Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Read Online Free PDF Page B

programming practice to separate your program into separate functions, each with a specific purpose. In the end, this allows us to reuse code and makes the program easier to read. Our main function opens the encrypted password file “passwords.txt” and reads the contents of each line in the password file. For each line, it splits out the username and the hashed password. For each individual hashed password, the main function calls the testPass() function that tests passwords against a dictionary file.
    This function, testPass(), takes the encrypted password as a parameter and returns either after finding the password or exhausting the words in the dictionary. Notice that the function first strips out the salt from the first two characters of the encrypted password hash. Next, it opens the dictionary and iterates through each word in the dictionary, creating an encrypted password hash from the dictionary word and the salt. If the result matches our encrypted password hash, the function prints a message indicating the found password and returns. Otherwise, it continues to test every word in the dictionary.
     import crypt
     def testPass(cryptPass):
      salt = cryptPass[0:2]
      dictFile = open(‘dictionary.txt’,’r’)
      for word in dictFile.readlines():
       word = word.strip(‘\n’)
       cryptWord = crypt.crypt(word,salt)
       if (cryptWord == cryptPass):
        print “[+] Found Password: “+word+”\n”
        return
      print “[-] Password Not Found.\n”
      return
     def main():
      passFile = open(‘passwords.txt’)
      for line in passFile.readlines():
       if “:” in line:
        user = line.split(‘:’)[0]
        cryptPass = line.split(‘:’)[1].strip(‘ ‘)
        print “[∗] Cracking Password For: “+user
        testPass(cryptPass)
     if __name__ == “__main__”:
      main()
    Running our first program, we see that it successfully cracks the password for victim but does not crack the password for root. Thus, we know the system administrator (root) must be using a word not in our dictionary. No need to worry, we’ll cover several other ways in this book to gain root access.
     programmer$ python crack.py
     [∗] Cracking Password For: victim
     [+] Found Password: egg
     [∗] Cracking Password For: root
     [-] Password Not Found.
    On modern ∗Nix based operating systems, the /etc/shadow file stores the hashed password and provides the ability to use more secure hashing algorithms. The following example uses the SHA-512 hashing algorithm. SHA-512 functionality is provided by the Python hashlib library. Can you update the script to crack SHA-512 hashes?
     cat /etc/shadow | grep root
     root:$6$ms32yIGN$NyXj0YofkK14MpRwFHvXQW0yvUid.slJtgxHE2EuQqgD74S/GaGGs5VCnqeC.bS0MzTf/EFS3uspQMNeepIAc.:15503:0:99999:7:::
    Setting the Stage for Your Second Program: Using Evil for Good
    Announcing his Cyber Fast Track program at ShmooCon 2012, Peiter “Mudge” Zatko, the legendary l0pht hacker turned DARPA employee, explained that there are really no offensive or defensive tools-instead there are simply tools ( Zatko, 2012 ). Throughout this book, you may initially find several of the example scripts somewhat offensive in nature. For example, take our last program that cracked passwords on Unix systems. An adversary
could
use the tool to gain unauthorized access to a system; however, could a programmer use this for good as well as evil? Certainly—let’s expand.
    Fast-forward nineteen years from Clifford Stoll’s discovery of the dictionary attack. In early 2007, the Brownsville, TX Fire Department received an anonymous tip that fifty-year-old John Craig Zimmerman browsed child pornography using department resources ( Floyd, 2007 ). Almost immediately, the Brownsville Fire Department granted Brownsville police investigators access to Zimmerman’s work computer and external hard drive ( Floyd, 2007 ). The police department brought in city programmer Albert Castillo