Sunny Jovita – 2301939046
Week 2
Disclaimer: This blog is for educational purposes only.
Recently, I learnt something new in Ethical Hacking topic. It was about password cracker. It’s a common knowledge that password is hashed for security reasons. Hashing is used to verify the integrity of our password. Password hash works by turning the actual password into a short string of letters and/or number using an encryption algorithm. In case if a documents or website is hacked, the hackers don’t get access to our password. Instead, they just get access to the encrypted “hash” created by our password automatically.
There are a lot of programming languages that we can use for hacking (especially for password cracking). However, personally I like using Python because it has many important features, and provides great functionality as well which make it very useful for hacking.
How the program works
I already created a small python program that is used to crack password using dictionary attack method. (inside the dictionary, there are a lot of strings that are usually used for password)
To begin the program, I use hashlib library since this module implements interface to many different secure hash and message digest algorithms. It includes MD5 secure hash algorithm that is widely used for hash function.
First, I assigned a variable called pass_hash and an input to ask the MD5 hash. Secondly, I set a variable again called pass_list to input the .txt file which has a bunch of words within it.
Note : I took the password list from internet, and also the random hashes as well.
In here, I made a try and except block to handle conditions occur. The program will throw an exception (error) if the program can’t find the file location or incorrectly entered the file name.
As we can see, this is the logic where the program compares the hashes of different words inside the .txt file. To convert a word to an encoded format, we can use encode(‘utf-8’) to encode string. After that, I used a hash digest hexdigest() function to return a data into a string object, containing only hexadecimal digits (convert the word from the .txt file into MD5 hash format). The output commonly known as hash values.
Now, after creating the hashes, the program is going to compare the hash that we want to crack with all sorts of hashes that we produce from the words in the dictionary.
Finally, we can try to run the program which is PassCrack.py inside the command prompt.
This is the list of hashes that I found from internet, I am going to use it in the program. I will use one of these hashes to crack it.
After running it in the command prompt, the program will be like this, and it shows that the password has been found and it’s called sunnyjovita123.
Conclusion
Lastly but not least, I figured out that password cracking is really enjoyable to do if we know how to do it. It increases the sense of exploration and useful in figuring out the password. Maybe in the future I will explore this field further.
