爆破linux密码 $6$3uwqC9JI$d9iPRmTDAoXs/IbsplxS3iyeErHqw7fUycacXNHyZk1UCSwFEydl515/zXN7OEwHnyUaqYcNG...

#!/usr/bin/env python
# -*- coding:UTF-8 -*-

import crypt
import sys

# 哈希密码的前两位就是盐的前两位，这里我们假设盐只有两位。
# 程序分两部分，一部分是打开字典，另一部分是哈希匹配密码

#standard DES, two salt
def desPass(cryptpass):
    #get salt from the front place
    saltf = cryptpass[0:2]
    return saltf

#for $6$        
def sha512Pass(cryptpass):
    saltf = "$6$"+cryptpass.split("$")[2]
    return saltf

#for $5$
def sha256Pass(cryptpass):
    saltf = "$5$"+cryptpass.split("$")[2]
    # saltf = "$5$rounds=5000$anexamplestringf"
    return saltf

def main():
    banner = '''
        python CrackPass.py 5
        one params is type for you are cracking
        0 ---- standard DES  for 2 salt
        5 ---- sha256 crypt  $5$salt$secret
        6 ---- sha512 crypt  $6$salt$secret

        salt contains $5$salt
        if $salt contain "$",will cause inaccuracy. Maybe you need set the salt by your hand,for example:# saltf = "$5$rounds=5000$anexamplestringf"
    '''
    print banner
    method = sys.argv[1]
    passfile = open('Password','r')
    #从文件中一行一行读取
    for line in passfile.readlines():
        cryptpass = line.strip()
        print "Cracking Password For: %s"%cryptpass

        #select type
        if method == "0":
            salt = desPass(cryptpass)
        elif method == "6":
            salt = sha512Pass(cryptpass)
        elif method == "5":
            salt = sha256Pass(cryptpass)
        print salt
        dictfile = open('dictionary','r')
        for word in dictfile.readlines():
            word = word.strip('\n')
            cryWord = crypt.crypt(word,salt)

            if cryptpass == cryWord:
                print "Found passwd: %s"%word
                print "ok"
                return
            print "Password not found!"

if __name__ == '__main__':
    main()

现在只写了$6$　　$5$开头的和一种普通的DES两位盐加密的

爆破linux一般用￥6￥

注意一般密文由3部分组成，以”$”分隔，第一部分为ID，第二部分为盐值，第三部分为加密密文

真正的盐值包括ID部分，我上面判断salt是根据$分割，默认是密文中只有三个$

有时salt中本来就含有$,

这时就需要自己指定salt了，saltf = "$5$rounds=5000$anexamplestringf"

可以观察出来，观察不出来，就多尝试

 

我的　　QQ921658495  希望与大家交流