Prior to beginning the code, we must import the hashlib Python library. With the correct import, we can develop the necessary functionality for this script to function.
Crumbling Ashes
This script consists of only a single method, which will receive a hashed password as input. This also means that the present implementation of this script will only attempt to crack a single password at a time, rather than iterating over a list of hashes. Typically, this is done following leaks of bigger databases where such capability is required.
The initial section of this script is centred on a try/except statement. This is the situation because the saved wordlist of passwords in raw format must be opened prior to usage. The wordlist.txt file is stored in the same folder as our script in the following code, but this may be modified by appending a path prefix to the file name. The wordlist.txt file contains words/passwords that are separated by line split (search online, e.g. on GitHub, for larger lists of leaked passwords or commonly used passwords in general):
admin123 password1 name
Once the file has been set to the passFile variable, it is time to iterate through each line of the file. Then, each line/password is hashed using the MD5 algorithm. This is the case because we require the hashed value of each word in order to compare it to the input hash. If the two hashes match, the password has been successfully cracked and the following string is output to the console:
Once the file has been assigned to the variable passFile its time to loop over each line in the file. Each line/password is then hashed using the md5 hashing algotihm. This is the case as we need the hashed value of each word to compare against our input hash. If the two hashes matches, we have successfully cracked the password and the following string is printed to the console:
Password Found: <password>
def crackHash(inputPass):
try:
passFile = open("wordlist.txt", "r")
except:
print("Could not find file")
for password in passFile:
encPass = password.encode("utf-8")
digest = hashlib.md5(encPass.strip()).hexdigest()
if digest == inputPass:
print("Password Found: " + password)
The last step is to call our method and give it a md5 hashed string as input. You can customize the script to use other hashing algorithms or even try multiple to increase the chance of the password being cracked.
if __name__ == '__main__':
crackHash("22c276a05aa7c90566ae2175bcc2a9b0")