Crack shadow file with C++

[onismus]

Salutare, imi cer scuze daca am gresit sectiunea sau e o intrebare mult prea usoara pt acest forum ( e prima mea postare ). Am primit la facultate un cod pt spart o parola shadow ( era dintr-un exemplu) iar dupa ce am testat acel exemplu, am primit un alt hash pe care sa-l spargem, insa fara niciun cod sursa. Deci mai pe scurt, poate cineva sa ma ajute sa modific acel exemplu primit pt hash-ul pe care trebuie sa-l sparg?

Quote

#include <iostream> 
#include <list> 
#include <cstring>
#include <crypt.h> 
 
using namespace std; 
 
//this is an example line from the shadow file:

//$6$Iy/hHRfM$gC.Fw7CbqG.Qc9p9X59Tmo5uEHCf0ZAKCsPZuiYUKcejrsGu ZtES1VQiusSTen0NRUPYN0v1z76PwX2G2.v1l1:15001:0:99999:7::: 
// the salt and password values are extracted as 
 
string target_salt = "$6$Iy/hHRfM$";
string target_pw_hash = "$6$Iy/hHRfM$gC.Fw7CbqG.Qc9p9X59Tmo5uEHCf0ZAKCsPZuiYUKcejrsGuZtES1VQiusSTen0NRUPYN0v1z76PwX2G2.v1l1";
  
// define a null string which is returned in case of failure to find the password 
char null[] = {'\0'}; 
 
// define the maximum length for the password to be searched 
#define MAX_LEN 6 
 
list<char*> pwlist; 
 
// check if the pw and salt are matching the hash
 int check_password(char* pw, char* salt, char* hash) 
{ 
char* res = crypt(pw, salt);
 cout << "password " << pw << "\n";
 cout << "hashes to " << res << "\n";
 for (int i = 0; i<strlen(hash); i++) 
 if (res!=hash) return 0;
 cout << "match !!!" << "\n";
 return 1; } 
 
// builds passwords from the given character set 
 // and verifies if they match the target 
 char* exhaustive_search(char* charset, char* salt, char* target) 
{ char* current_password; 
char* new_password;
 int i, current_len; 
 
// begin by adding each character as a potential 1 character password 
for (i = 0; i<strlen(charset); i++){
          new_password = new char[2]; 
 new_password[0] = charset;  

 new_password[1] = '\0'; 
 pwlist.push_back(new_password);
  } 
 
while(true){    
 
// test if queue is not empty and return null if so
 if (pwlist.empty()) return null; 
 
// get the current current_password from queue 
current_password = pwlist.front();
 current_len = strlen(current_password); 
 
// check if current password is the target password, if yes return the current_password 
if (check_password(current_password, salt, target)) return current_password; 
 
// else generates new passwords from the current one by appending each character from the charlist 
// only if the current length is less than the maxlength 
if(current_len < MAX_LEN){ 
 for (i = 0; i < strlen(charset); i++){    
      new_password = new char[current_len + 2];
  memcpy(new_password, current_password, current_len); 
  new_password[current_len] = charset;  
  new_password[current_len+1] = '\0';  
  pwlist.push_back(new_password); 
 }
 } // now remove the front element as it didn't match the password 
pwlist.pop_front(); } } 
 
main() {  char* salt;
  char* target;
  char* password;
  // define the character set from which the password will be built 
 char charset[] = {'b', 'o', 'g', 'd', 'a', 'n', '\0'}; 
 //convert the salt from string to char*
  salt = new char[target_salt.length()+1];
  copy(target_salt.begin(), target_salt.end(), salt);
  //convert the hash from string to char* 
 target = new char[target_pw_hash.length()+1]; 
 copy(target_pw_hash.begin(), target_pw_hash.end(), target); 
 //start the search 
 password = exhaustive_search(charset, salt, target); 
 if (strlen(password)!= 0) cout << "Password successfuly recovered: " << password << "  \n"; 
 else cout << "Failure to find password, try distinct character set of size \n"; 
} 
 

Aici e exemplul primit de la facultate. Acum enuntul problemei de care nu-i dau de cap suna asa : " Find the password that corresponds to the following shadows entry, having in mind that the character set is {a, b, c, 1, 2, !, @, #} and the non-alphanumerical symbols occur only at the end of the password  ". 

tom:$6$SvT3dVpN$lwb3GViLl0J0ntNk5BAWe2WtkbjSBMXtSkDCtZUkVhVPiz5 X37WflWL4k3ZUusdoyh7IOUlSXE1jUHxIrg29p.:16471:0:99999:7:::   (asta e hash-ul pe care trebuie sa-l sparg)

Ma poate ajuta cineva sa sparg acest shadow, utilizand exemplul de mai sus ? Multumesc frumos! 

[onismus]

niciun hacker pe aici?:))

[onismus]

1 hour ago, BiosHell said:

1. Did you google first?  

2. Nu iti va face nimeni temele.

3. Nu asa abordezi situatia.

4. Mi se pare ca nu ti-ai batut capul prea mult.

am datu un google si n-am gasit nimic. Stiu ca nu imi face nimeni temele, am nevoie doar de o idee am incercat sa pun un if ca ultimele litere sa nu contina caractere alphanumerice si tot nu mi-a gasit parola. Si cum as aborda situatia?:)) Mersi frumos oricum pt raspuns, apreciez 😁

[Blastro]

Stiu sa-ti rezolv problema. Dar tu trebuie sa ti o rezolvi nu îți mai pune baza in altcineva pune tot ce ai invatat la facultate acolo   , ca nu ai facut-o degeaba sper .