Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # -*- coding: utf-8 -*-
- '''Trouve les users avec un password en MD5 et tente la récupération par dictionnaire'''
- __author__ = u'DELGEHIER Cedric'
- __email__ = u'cedric.delgehier@worldline.com'
- __maintainer__ = u'DELGEHIER Cedric'
- __date__ = u'20160326'
- __version__ = u'0.1'
- # check : authconfig --test|grep -B2 hashing
- #1 = MD5 hashing algorithm.
- #2 = Blowfish Algorithm is in use.
- #2a = eksblowfish Algorithm
- #5 = SHA-256 Algorithm
- #6 = SHA-512 Algorithm
- from crypt import crypt
- debug = False
- def testByDico (user, passwd):
- '''
- Compare le mot de passe crypté trouvé dans le shadow a une liste de mots
- :param user: le user trouvé dans le shadow
- :param passwd: le champ password du shadow
- :return:
- '''
- if debug:
- print '\ttest by dico for {} pass'.format(user, passwd)
- try:
- algo, salt, encrypted = passwd.split("$")[1], passwd.split("$")[2], passwd.split("$")[3]
- algo_salt = '$' + algo + '$' + salt + '$'
- except IndexError as e:
- return
- #MD5 only
- if algo == '1':
- with open ('./rockyou.txt', 'r') as dico:
- if debug:
- print '\tdico open'
- print 'Search the {} password'.format(user)
- for password in dico.readlines():
- password = password.strip('\n')
- password_crypt = crypt(password, algo_salt)
- if password_crypt == passwd:
- print '\033[1;32m{} password found : {}\033[1;m'.format(user, password)
- return
- print '\t\033[1;31m{} password not found :s\033[1;m'.format(user)
- if __name__ == '__main__':
- with open('./shadow','r') as s:
- if debug:
- print 'shadow open'
- for line in s.readlines():
- line = line.replace('\n','').split(':')
- #if not any(c in line[1] for c in ['*', '!', '#']):
- if line.__len__() > 1 and not line[0].startswith('#') and line[1] not in ['*', '!', 'x']:
- user = line[0]
- passwd = line[1]
- testByDico (user, passwd)
- # Correction du systeme
- # $ authconfig --passalgo=sha512 --update
- # création d'un shadow à partir du passwd et optionnellement d'un shadow existant. (suppression des passwords inutiles)
- # $ pwconv
- # reattribution d'un mot de passe dans cet algo pour tous les users
- # $ for u in $(awk -F: '{if ( $1 != "root" && $2 ~ /^!?[[:alnum:]\.\/\$]/ ) print $1}' /etc/shadow); do passwd --stdin $u <<<$u; done
- # force les users a changer leur password lors du prochain login
- # $ for u in $(awk -F: '{if ( $1 != "root" && $2 ~ /^!?[[:alnum:]\.\/\$]/ ) print $1}' /etc/shadow); do chage -d0 $u; done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement