Cracking hashes with Python

Chris Angelico rosuav at gmail.com
Tue Nov 26 09:46:33 EST 2013 

On Wed, Nov 27, 2013 at 1:18 AM, TheRandomPast .
<wishingforsam at gmail.com> wrote:
> This is my code. I hope it looks better? I'm sorry if it doesn't. I'm trying
> to get the hang of posting by email :)

There are no BBCode tags here, so [code] doesn't help you at all.
Other than that, looks good. Though if you're going to annotate your
code, please mark your comments with a hash; that way, we can simply
copy and paste your code and run it, which is a huge help. (In this
case, I can see what's going on without running it, but that's not
always true. Sometimes my crystal ball is faulty.)

> wordlist = open('C:/dictionary.txt')
> try:
>     words = wordlist
> except(IOError):
>     print "[-] Error: Check your  path.\n"
>     sys.exit(1)

This now is functional but completely useless. You can drop this whole
block of code.

> words = open('C:/dictionary.txt')
> print "\n",len(words),"words loaded…" (This line now throws up an error
> where it wasn't before: TypeError: object of type 'file' has no len()

The problem is that you've left out the readlines() call, so you now
aren't looking at a list, you're looking at the file object itself.
But take heart! A file object is iterable, so as long as you don't
mind losing this line of status display, it'll all work.

> for word in words:
>     hash = hashlib.md5(word[:-1])
>     value = hash.hexdigest()

This is all very well, but you actually don't do anything with the
hash and the value. Tip: This would be a good place to stash them all
somewhere so you can look them up quickly.

Side point: You're currently assuming that each word you get is
terminated by exactly a single newline. It'd be clearer to, instead of
slicing off the last character with the smiley [:-1] (not sure what
that represents - maybe he has a pen lid sticking out of his mouth?),
try stripping off whitespace. Strings have a method that'll do that
for you.

> if hashes == value:
>     print "[+] Password is:"+word,"\n"
>     sys.exit(0)

This is where you'd look up in what you've stashed, except that at no
point before this do you query the user for the hash to look up.

I recommend you think in terms of an initialization phase, and then a
loop in which you ask the user for input. That would be the most
normal way to do things. As it is, there's no loop, so having an
"exit" option is actually fairly useless.

By the way, are you also learning about Python 3, or are you
exclusively studying Python 2? Python 2 is now a dead end; no new
features are being added to it, and it's to be supported with some bug
fixes for a while, and then security patches only after that;
meanwhile, Python 3 just keeps on getting better. We're now able to
play with a beta of 3.4 that adds a bunch of fun stuff above 3.3
(which added a veritable ton of awesomeness over 3.2), and there are
features slated for 3.5 after that. Even if your course is teaching
only the old version, it'd be good for you, as a programmer, to
explore the differences in the new version; the sooner you get your
head around the difference between Unicode strings and collections of
bytes, the easier your life will be, and Py3 makes that distinction a
lot clearer than Py2 did.

ChrisA

More information about the Python-list mailing list