- Write a Python script to perform a dictionary attack on a Linux password file.
- Copy /etc/shadow file to your local directory. Study the format of this file.
- Add the following 3 lines to the /etc/shadow file. For speed purposes remove all other lines.
tommy:$6$HFQQdE2g$g0eyz6UN.c4Pg1tiQgdPPPXdQ1fEOwttCwzSah/Jo4RE9Eac4H7pgksaNLI/WSIyN8tNtCX4NaAq6Uwz.o.4W1:17400:0:99999:7:::
mathis:$6$niptplk1$.mMMVx4T375WhFkDN5RWEaD93HcmDCx3aBQrn2ZalbiRpl4FB2Rww/BeCPEfSYbegjPvoHM2llQmk/VBbSxWj.:17400:0:99999:7:::
tristan:$6$MWwusFJx$KCoO1wiWKtE.7j/7UiwD.1jXmOckMb5X4GGt1DotLS0laXdFga5n3wGfu43FC/Opxki7mY6Yf9XT.cBGN.pkp0:17400:0:99999:7:::
- Use the “crypt” library crypt function to create your hash.
- Use the “hmac” library compare_hash function to compare hashes from the /etc/shadow file to the hashes produced from your guesses.
- Use the string split() function to separate the separate the password lines from the shadow file by the ‘:’ delimiter to isolate the userid and the hash from an entry in the shadow file.
- Calculate the appropriate hash (using the method specified for the entry from the shadow file) for each word in this wordlist (http://www.openwall.com/passwords/wordlists/password-2011.lst (Links to an external site.)), compare the hash, and stop comparing when you find a match.
- Attempt the dictionary attack for each entry in the shadow file.
- Remember you need to provide the word from the dictionary, the method, and the salt to the crypt() function.
- Print the userid and password when a match is found:
“Match found for userid [userid]. Password = [password]” - Print the “No match was found for [userid]” when there no match in the dictionary.
UPDATE: Your program should run with the following command line:
>> python3 dictionary.py [shadow filename] [dictionary filename]