Welcome again folks 🔥,
In this blog of the series “Python For Hackers”, we are again building an easy tool which is a hash cracker, which helps us to crack the hash and get its original value.
🏮 What is Hash Cracking
The process of reversing a cryptographic hash function to retrieve the original input is known as hash cracking. Hash functions are used to securely store passwords and other sensitive data. The hash function takes input data and returns a fixed-length output result known as a hash. The hash value is unique to the input data, but it is difficult to reverse the hash function to recover the original input.
How does Subdomain Brute Forcing help hackers?
- Gaining access to accounts and systems: Once a hash has been broken, a hacker can exploit the password to obtain illegal access to accounts and systems such as email accounts, bank accounts, social media accounts, and business networks.
- Stealing sensitive data: A hacker can steal sensitive data such as personal information, financial information, and trade secrets if they get access to an account or system.
- Launching further attacks: Hackers can also use cracked hashes to launch additional attacks like phishing and man-in-the-middle assaults.
⭕ Building The tool
Importing all the necessary modules in our file
from os import path
hashlib is a Python module that provides a common interface to many different secure hash and message digest algorithms.
Coding out code outside functions
if __name__ == "__main__":
hash_format = input("Enter the hash format (sha256, md5, sha1, sha512, or sha384): ")
password = input("Enter the password to crack: ")
common_passwords_file = input("Enter the Location of the passwords file : ")
if not path.exists(common_passwords_file):
print(colored("[-] Provide a valid wordlist file!", 'red'))
cracker = PasswordCracker(hash_format)
cracked_password = cracker.crack_password(common_passwords_file)
print("The password is:", cracked_password)
print("The password could not be cracked.")
Let’s understand various elements from the code :
- The first line checks whether the script is being run as the main program (not imported as a module into another script). If it’s the main program, the code inside the
if block will be executed.
- Then we ask the user to input the hash format type in which the hash is.
- Then we ask the user for the hash itself and store it in a variable named
- After that, we prompt the user for the common password file.
- In the next lines, we check if the password file exists or not, if not we exit out of the program.
- Then we create an object cracker with the class
PasswordCracker by providing the hash_format ’hash_format`.
- Then we call the method
cracker.hash_password. This method is called to hash the provided password using the specified hash format. It updates the
hashed_password attribute of the
PasswordCracker instance with the hashed password.
- Then we call the method
cracker.hash_password using the passwords file, this method is responsible for cracking the hashed password by comparing it to a list of common passwords from the specified file. If a match is found, it returns the cracked password, which is stored in the
- Then if there is a value in the
cracked_password variable, we print its value else we print the password that could not be cracked.
Let’s understand the code :
def __init__(self, hash_format):
if hash_format is not in hashlib.algorithms_guaranteed:
raise ValueError("Invalid hash format")
self.hash_format = hash_format
self.hashed_password = None
- Firstly we define the class
PasswordCracker and as the first method, we define the
__init__ method using the self and
hash_format argument which is the method that helps in the construction of the class. When you create an instance of the class this is the first method that gets called automatically.
- In the method we check if the provided hash is in the guaranteed
hash algorithms provided by the
hashlib module. If the
hash_format is not in the list, it means the provided hash format is not supported by Python’s
hashlib module, and it raises a
ValueError with the message “Invalid hash format.”
- Then we create an instance variable called
hash_format and we assign it the value of the
hash_format value passed on.
- Then we again create an instance variable called
hashed_password and we for now assign the value none and after that, we will assign it the value of the cracked password in the future.
def hash_password(self, password):
hasher = hashlib.new(self.hash_format)
self.hashed_password = hasher.hexdigest()
hash_password function is responsible for hashing a given password using the hash format specified when the
PasswordCracker instance was created.
hasher = hashlib.new(self.hash_format): This line creates a new hashlib object based on the ‘hash_format’ attribute stored in the ‘PasswordCracker’ instance. When you construct a ‘PasswordCracker’ instance, you specify the ‘hash_format’ attribute, which defines the type of hash algorithm to be utilized (e.g., “sha256,” “md5,” etc.).
hasher.update(password.encode()): The hasher object’s update method is called with the password as input. Before hashing, the password string must be converted to bytes using password.encode(). This is necessary since the update function requires bytes as input.
self.hashed_password = hasher.hexdigest(): The hashing operation’s result is saved in the PasswordCracker instance’s hashed_password attribute. The hexdigest() method is used to obtain the hash’s hexadecimal representation, and this hexadecimal string is given to self.hashed_password.
crack_password method attempts to crack a hashed password by comparing it to a list of common passwords read from a file. The code includes error handling to deal with the possibility of the common password file not being found.
def crack_password(self, common_passwords_file):
with open(common_passwords_file, "r") as f:
common_passwords = f.readlines()
for common_password in common_passwords:
hasher = hashlib.new(self.hash_format)
hashed_common_password = hasher.hexdigest()
if self.hashed_password == hashed_common_password:
- The method takes the self keyword and the
- Inside the Try block, we open the file in
read_mode and read all the lines.
- Then we loop every line in lines using a for loop, we create a new
hashlib object based on the
hash_format attribute stored within the new
PasswordCracker instance and store it in a variable named hasher.
update method of the
hasher object is called with the current
common_password as input. Similar to hashing the original password, the
common_password is converted to bytes using
common_password.encode() before hashing.
- Then the next line
hasher.hexdigest() computes the hash of the current
common_password and stores it as
- Now we check if both the hashes are the same, and we return the password.