5 Replies - 1570 Views - Last Post: 20 February 2014 - 02:31 PM Rate Topic: -----

#1 ledererster  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 14-October 11

How to change python string to unsigned char array?

Posted 04 October 2012 - 01:22 AM

I am writing a simple dictionary attack in python for class. We are provided with a shadow file that contains the username and hashed password and a dictionary file. We need to add a salt of 1-255, prepended to each dictionary word and then get the MD5 hash of each to compare to the shadow file. I'm very close, but my problem is the encoding I believe. My instructor said the salt+password are stored as an unsigned char array in C before hashing. How do I convert to this in python? I've tried several encodings including ISO-8859-1 and nothing seems to work. I can provide my code if necessary.

Here is my code:

import hashlib

print("Generating Hashes...")
hash_table = {}

def crack(Hash=None):
    if Hash in hash_table:
        print "MATCH\n",hash_table[Hash]
    else:
        print  "NO MATCH"


with open('dictionary','r') as inp_file:
    for word in inp_file.readlines():
        word = word.strip()
        for salt in range(0,256):
            salt = str(salt)
            final = salt+word
            #print final
            final = final.encode('iso-8859-1')
            hash_table[hashlib.md5(final).hexdigest()] = salt+word
#print hash_table

with open('shadow3','r') as inp_file2:
    for line in inp_file2.readlines():
        line = line.strip()
        line1 = line.split(":")[1:]
        print line1[0]
        crack(line1[0])



here is the provided shadow file
tleela:72fd3dbc120ea01dd9e7c68d6f257181
hfarnsworth:204b319de6f41bbfdbcb28da724dda23
jzoidberg:a08a9e38a28e64583700b20a8251c2ba
brodrgue:eac6bf62c93cbe3f9f934b5143d945e4
pfry:e262e88b10ea1bcdbb385e74216d3a7a
awong:fe58b4b4cecd58d47b08b1916fae00ac
hconrad:4cdbade3215a250eb5607a1127b8f755


and here is the result I am currently getting. only one password is found:
Desktop/pyhton1# python hash1.py 
Generating Hashes...
72fd3dbc120ea01dd9e7c68d6f257181
NO MATCH
204b319de6f41bbfdbcb28da724dda23
NO MATCH
a08a9e38a28e64583700b20a8251c2ba
NO MATCH
eac6bf62c93cbe3f9f934b5143d945e4
NO MATCH
e262e88b10ea1bcdbb385e74216d3a7a
MATCH
6expression
fe58b4b4cecd58d47b08b1916fae00ac
NO MATCH
4cdbade3215a250eb5607a1127b8f755
NO MATCH



I've also attached the dictionary file if needed

Dictionary file didn't attach for some reason. Sorry.

Attached File(s)



Is This A Good Question/Topic? 0
  • +

Replies To: How to change python string to unsigned char array?

#2 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5817
  • View blog
  • Posts: 12,666
  • Joined: 16-October 07

Re: How to change python string to unsigned char array?

Posted 04 October 2012 - 04:47 AM

Your file is in, well to be honest I don't know how it's encode, but it ain't ascii. It tanked out on me immediately. Raising a "UnicodeDecodeError: 'ascii' codec can't decode byte 0xef in position 0: ordinal not in range(128)"

Just as an experiment:

>>> with open('dictionary.txt','r') as fh:
...     for word in fh.readlines():
...             print word
...             print [ "'{0}':{1}".format(c, ord(c)) for c in word ]
...             break
... 
basement

["'\xef':239", "'\xbb':187", "'\xbf':191", "'b':98", "'a':97", "'s':115", "'e':101", "'m':109", "'e':101", "'n':110", "'t':116", "'\r':13", "'\n':10"]
>>> [ "'{0}':{1}".format(c, ord(c)) for c in 'basement' ]
["'b':98", "'a':97", "'s':115", "'e':101", "'m':109", "'e':101", "'n':110", "'t':116"]
>>> 



So, that would be a cause. But it could be straight up ascii on your box and a transfer bug got me. To save me a headache, I just moved everthing to iso-8859-1.

Do you really want your salt to be the string representation of an integer? Maybe you wanted an ascii character?

If your character format is clean, then changing salt = str(salt) to salt = chr(salt) should do the trick.

e.g.
import hashlib

def loadHashTable(filename):
	hash_table = {}
	with open(filename,'r') as inp_file:
		for word in inp_file.readlines():
			word = word.strip()
			for salt in range(0,256):
				salt = chr(salt)
				hash_table[hashlib.md5(salt+word).hexdigest()] = word
	return hash_table

def processPasswordFile(filename, hash_table):
	def getPassword(pwdHash):
		if pwdHash in hash_table:
			return hash_table[pwdHash]
		return '*NO MATCH*'
		
	with open(filename,'r') as fh:
		for line in fh.readlines():
			bits = line.strip().split(":")
			if len(bits)>1:
				login, pwd = bits[:2]
				print '{0:<15} {1:<20} {2}'.format(login, getPassword(pwd), pwd)

def main():
	print("Generating Hashes...")
	ht = loadHashTable('d2.txt')
	processPasswordFile('p2.txt', ht)

main()



I'm only showing code because globals are bad and functions are good. Use more functions.

This decoded all passwords from your file. Good luck.
Was This Post Helpful? 2
  • +
  • -

#3 ledererster  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 14-October 11

Re: How to change python string to unsigned char array?

Posted 04 October 2012 - 05:37 AM

Thank you so much! After some tinkering I've finally got it working.
Was This Post Helpful? 0
  • +
  • -

#4 MarcBartel  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 08-March 11

Re: How to change python string to unsigned char array?

Posted 20 February 2014 - 01:37 PM

View Postledererster, on 04 October 2012 - 12:37 PM, said:

Thank you so much! After some tinkering I've finally got it working.



I have posted to this top twice in the last week and in both cases my post has been deleted. Any ideas why?

What am I doing incorrect?

Thank you.
Was This Post Helpful? 0
  • +
  • -

#5 jon.kiparsky  Icon User is offline

  • Pancakes!
  • member icon


Reputation: 7726
  • View blog
  • Posts: 13,045
  • Joined: 19-March 11

Re: How to change python string to unsigned char array?

Posted 20 February 2014 - 02:22 PM

Any time you talk about topics relating to cracking, moderators here get very nervous, and the reflex is to shut the topic down. I don't necessarily share that reflex, but I can understand where it comes from. The idea of helping people perform unauthorized entry makes a lot of people really uncomfortable.

I have trouble with this one, since I also don't want to help crackers, but at the same time, I think that it's really important to understand how these attacks work. You can't understand security without understanding attacks.

So what to do? I'll kill a topic if it looks dodgy, I guess. Until then, I'll let it run.
Was This Post Helpful? 0
  • +
  • -

#6 macosxnerd101  Icon User is offline

  • Self-Trained Economist
  • member icon




Reputation: 10552
  • View blog
  • Posts: 39,054
  • Joined: 27-December 08

Re: How to change python string to unsigned char array?

Posted 20 February 2014 - 02:31 PM

I recall deleting one of your posts, as it was a necro. We generally discourage people from necroposting threads unless they have something to add. In general, if you have a question, you should open up your own thread.

A note on cracking. MD5 is very much outdated and should not be used. I have less of a problem talking about attacks on ciphers which clearly should not be used, than on modern ciphers. I'm not as concerned with a frequency attack on a Caesar cipher than I am about realistic and modern attacks on RSA. In terms of MD5 attacks, I would rather not pursue specifics, so please don't open a thread on an MD5 attack.

On that note, I am closing this thread.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1