Welcome again folks đ„,
In this blog of the series âPython For Hackersâ, we are again building an easy tool which is a hash cracker, which helps us to crack the hash and get its original value.
đź What is Hash Cracking
The process of reversing a cryptographic hash function to retrieve the original input is known as hash cracking. Hash functions are used to securely store passwords and other sensitive data. The hash function takes input data and returns a fixed-length output result known as a hash. The hash value is unique to the input data, but it is difficult to reverse the hash function to recover the original input.
How does Subdomain Brute Forcing help hackers?
- Gaining access to accounts and systems: Once a hash has been broken, a hacker can exploit the password to obtain illegal access to accounts and systems such as email accounts, bank accounts, social media accounts, and business networks.
- Stealing sensitive data: A hacker can steal sensitive data such as personal information, financial information, and trade secrets if they get access to an account or system.
- Launching further attacks: Hackers can also use cracked hashes to launch additional attacks like phishing and man-in-the-middle assaults.
â Building The tool
Importing all the necessary modules in our file
import hashlib
from os import path
hashlib
is a Python module that provides a common interface to many different secure hash and message digest algorithms.
Coding out code outside functions
if __name__ == "__main__":
  hash_format = input("Enter the hash format (sha256, md5, sha1, sha512, or sha384): ")
  password = input("Enter the password to crack: ")
  common_passwords_file = input("Enter the Location of the passwords file : ")
if not path.exists(common_passwords_file):
print(colored("[-] Provide a valid wordlist file!", 'red'))
exit()
  cracker = PasswordCracker(hash_format)
  cracker.hash_password(password)
  cracked_password = cracker.crack_password(common_passwords_file)
  if cracked_password:
    print("The password is:", cracked_password)
  else:
    print("The password could not be cracked.")
Letâs understand various elements from the code :
- The first line checks whether the script is being run as the main program (not imported as a module into another script). If itâs the main program, the code inside the
if
block will be executed.
- Then we ask the user to input the hash format type in which the hash is.
- Then we ask the user for the hash itself and store it in a variable named
password
- After that, we prompt the user for the common password file.
- In the next lines, we check if the password file exists or not, if not we exit out of the program.
- Then we create an object cracker with the class
PasswordCracker
by providing the hash_format âhash_format`.
- Then we call the method
cracker.hash_password
. This method is called to hash the provided password using the specified hash format. It updates the hashed_password
attribute of the PasswordCracker
instance with the hashed password.
- Then we call the method
cracker.hash_password
using the passwords file, this method is responsible for cracking the hashed password by comparing it to a list of common passwords from the specified file. If a match is found, it returns the cracked password, which is stored in the cracked_password
variable.
- Then if there is a value in the
cracked_password
variable, we print its value else we print the password that could not be cracked.
Coding out PasswordCracker
class
Defining the __init__
method
class PasswordCracker:
def __init__(self, hash_format):
if hash_format is not in hashlib.algorithms_guaranteed:
raise ValueError("Invalid hash format")
self.hash_format = hash_format
self.hashed_password = None
Letâs understand the code :
- Firstly we define the class
PasswordCracker
and as the first method, we define the __init__
method using the self andhash_format
argument which is the method that helps in the construction of the class. When you create an instance of the class this is the first method that gets called automatically.
- In the method we check if the provided hash is in the guaranteed
hash
algorithms provided by the hashlib
module. If the hash_format
is not in the list, it means the provided hash format is not supported by Pythonâs hashlib
module, and it raises a ValueError
with the message âInvalid hash format.â
- Then we create an instance variable called
hash_format
and we assign it the value of the hash_format
value passed on.
- Then we again create an instance variable called
hashed_password
and we for now assign the value none and after that, we will assign it the value of the cracked password in the future.
Defining the hash_password
method
def hash_password(self, password):
    hasher = hashlib.new(self.hash_format)
    hasher.update(password.encode())
    self.hashed_password = hasher.hexdigest()
The hash_password
function is responsible for hashing a given password using the hash format specified when the PasswordCracker
instance was created.
hasher = hashlib.new(self.hash_format)
: This line creates a new hashlib object based on the âhash_formatâ attribute stored in the âPasswordCrackerâ instance. When you construct a âPasswordCrackerâ instance, you specify the âhash_formatâ attribute, which defines the type of hash algorithm to be utilized (e.g., âsha256,â âmd5,â etc.).
hasher.update(password.encode())
: The hasher objectâs update method is called with the password as input. Before hashing, the password string must be converted to bytes using password.encode(). This is necessary since the update function requires bytes as input.
self.hashed_password = hasher.hexdigest():
The hashing operationâs result is saved in the PasswordCracker instanceâs hashed_password attribute. The hexdigest() method is used to obtain the hashâs hexadecimal representation, and this hexadecimal string is given to self.hashed_password.
Defining the crack_password
method
The crack_password
method attempts to crack a hashed password by comparing it to a list of common passwords read from a file. The code includes error handling to deal with the possibility of the common password file not being found.
def crack_password(self, common_passwords_file):
with open(common_passwords_file, "r") as f:
common_passwords = f.readlines()
for common_password in common_passwords:
hasher = hashlib.new(self.hash_format)
hasher.update(common_password.encode())
hashed_common_password = hasher.hexdigest()
if self.hashed_password == hashed_common_password:
return common_password.strip()
- The method takes the self keyword and the
common_password_file
- Inside the Try block, we open the file in
read_mode
and read all the lines.
- Then we loop every line in lines using a for loop, we create a new
hashlib
object based on the hash_format
attribute stored within the new PasswordCracker
instance and store it in a variable named hasher.
- The
update
method of the hasher
object is called with the current common_password
as input. Similar to hashing the original password, the common_password
is converted to bytes using common_password.encode()
before hashing.
- Then the next line
hasher.hexdigest()
computes the hash of the current common_password
and stores it as hashed_common_password
.
- Now we check if both the hashes are the same, and we return the password.