Python Script to crack Unix Hash

Here is python script to crack unix hash using dictionary attack.First understand how hash file look like.
victim: HX9LLTdc/jiDE: 503:100:Iama Victim:/home/victim:/bin/sh

We only interested in first two term of string.Here victim is username and HX9LLTdc/jiDE hash password.
First two character of hash password is salt in our case HX is salt which has been added to the hash.

In python there is crypt module available to generate unix hash for specific salt.

As you can see we calculate unix hash with help of given plain text password & salt.

#!/usr/bin/python
# -*- coding: utf-8 -*-
import crypt

def testPass(cryptPass):
salt = cryptPass[0:2]
dictFile = open(‘dictionary.txt’, ‘r’)
for word in dictFile.readlines():
word = word.strip(‘\n’)
cryptWord = crypt.crypt(word, salt)
if cryptWord == cryptPass:
print ‘[+] Found Password: ‘ + word + ‘\n’
return
print ‘[-] Password Not Found.\n’
return

def main():
passFile = open(‘passwords.txt’)
for line in passFile.readlines():
if ‘:’ in line:
user = line.split(‘:’)[0]
cryptPass = line.split(‘:’)[1].strip(‘ ‘)
print ‘[*] Cracking Password For: ‘ + user
testPass(cryptPass)

if __name__ == ‘__main__’:
main()

(1)There should be password hash file which name should be passwords.txt & it should be in same folder with script.

(2)There should be dictionary file which name should be dictionary.txt & it should be in same folder with script.

(1)main function:-

passFile = open(‘passwords.txt’) :- Open password file.

for line in passFile.readlines(): iterate through number of lines in file. It is used when there is more than one user string in password file ;now we assume that we have only one string in password file so we can ignore it.

if ‘:’ in line: :- If there is : present in string than execute following stattemens

user = line.split(‘:’)[0] :-

line.split(‘:’)[0] :- split string by delimiter :

for example our sting is as follow

victim: HX9LLTdc/jiDE: 503:100:Iama Victim:/home/victim:/bin/sh

than it separate string by delimiter :

So line.split(‘:’)[0] becomes victim ;line.split(‘:’)[1] becomes HX9LLTdc/jiDE and so on.

Now we save line.split(‘:’)[0] value to username variable.

cryptPass = line.split(‘:’)[1].strip(‘ ‘) :- as mentioned previously it extract hash from string & strip(‘ ‘) remove leading whitespace & saved to variable cryptPass.

So still now we only extract username & hash from password file & save it to variable. Next is calling of testPass function.

(2)testPass :-

salt = cryptPass[0:2] :- As we mentioned in starting that first two character are salt ;so we extract salt from hash. & saved it to variable salt.

dictFile = open(‘dictionary.txt’, ‘r’) = Open dictionary in read only mode.

for word in dictFile.readlines(): :- iterate through the number of word in dictionary.

word = word.strip(‘\n’) :- strip word from dictionary file & \n is used for next word when for loop is running next time.

cryptWord = crypt.crypt(word, salt) :- it generate unix hash from word of dictionary file & salt which we extracted from hash.

if cryptWord == cryptPass: Now if calculated hash & hash in password file will be match than it will print password found on screen otherwise for loop will running for number of words in dictionary file.

python-script-crack-unix-hash

Usage of script

chmod +x script_name.py

./script_name.py

Banner Grabbing Python Script

This is simple banner grabbing python script which can grab service banner of ports 21,22,25,80,110,443. If you want to grab banner of different ports ;you can modified it as per your requirement.

#!/usr/bin/python
import socket

def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
banner = s.recv(1024)
return banner
except:
return

def main():

portList = [21,22,25,80,110,443]
for x in range(147, 150):
ip = ‘192.168.95.’ + str(x)
for port in portList:
banner = retBanner(ip, port)
if banner:
print ‘[+] ‘ + ip + ‘ : ‘ + banner

if __name__ == ‘__main__’:
main()

First we import socket library to script. Then we defined two function (1)retBanner (2)main

(1)retBanner:-

socket.setdefaulttimeout(2) indicate that default timeout of socket is 2 second.

s = socket.socket() indicate that we open socket.

s.connect((ip, port)) indicate that connect socket to specific i.p. and specific port.

s.recv(1024) read next 1024 bytes of socket & save it value to variable banner.

(2)main:-

portList = [21,22,25,80,110,443] :- grabbing banner of these ports.If you want to grab more port just add port number in portList array.

for x in range(147, 150): :- It is used for grab banner of block of i.p. It only change fourth octet of i.p. address. Change value according to your requirement.

ip = ‘192.168.95.’ + str(x) :- we defined first three octet of i.p. ;& fourth octet is come from for loop.

for port in portList: :- Scan one by one port from array portList.

banner = retBanner(ip, port) : we called first function retBanner & saved it value to variable banner.

And last two line indicate that if we got banner than print on screen with i.p. : banner.

(3)if __name__ == ‘__main__’: It indicate that hat our Python files can act as either reusable modules, or as standalone programs.

And last line of calling of main function.

python_banner_grabbing

Usage of script
chmod +x script_name
python script_name