26, 2013 at 6:33 pm

    On Tue, 26 Nov 2013 14:18:33 +0000, TheRandomPast . wrote:


    - Teacher has taught us nothing about MD5. This being the script he
    wanted us to write came as a surprise to everyone but complaints about
    projects are constantly ignored. This particular teacher is complained
    about for this reason every year but nothing ever changes.

    ok .... forget about python for a minute.


    write down the steps you need to follow to solve the problem in plain
    english.


    1) Get the list of hashes from a website
    2) Brute force the hashes using a dictionary


    But 2 needs a dictionary:


    1) Load a dictionary
    2) Get the list of hashes from a website
    3) Brute force the hashes using a dictionary


    So you need a function to load the dictionary (from a local file?), a
    function to get the list of hashes, a function to try and brute force a
    hash using the dictionary, and some logic to tie it all together.


    global data: list of words, list of hashes


    load_dictionary ( file )
      read the words from the file


    get_hashes( url )
      read the hashes from the url


    brute_force()
      do every hash in hashes
       do every word in words
        if md5( word ) is hash
         solved this hash!


    load_dictionary( "dictionary file name" )
    get_hashes( "http://www.website.tld/path/file.ext" )
    brute_force()


    --
    Denis McMahon, denismfmcmahon at gmail.com
  • Denis McMahon at Nov 26, 2013 at 6:17 pm

    On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:


    for value in values:
    print value

    ..........^^^^^^^^^^^


    so change this to:
               crackMD5Hash( value )

    import hashlib
    def crackMD5Hash():

    Nah ....


    def crackMD5Hash( hash ):
             print "cracking hash:", hash
             some code goes here ...
             print "original string was:", result


    Algorithms for cracking md5 hashes is not a python topic, but rather a
    cryptography topic. When you find an algorithm to use, then if you have
    trouble converting it into code we may be able to help with that bit.


    --
    Denis McMahon, denismfmcmahon at gmail.com
  • TheRandomPast . at Nov 26, 2013 at 11:06 pm
    This is my code


    import md5
    import sys


    def chklength(hashes):
         if len(hashes) != 32:
             print '[-] Improper length for md5 hash.'
             sys.exit(1)
    characters=range(48,57)+range(65,90)+range(97,122)
    def checkPassword(password):
         #print password
         m = md5.new(password)
         if (m.hexdigest() == hash):
             print "match [" + password + "]"
             sys.exit()


    def recurse(width, position, baseString):
         for char in characters:
             if (position < width - 1):
                 recurse(width, position + 1, baseString + "%c" % char)
             checkPassword(baseString + "%c" % char)
             print "Target Hash [" + hash+ " string: "+ baseString
    def brute_force():
         maxChars = 32
         for baseWidth in range(1, maxChars + 1):
             print "checking passwords width [" + `baseWidth` + "]"
             recurse(baseWidth, 0, "")
    def dictionary():
         for line in File.readlines():
             checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
         chklength()
         brute_force()
    else:
         if(option==0):
             File=open("dict.txt")
             chklength()
             dictionary()
         else:
             print "You picked wrong!"


    IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why not?
    I'm stumped.




    On Tue, Nov 26, 2013 at 6:17 PM, Denis McMahon wrote:

    On Tue, 26 Nov 2013 02:30:03 -0800, TheRandomPast wrote:

    for value in values:
    print value
    ..........^^^^^^^^^^^

    so change this to:
    crackMD5Hash( value )
    import hashlib
    def crackMD5Hash():
    Nah ....

    def crackMD5Hash( hash ):
    print "cracking hash:", hash
    some code goes here ...
    print "original string was:", result

    Algorithms for cracking md5 hashes is not a python topic, but rather a
    cryptography topic. When you find an algorithm to use, then if you have
    trouble converting it into code we may be able to help with that bit.

    --
    Denis McMahon, denismfmcmahon at gmail.com
    --
    https://mail.python.org/mailman/listinfo/python-list
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131126/82ac4686/attachment.html>
  • Mark Lawrence at Nov 27, 2013 at 1:04 am

    On 26/11/2013 23:06, TheRandomPast . wrote:
    This is my code

    import md5
    import sys

    def chklength(hashes):
    if len(hashes) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)
    characters=range(48,57)+range(65,90)+range(97,122)
    def checkPassword(password):
    #print password
    m = md5.new(password)
    if (m.hexdigest() == hash):
    print "match [" + password + "]"
    sys.exit()
    def recurse(width, position, baseString):
    for char in characters:
    if (position < width - 1):
    recurse(width, position + 1, baseString + "%c" % char)
    checkPassword(baseString + "%c" % char)
    print "Target Hash [" + hash+ " string: "+ baseString
    def brute_force():
    maxChars = 32
    for baseWidth in range(1, maxChars + 1):
    print "checking passwords width [" + `baseWidth` + "]"
    recurse(baseWidth, 0, "")
    def dictionary():
    for line in File.readlines():
    checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
    chklength()
    brute_force()
    else:
    if(option==0):
    File=open("dict.txt")
    chklength()
    dictionary()
    else:
    print "You picked wrong!"

    IT WORKS! ...(Almost) My chklength isn't working. Can anyone see why
    not? I'm stumped.

    Good to see another cricketer on the list :) Besides that stating "x
    isn't working" usually doesn't help us to help you. However here it's
    obvious that you define chklength to take an argument hashes but call it
    without arguments. You also use raw_input on one line and input on the
    next, not a good idea. I haven't looked for anything else.


    --
    Python is the second best programming language in the world.
    But the best has yet to be invented. Christian Tismer


    Mark Lawrence
  • Chris Angelico at Nov 27, 2013 at 2:28 am

    On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence wrote:
    On 26/11/2013 23:06, TheRandomPast . wrote:
    I'm stumped.
    Good to see another cricketer on the list :)

    May I be bowled enough to suggest that "stumped" doesn't necessarily
    imply a background in cricket?


    *dives for cover*


    ChrisA
  • Tim Delaney at Nov 27, 2013 at 2:55 am

    On 27 November 2013 13:28, Chris Angelico wrote:

    On Wed, Nov 27, 2013 at 12:04 PM, Mark Lawrence wrote:
    On 26/11/2013 23:06, TheRandomPast . wrote:
    I'm stumped.
    Good to see another cricketer on the list :)
    May I be bowled enough to suggest that "stumped" doesn't necessarily
    imply a background in cricket?

    *dives for cover*

    Surely that should have been "drives for cover" ;) I guess I'll play on ...


    Before I go look it up, I'm guessing that the etymology of "stumped" is
    actually coming from the problem of a plough getting stuck on a stump (i.e.
    can't progress any further). Not much of an issue anymore since the
    invention of the stump-jump plough:
    https://en.wikipedia.org/wiki/Stump-jump_plough


    (Looked it up, my guess is considered the most likely origin of the term).


    Tim Delaney
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131127/60763098/attachment-0001.html>
  • Chris Angelico at Nov 27, 2013 at 2:58 am

    On Wed, Nov 27, 2013 at 1:55 PM, Tim Delaney wrote:
    Before I go look it up, I'm guessing that the etymology of "stumped" is
    actually coming from the problem of a plough getting stuck on a stump (i.e.
    can't progress any further). Not much of an issue anymore since the
    invention of the stump-jump plough:
    https://en.wikipedia.org/wiki/Stump-jump_plough

    Australian inventiveness! We were too lazy to dig out the stumps
    before ploughing, so we came up with a solution.


    ChrisA
  • TheRandomPast . at Nov 27, 2013 at 12:40 pm
    Hi,


    So apparently when I've been staring at code all day and tired my brain
    doesn't tell my hands to type half of what I want it to. I apologise for my
    last post.


    This is my code;


    import md5
    import sys


    characters=range(48,57)+range(65,90)+range(97,122)


    def chklength(hash):
         if len(hash) != 32:
             print '[-] Improper length for md5 hash.'
             sys.exit(1)


    def checkPassword(password):
         #print password
         m = md5.new(password)
         if (m.hexdigest() == hash):
             print "match [" + password + "]"
             sys.exit()


    def recurse(width, position, baseString):
         for char in characters:
             if (position < width - 1):
                 recurse(width, position + 1, baseString + "%c" % char)
             checkPassword(baseString + "%c" % char)
             print "Target Hash [" + hash+ " string: "+ baseString


    def brute_force():
         maxChars = 32
         for baseWidth in range(1, maxChars + 1):
             print "checking passwords width [" + `baseWidth` + "]"
             recurse(baseWidth, 0, "")


    def dictionary():
         for line in File.readlines():
             checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=raw_input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
         chklength()
         brute_force()
    else:
         if(option==0):
             File=open("C:\dictionary.txt")
             chklength()
             dictionary()
         else:
             print "Wrong method!"


    And dictionary is working, as is the brute force however the issue I have
    having is with my chklength() as no matter how many characters I input it
    skips the !2 and goes straight to asking the user to chose either Brute
    Force or Dictionary. I want an error to be shown if the hash is less than
    or more than 32 characters but at present this chklength() doesn't work as
    I thought it would.


    Can anyone point out an obvious error that I am missing?




    On Wed, Nov 27, 2013 at 2:58 AM, Chris Angelico wrote:

    On Wed, Nov 27, 2013 at 1:55 PM, Tim Delaney
    wrote:
    Before I go look it up, I'm guessing that the etymology of "stumped" is
    actually coming from the problem of a plough getting stuck on a stump (i.e.
    can't progress any further). Not much of an issue anymore since the
    invention of the stump-jump plough:
    https://en.wikipedia.org/wiki/Stump-jump_plough
    Australian inventiveness! We were too lazy to dig out the stumps
    before ploughing, so we came up with a solution.

    ChrisA
    --
    https://mail.python.org/mailman/listinfo/python-list
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://mail.python.org/pipermail/python-list/attachments/20131127/2f4a8d27/attachment.html>
  • Chris Angelico at Nov 27, 2013 at 1:27 pm

    On Wed, Nov 27, 2013 at 11:40 PM, TheRandomPast . wrote:
    And dictionary is working, as is the brute force however the issue I have
    having is with my chklength() as no matter how many characters I input it
    skips the !2 and goes straight to asking the user to chose either Brute
    Force or Dictionary. I want an error to be shown if the hash is less than or
    more than 32 characters but at present this chklength() doesn't work as I
    thought it would.

    You never pass it any argument. I don't know why it isn't throwing
    TypeError at you.


    ChrisA
  • MRAB at Nov 27, 2013 at 5:44 pm

    On 27/11/2013 12:40, TheRandomPast . wrote:
    Hi,

    So apparently when I've been staring at code all day and tired my brain
    doesn't tell my hands to type half of what I want it to. I apologise for
    my last post.

    This is my code;

    import md5
    import sys

    characters=range(48,57)+range(65,90)+range(97,122)

    def chklength(hash):
    if len(hash) != 32:
    print '[-] Improper length for md5 hash.'
    sys.exit(1)

    def checkPassword(password):
    #print password
    m = md5.new(password)
    if (m.hexdigest() == hash):
    print "match [" + password + "]"
    sys.exit()
    def recurse(width, position, baseString):
    for char in characters:
    if (position < width - 1):
    recurse(width, position + 1, baseString + "%c" % char)
    checkPassword(baseString + "%c" % char)
    print "Target Hash [" + hash+ " string: "+ baseString

    def brute_force():
    maxChars = 32
    for baseWidth in range(1, maxChars + 1):
    print "checking passwords width [" + `baseWidth` + "]"
    recurse(baseWidth, 0, "")

    def dictionary():
    for line in File.readlines():
    checkPassword(line.strip('\n'))
    hash =raw_input("Input MD5 hash:")
    option=raw_input("Choose method:1=Brute Force; 0=Dictionary")
    if(option==1):
    chklength()
    brute_force()
    else:
    if(option==0):
    File=open("C:\dictionary.txt")
    chklength()
    dictionary()
    else:
    print "Wrong method!"

    And dictionary is working, as is the brute force however the issue I
    have having is with my chklength() as no matter how many characters I
    input it skips the !2 and goes straight to asking the user to chose
    either Brute Force or Dictionary. I want an error to be shown if the
    hash is less than or more than 32 characters but at present this
    chklength() doesn't work as I thought it would.

    Can anyone point out an obvious error that I am missing?
    [snip]


    You're asking for the hash, then you're asking for the method. You're
    not checking the length of the hash between the two.


    BTW, 'raw_input' returns a string and a string != a number, e.g. "1" !1.
  • Denis McMahon at Nov 27, 2013 at 9:18 pm

    On Wed, 27 Nov 2013 12:40:41 +0000, TheRandomPast . wrote:


    And dictionary is working, as is the brute force however the issue I
    have having is with my chklength() as no matter how many characters I
    input it skips the !2 and goes straight to asking the user to chose
    either Brute Force or Dictionary. I want an error to be shown if the
    hash is less than or more than 32 characters but at present this
    chklength() doesn't work as I thought it would.

    Can anyone point out an obvious error that I am missing?

    Yes - you don't need to type in the hashes by hand at all.


    You have code to read the hashes from a web page as strings.


    Read the hashes from the web into a list of hashes.
    Read the dictionary file into a list of words.
    for each word in the dictionary compare the hashed word with the list of
    hashes, and if you get a match, output the word and the hash.


    If you have code to get the hash strings from the web url, it is nuts to
    output them to the screen and then type them back in to the cracking
    program when you can just add the code to get them from the web to the
    cracking program.


    --
    Denis McMahon, denismfmcmahon at gmail.com

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppython-list @
categoriespython
postedNov 25, '13 at 11:32p
activeNov 27, '13 at 9:18p
posts27
users11
websitepython.org

People

Translate

site design / logo © 2022 Grokbase