Jump to content
Sign in to follow this  
onismus

Crack shadow file with C++

Recommended Posts

Salutare, imi cer scuze daca am gresit sectiunea sau e o intrebare mult prea usoara pt acest forum ( e prima mea postare ). Am primit la facultate un cod pt spart o parola shadow ( era dintr-un exemplu) iar dupa ce am testat acel exemplu, am primit un alt hash pe care sa-l spargem, insa fara niciun cod sursa. Deci mai pe scurt, poate cineva sa ma ajute sa modific acel exemplu primit pt hash-ul pe care trebuie sa-l sparg?

Quote

#include <iostream> 
#include <list> 
#include <cstring>
#include <crypt.h> 
 
using namespace std; 
 
//this is an example line from the shadow file:

//$6$Iy/hHRfM$gC.Fw7CbqG.Qc9p9X59Tmo5uEHCf0ZAKCsPZuiYUKcejrsGu ZtES1VQiusSTen0NRUPYN0v1z76PwX2G2.v1l1:15001:0:99999:7::: 
// the salt and password values are extracted as 
 
string target_salt = "$6$Iy/hHRfM$";
string target_pw_hash = "$6$Iy/hHRfM$gC.Fw7CbqG.Qc9p9X59Tmo5uEHCf0ZAKCsPZuiYUKcejrsGuZtES1VQiusSTen0NRUPYN0v1z76PwX2G2.v1l1";
  
// define a null string which is returned in case of failure to find the password 
char null[] = {'\0'}; 
 
// define the maximum length for the password to be searched 
#define MAX_LEN 6 
 
list<char*> pwlist; 
 
// check if the pw and salt are matching the hash
 int check_password(char* pw, char* salt, char* hash) 

char* res = crypt(pw, salt);
 cout << "password " << pw << "\n";
 cout << "hashes to " << res << "\n";
 for (int i = 0; i<strlen(hash); i++) 
 if (res!=hash) return 0;
 cout << "match !!!" << "\n";
 return 1; } 
 
// builds passwords from the given character set 
 // and verifies if they match the target 
 char* exhaustive_search(char* charset, char* salt, char* target) 
{ char* current_password; 
char* new_password;
 int i, current_len; 
 
// begin by adding each character as a potential 1 character password 
for (i = 0; i<strlen(charset); i++){
          new_password = new char[2]; 
 new_password[0] = charset;  

 new_password[1] = '\0'; 
 pwlist.push_back(new_password);
  } 
 
while(true){    
 
// test if queue is not empty and return null if so
 if (pwlist.empty()) return null; 
 
// get the current current_password from queue 
current_password = pwlist.front();
 current_len = strlen(current_password); 
 
// check if current password is the target password, if yes return the current_password 
if (check_password(current_password, salt, target)) return current_password; 
 
// else generates new passwords from the current one by appending each character from the charlist 
// only if the current length is less than the maxlength 
if(current_len < MAX_LEN){ 
 for (i = 0; i < strlen(charset); i++){    
      new_password = new char[current_len + 2];
  memcpy(new_password, current_password, current_len); 
  new_password[current_len] = charset;  
  new_password[current_len+1] = '\0';  
  pwlist.push_back(new_password); 
 }
 } // now remove the front element as it didn't match the password 
pwlist.pop_front(); } } 
 
main() {  char* salt;
  char* target;
  char* password;
  // define the character set from which the password will be built 
 char charset[] = {'b', 'o', 'g', 'd', 'a', 'n', '\0'}; 
 //convert the salt from string to char*
  salt = new char[target_salt.length()+1];
  copy(target_salt.begin(), target_salt.end(), salt);
  //convert the hash from string to char* 
 target = new char[target_pw_hash.length()+1]; 
 copy(target_pw_hash.begin(), target_pw_hash.end(), target); 
 //start the search 
 password = exhaustive_search(charset, salt, target); 
 if (strlen(password)!= 0) cout << "Password successfuly recovered: " << password << "  \n"; 
 else cout << "Failure to find password, try distinct character set of size \n"; 

 

Aici e exemplul primit de la facultate. Acum enuntul problemei de care nu-i dau de cap suna asa : " Find the password that corresponds to the following shadows entry, having in mind that the character set is {a, b, c, 1, 2, !, @, #} and the non-alphanumerical symbols occur only at the end of the password  ". 

tom:$6$SvT3dVpN$lwb3GViLl0J0ntNk5BAWe2WtkbjSBMXtSkDCtZUkVhVPiz5 X37WflWL4k3ZUusdoyh7IOUlSXE1jUHxIrg29p.:16471:0:99999:7:::   (asta e hash-ul pe care trebuie sa-l sparg)

Ma poate ajuta cineva sa sparg acest shadow, utilizand exemplul de mai sus ? Multumesc frumos! 

Share this post


Link to post
Share on other sites

1. Did you google first? :)) 

2. Nu iti va face nimeni temele.

3. Nu asa abordezi situatia.

4. Mi se pare ca nu ti-ai batut capul prea mult.

Edited by BiosHell
  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, BiosHell said:

1. Did you google first? :)) 

2. Nu iti va face nimeni temele.

3. Nu asa abordezi situatia.

4. Mi se pare ca nu ti-ai batut capul prea mult.

am datu un google si n-am gasit nimic. Stiu ca nu imi face nimeni temele, am nevoie doar de o idee :)) am incercat sa pun un if ca ultimele litere sa nu contina caractere alphanumerice si tot nu mi-a gasit parola. Si cum as aborda situatia?:)) Mersi frumos oricum pt raspuns, apreciez 😁

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...