simple wordlist password test

blumongoos has asked for the wisdom of the Perl Monks concerning the following question:

I was attempting at simple wordlist password cracker to confirm users are not using simple passwords. I am still learning perl just in its beginnings at the moment because of my lack of time with school etc. Here is the part of the code where it encrypts and tests. Please let me know if you think its beyond my abilities at this early time to even attempt such a task, I just dont understand what is wrong. It is hard to trouble shoot which is really being encrypted since you cannot reverse the hash. Here is a snippet of what I have written.

print 'enter salt: ';
chomp($salt = <STDIN>);

print 'enter password hash file: ';
open(PASSC, <STDIN>) or die "cannot open password file: $!\n";
$passc = <PASSC>;

print 'enter wordlist: ';
open(PASSF, <STDIN>) or die "cannot open wordlist file: $!\n";
@list = <PASSF>;

for (@list) {
 $pwdcrypt = crypt $_, $salt;
  if ($pwdcrypt eq "$passc") {
[download]

thanks in advance - blumongoos (blumongo@arbornet.org)

Comment on simple wordlist password test Download Code

Replies are listed 'Best First'.
Re: simple wordlist password test by rev_1318 (Chaplain) on Jun 21, 2005 at 14:12 UTC
You're not very clear as to what you are attempting to do. Judging from the prompts in the code, you want to read a file containing encrypted passwords and check them against a dictionary. But that's not what this code will do. If you have a file contaning the encrypted passwords, you use the salt of these passwords to encrypt the words from your list. You don't need a salt from the user. You could use something along these lines: `open WORDS, "<", "wordlist" or die $!; chomp ( my @words = <WORDS> ); close WORDS or die $!; open PWFILE, "<", "passwordfile" or die $!; while ( <PWFILE> ) { chomp; foreach my $word ( @words ) { if crypt($word, $_) eq $_ { print "password is $word!\n"; last; } } } close PWFILE or die $!;` [download] HTH, Paul	[reply] [d/l]
Re: simple wordlist password test by tlm (Prior) on Jun 21, 2005 at 13:32 UTC
I don't quite follow what you're trying to do (wouldn't the content of `$passc` depend on the salt used to encrypt it?), but does adding these two `chomp`s help? `print 'enter password hash file: '; open(PASSC, <STDIN>) or die "cannot open password file: $!\n"; chomp( $passc = <PASSC> ); print 'enter wordlist: '; open(PASSF, <STDIN>) or die "cannot open wordlist file: $!\n"; chomp( @list = <PASSF> );` [download] the lowliest monk	[reply] [d/l]
Re: simple wordlist password test by NateTut (Deacon) on Jun 21, 2005 at 13:54 UTC
I think you might be running into trouble at: `@list = <PASSF>;` [download] I think this will put all user input up to and including the newline into a scalar that is the first entry of your array. You might want to try something like this: `my $User_Entry = <PASSF>; my @list = split(/ /, $User_Entry); . . .` [download] I also highly recommend the use of `use strict; use warnings;` [download] and even `use diagnostics;` They can be very helpful. Another device that can help out a lot is to use `print` statements to verify that variables contain what you think they do. `use Data::Dumper;` can also help you know what is in a data structure.	[reply] [d/l] [select]
Re^2: simple wordlist password test by tlm (Prior) on Jun 21, 2005 at 14:31 UTC
I think this will put all user input up to and including the newline into a scalar that is the first entry of your array. `PASSF` is a handle to a file (whose name, along with a newline, is obtained from `STDIN`). The array `@list` receives all the lines in this file, one line per array member. the lowliest monk	[reply] [d/l]