API tools faq
paste
Advertisement
Guest User

Parola_SSC

a guest
Oct 23rd, 2019
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.07 KB | None | 0 0
raw download clone embed print report
  1. #include <iostream>
  2. #include <list>
  3. #include <cstring>
  4. #include <crypt.h>
  5. using namespace std;
  6. //this is an example line from the shadow file:/$6$Iy/hHRfM$gC.Fw7CbqG.Qc9p9X59Tmo5uEHCf0ZAKCsPZuiYUKcejrsGuZtES1VQiusSTen0NRUPYN0v1z76PwX2G2.v1l1:15001:0:99999:7:::
  7. // the salt and password values are extracted as
  8. string target_salt = "$6$EPFCOW32$";
  9. string target_pw_hash = "$6$EPFCOW32$US1gmlg7Fd.oG.DaPDZbniTM36QTMiHTpdPlkp4ojvI4IrS2RorY4hjb//3VIeDoGNcqZ6WU76w6ynkLq/2rF1";
  10. // define a null string which is returned in case of failure to find the password
  11. char null[] = {'\0'};
  12. // define the maximum length for the password to be searched
  13. #define MAX_LEN 6
  14. list<char*> pwlist;
  15. // check if the pw and salt are matching the hash
  16. int check_password(char* pw, char* salt, char* hash)
  17. {
  18. char* res = crypt(pw, salt);
  19. cout << "password " << pw << "\n";
  20. cout << "hashes to " << res << "\n";
  21. for (int i = 0; i<strlen(hash); i++)
  22. if (res[i]!=hash[i]) return 0;
  23. cout << "match !!!" << "\n";
  24. return 1;
  25. }
  26. // builds passwords from the given character set
  27. // and verifies if they match the target
  28. char* exhaustive_search(char* charset, char* salt, char* target)
  29. {
  30. char* current_password;
  31. char* new_password;
  32. int i, current_len;
  33. // begin by adding each character as a potential 1 character password
  34. for (i = 0; i<strlen(charset); i++){
  35. new_password = new char[2];
  36. new_password[0] = charset[i];
  37.  
  38. new_password[1] = '\0';
  39. pwlist.push_back(new_password);
  40. }
  41. while(true){
  42. // test if queue is not empty and return null if so
  43. if (pwlist.empty()) return null;
  44. // get the current current_password from queue
  45. current_password = pwlist.front();
  46. current_len = strlen(current_password);
  47. // check if current password is the target password, if yes return the current_password
  48. if
  49. (check_password(current_password, salt, target))
  50. return
  51. current_password;
  52. // else generates new passwords from the current one by appending each character from the charlist
  53. // only if the current length is less than the maxlength
  54. if(current_len < MAX_LEN){
  55. for (i = 0; i < strlen(charset); i++){
  56. new_password = new char[current_len + 2];
  57. memcpy(new_password, current_password, current_len);
  58. new_password[current_len] = charset[i];
  59. new_password[current_len+1] = '\0';
  60. pwlist.push_back(new_password);
  61. }
  62. }
  63. // now remove the front element as it didn't match the password
  64. pwlist.pop_front();
  65. }
  66. }
  67. main()
  68. {
  69. char* salt;
  70. char* target;
  71. char* password;
  72. // define the character set from which the password will be built
  73.  
  74. char charset[] = {'b', 'a', 'c', '\0'};
  75. //convert the salt from string to char*
  76. salt = new char[target_salt.length()+1];
  77. copy(target_salt.begin(), target_salt.end(), salt);
  78. //convert the hash from string to char*
  79. target = new char[target_pw_hash.length()+1];
  80. copy(target_pw_hash.begin(), target_pw_hash.end(), target);
  81. //start the search
  82. password = exhaustive_search(charset, salt, target);
  83. if (strlen(password)!= 0) cout << "Password successfuly recovered: " << password << "\n";
  84. else cout << "Failure to find password, try distinct character set of size \n";
  85. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!