Skip to main content

Breaking SHA-1 Hashes with Python: A Beginner’s Guide to Hash Cracking

 GitHub: https://github.com/AdithyakrishnaV/Python-for-Penetration-Testing/blob/master/SHA-1_PASSWORD_CRACKER.py

hashing is a one-way function. So we cannot reverse the hash we can only Brute-force it and check for a similar hash

import hashlib

This line imports the hashlib library, which provides implementations of various hash functions.

def hashing(check,word):

This line defines a function called hashing that takes two parameters: check and word

for w in word:

This line sets up a loop that iterates over each word in the word list.

hasher=hashlib.sha1(w.encode())

This line uses the SHA1 algorithm from the hashlib library to hash the current w word in the loop. It first encodes the word as bytes using the encode() method.

c=hasher.hexdigest()

This line extracts the resulting hash from the hasher object and converts it to a string of hexadecimal digits using the hexdigest() method.

if(str(c)==check):

This line checks whether the resulting hash string matches the check parameter. It converts the hash string to a regular string using str() to ensure the comparison is done correctly.

print("\n"+w+"\n")
            break

If there is a match, this line prints the matching word and breaks out of the loop. The \n characters create a new line before and after the word for better readability.

else:
            print("no")

If there is no match, this line prints "no".

f= open("pass.txt", "r") 
word=f.read().split()

This line opens the file pass.txt in read mode, reads its contents into a string, and splits the string into a list of words. The word variable is set to this list.

check=input("Enter the hash: \n ")

This line prompts the user to enter a hash to check against.

hashing(check,word)

This line calls the hashing function with the check and word parameters.

f.close()

This line closes the pass.txt file

Another way:

But this is not fast if we have a big list of words then let’s make it faster the next time may be using RUST

Labels:

Comments

Post a Comment

Popular posts from this blog

Bug Boundy Methodology, Tools & Resources

Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing authentication on your target. Then, consider how you can achieve this goal using various attack vectors like XSS, SSRF, or others - these are simply tools to help you reach your objective. Use the target as how a normal user would, while browsing keep these questions in mind: 1)How does the app pass data? 2)How/where does the app talk about users? 3)Does the app have multi-tenancy or user levels? 4)Does the app have a unique threat model? 5)Has there been past security research & vulnerabilities? 6)How does the app handle XSS, CSRF, and code injection?
Post a Comment
Read more

CISCO devises configuration commands & info CCNA 200–301

  Repository with all the labs and necessary screenshots: GitHub — AdithyakrishnaV/CCNA_200–301: CCNA 200–301 Practical LABS. CCNA (Cisco Certified Network… CCNA 200–301 Practical LABS. CCNA (Cisco Certified Network Associate) is an information technology (IT) certification… github.com Configure the hostname : Router>en Router #conf t Router (config) #hostname R1 R1 (config)# en  is the shortcut for  enable  command. “ennable” is used to enter Privileged EXEC mode conf t  is the shortcut for  configure terminal command. Used to enter the global configuration mode delete or remove Just put a no in front, it is same across all devices. R1(config)#no interface g0 /0.20 show ip interface Checks the status of the interfaces R1(config) #do show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 unassigned ...
Post a Comment
Read more

API Bug Bounty Hunting: Reconnaissance and Reverse Engineering an API

  In order to target APIs, you must first be able to find them.APIs meant for consumer use are meant to be easily discovered. Typically, the API provider will market their API to developers who want to be consumers. So, it will often be very easy to find APIs, just by using a web application as an end-user. The goal here is to find APIs to attack and this can be accomplished by discovering the API itself or the API documentation. Bug Boundy Methodology, Tools & Resources Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing… adithyakrishnav.blogspot.com Reconnaissance Passive Reconnaissance It is obtaining information about a target without directly interacting with the target’s systems. Google Dorking Firstly, google search for “<app name> API”. intitle:” api” site:”google.com” inurl:”/api/v2" site:”google.com” inurl:”/api/v1" intext:”index of /” inurl:json site:”google.com” intitle:”index.of” intext:”api.t...
Post a Comment
Read more