Brute-force cracking SHA-512 passwords in unix password file

Question

I have a school assignment which consists of me having to crack a unix password file, the passwords were created using SHA-512,

I'm using python3, to write my password cracking script, which goes through a password file, adds the salt and compares each password until the hash is found.

Here is my code:

#!/usr/bin/env python3
import crypt
passFile = open('passwords.txt', 'r')

salt_MD5 = []
hash_MD5 = []
salt_SHA512 = []
hash_SHA512 = []
for line in passFile:
    if "$6$" in line:
        temp1 = line.split(":")
        temp1 = temp1[1]
        salt_SHA512.append(temp1[:11])
        hash_SHA512.append(temp1)
    if "$1$" in line:
        temp1 = line.split(":")
        temp1 = temp1[1]
        salt_MD5.append(temp1[:11])
        hash_MD5.append(temp1)

print(salt_MD5, hash_MD5)
print(salt_SHA512, hash_SHA512)


crackStation = open('1000000passwords.txt', 'r')

print("Searching for the password...")
counter = 0
for index in crackStation:
    counter += 1
    hashed_value_1 = crypt.crypt(index, salt_MD5[0])
    hashed_value_2 = crypt.crypt(index, salt_MD5[1])
    hashed_value512_1 = crypt.crypt(index, salt_SHA512[0])
    hashed_value512_2 = crypt.crypt(index, salt_SHA512[1])
    if counter % 50000 == 0:
        print("Counter is at: " + str(counter) + " Left to iterate = " + str(1000000-counter))
    # if hashed_value_1 == hash_MD5[0]:
    #   password_1 = index
    #   print("User one has been cracked password is: " + password_1)
    # if hashed_value_2 == hash_MD5[1]:
    #   password_2 = index
    #   print("User two has been cracked password is: " + password_2)
    if hashed_value512_1 == hash_SHA512[0]:
        password_3 = index
        print("User one has been cracked using password: " + password_3)
    if hashed_value512_2 == hash_SHA512[1]:
        password_4 = index
        print("User one has been cracked using password: " + password_4)

print("Search Complete.")

try:
    print(password_1, password_2, password_3, password_4)
except Exception as e:
    print("Oh shit something went wrong :s" + e)

Please disregard the MD5, salt and hash, as that I will deal with later (professor claimed that some of the passwords in the file would be crackable and a fellow student confirmed that he was able to crack both the SHA-512 passwords therefore I commented the MD5 out for the sake of speed)

I'm curious to see WHAT type of encoding I should be using to read from the password file, So far I've tried 'mac_roman', to iterate through the dictionary file, and now I just didn't set an encoding, I'm assuming the default should be UTF-8, but I honestly don't know how to check to confirm.

If anyone has any suggestions on what I can do to get this working I'd really appreciate it!

(I'm attempting the default encoding right now, by not initializing one

crackStation = open('1000000passwords.txt', 'r')

)

If in the case that, that does in fact work I will let you know!

Additonal question:

Could someone tell me what the encoding would be for this password file,

adamkaplan:$6$S4Y0gQuy$QRkLo5t/6KONMAiQY9DIAPojv0Q8CBvDtNqe02sfR7rnEdw.QgSm0LU/JRcIc/Arn/PpK3lxroc19bVQDwUGQ/:17786:0:99999:7:::
cardib:$6$t84.Fvbo$8lKHpxBDnjoHhnFS3.A4ezNZmKfy5MLbe7UGZoOnWgz55j0g5TBx5LOQAujDiqkUuE50EACOZsydlBZgy5jkw/:17786:0:99999:7:::

the password hash isn't BASE64, and the reason I'm asking is because when I use different encodings within a dictionary file each encoding gives a different hash, so that's what is throwing me off, the fact that if I use UTF-8, I will receive a different hash verses latin-1

So what encoding would linux password file be using by default.

If I create a new linux account through the terminal and set a password and go back inside my password file I will have a newly made hash for that new usernames password, and the encoding that was used within that hashing algorithm is what I Would need, or atleast that's what I image would need in order to crack the password.

Hope that isn't too confusing :s

Answer 1

The solution that worked out for me, the reason I wasn't able to crack the passwords were because I failed to strip the new lines from the dictionary words,

simply doing a

line = line.rstrip()

solved my problem, I didn't need to do any type of encoding or anything to have the file work.

Answer 2

I'm curious to see WHAT type of encoding I should be using to read from the password file

You should be using the encoding that the file is encoded in.

Unfortunately, it is impossible in general to tell the encoding of a file from just the file, you need some additional out-of-band information such as a header in the file telling you the encoding, the transmission format telling you the encoding … or just asking the author of the file.

However, since the passwords in the encrypted database are most likely treated as octet streams, it might make sense to treat the password dictionary the same way.

Answer 3

I honestly don't know how to check to confirm.

Use iconv. It'll fail when trying to convert a file containing malformed characters.

Here are some test files:

printf 'ascii only\n' > ascii_only.txt
printf 'utf-8 \342\230\272\n' > utf8.txt
printf 'latin1. pi\361ata.\n' > latin1.txt

Here are some examples:

$ iconv -f utf-8 -t utf-8 < utf8.txt > /dev/null && echo "ok"
ok

$ iconv -f ascii -t utf-8 < utf8.txt > /dev/null && echo "ok"
iconv: illegal input sequence at position 6

$ iconv -f utf-8 -t utf-8 < latin1.txt > /dev/null && echo "ok"
iconv: illegal input sequence at position 10

You can try ASCII, UTF-8 and Latin1 (in that order), and use whichever encoding iconv accepts first.

Even if this wasn't a school assignment, you could realistically expect most passwords to be ASCII.