Posts: 48
Threads: 12
Joined: Apr 2019
Hi
i have a csv file, it contain name and password. I am going to readout and write the password in a csv file.
import csv
import itertools
from collections import OrderedDict
import hashlib
with open ('code.csv', 'r') as input_file_name:
reader=csv.reader(input_file_name)
key=[]
val1=[]
for row in reader:
name = row[0]
val=[str(num) for num in row[1:]]
key.append(name)
val1.append(val)
value = list(itertools.chain.from_iterable(val1)) #making a simple list from list of list in value
value=[str(i) for i in value]
print(key)
dictionary = dict(zip(key, value))
print(dictionary)my problem is, how can I generate password from the value in dictionary.
in the other words reach the password, I know the pass can be varied between 1000 to 9999.
sample input csv file:
Quote:peter,99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974
adam,85432a9890aa5071733459b423ab2aff9f085f56ddfdb26c8fae0c2a04dce84c
and the correct output:
Quote:peter,5104
adam,9770
Posts: 8,090
Threads: 154
Joined: Sep 2016
May-06-2019, 02:08 PM
(This post was last modified: May-06-2019, 02:10 PM by buran.)
Do you know what algorithm (hash-function) is used? Do you know difference between hashing and encryption?
Hash is a one-way transformation, so you need to calculate the hash (using the correct hash-function) for all possible passwords (1000-9999) (that's called rainbow table) and compare the hash from the file with calculated in the rainbow table
Posts: 48
Threads: 12
Joined: Apr 2019
May-06-2019, 02:28 PM
(This post was last modified: May-06-2019, 02:28 PM by go127a.)
its 'sha256'
as I found out from web, I should encode the value in the dictionary
I have tried
hashlib.sha256("a".encode('utf-8')).hexdigest()and I reach
Quote:<sha256 HASH object @ 0x00000246AA5E1DC8>
from this point I can not go further. I dont know what to do.
as I know from the question I should use a loop from 1000 to 9999 and decode the value of the dictionary.
they used this process to generate that hash. and now I should do it in reverse process.
#for peter,5104
import hashlib
def encrypt_string(hash_string):
sha_signature = \
hashlib.sha256(hash_string.encode()).hexdigest()
return sha_signature
hash_string = '5104'
sha_signature = encrypt_string(hash_string)
print(sha_signature)the output is:
Quote:99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974
Posts: 8,090
Threads: 154
Joined: Sep 2016
again - you can not reverse the hash, it's one-way by nature (vs encryption which is two-way - encrypt and decrypt)
so you need to calculate sha256 for every possible password store these calculated hashes in a dict (hash would be key, password from which is calculated is value). then iterate over file a look for key:value from the dict you created where key match the value from file
Posts: 48
Threads: 12
Joined: Apr 2019
So I should make a hash in a for loop from 1000 to 9999 and check them with the values, that I have gathered from the csv file?
Posts: 8,090
Threads: 154
Joined: Sep 2016
May-07-2019, 11:59 AM
(This post was last modified: May-07-2019, 11:59 AM by buran.)
(May-07-2019, 11:56 AM)go127a Wrote: So I should make a hash in a for loop from 1000 to 9999 and check them with the values, that I have gathered from the csv file? yes. by the way are you sure code password like 0001 is not allowed?
Make sure to calculate all hash values just once and store calculated values. Don't calculate all for each line in the file
Posts: 48
Threads: 12
Joined: Apr 2019
I am going to try this code is it okay?
i think that i can make a dictionary from the hash and finally check the dicthashvalue with the first dictionary and print out the related keys.
import hashlib
keyhash=[]
valhash=[]
for i in range (1000,9999):
keyhash.append(i)
itemstr=str(i)
val1=hashlib.sha256(itemstr.encode()).hexdigest()
valhash.append(val1)
dichashlib=dict(zip(keyhash, valhash))
Posts: 8,090
Threads: 154
Joined: Sep 2016
why do you need to complicate things that much? And you want the hash to be the key, not other way around.
import hashlib
rainbow_dict = {}
for i in range(1000, 10000): # note you need upper end to be 10000 in odrder to include 9999
my_hash = hashlib.sha256(str(i).encode()).hexdigest()
rainbow_dict[my_hash] = i
# or replace lines 3-7 with a single line
#rainbow_dict = {hashlib.sha256(str(i).encode()).hexdigest():i for i in range(1000, 10000)}
# sample with 3 random hashes
passwords = ['c56b05eb525718f02df539e071361dd58b168a5a70abdb3148d44f98c46c38cd',
'f476ef220e571593579ae60582fe52a888309b21d4a01cf1cd56a14084d9db27',
'1828526428f17576e6581a0b9c893ecf79c1fdc20f495f0bdc98b559b25b92a6']
for password_hash in passwords:
print(f'{password_hash} --> {rainbow_dict[password_hash]}')
print(hashlib.sha256('2523'.encode()).hexdigest() == passwords[0])
Posts: 48
Threads: 12
Joined: Apr 2019
May-07-2019, 04:08 PM
(This post was last modified: May-07-2019, 04:08 PM by go127a.)
thanks,
now I have one dictionary from csv file:
Quote:dict_csv={'danial': '99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974', 'peter': '85432a9890aa5071733459b423ab2aff9f085f56ddfdb26c8fae0c2a04dce84c'}
is it correct to catch the name the password:
listval=[]
for item in dict_csv.values():
listval.append(item)
list1=[k for k,v in dict_csv.items() if v in listval]
#print(list1)
list2=[v for k,v in rainbow_dict.items() if k in listval]
#print(list2)
list3 = [ item for pair in zip(list1, list2 + [0]) for item in pair]
print(list3)so I can reach below list:
Quote:['danial', 5104, 'peter', 9770]
and after that rewrite the data on my csv file. final results. i dont know how!? if you can please help me with it...
Quote:danial,5104
peter,9770
Posts: 2,020
Threads: 9
Joined: May 2017
May-07-2019, 05:36 PM
(This post was last modified: May-07-2019, 05:36 PM by DeaD_EyE.)
 rainbow_dict :-D
The usual way of password storing is following:
- The password is submitted as clear text to the server (ssl should used, if it's on the web)
- The server receives the password in clear text
- The server creates a new string, based on the clear text password and a random generated *salt
- The new string is hashed with a good algorithm. sha256 is ok. Md5 is not ok.
- The hash is stored in the database or somewhere else. The clear text password is thrown away.
The usual way of password checking is following:
- Client submits the clear text password to the server (don't forget transport encryption).
- The server generates the hash value on same way, as it was stored before. The hash value is based on the concatenated password and salt.
- The server knows the requested identity(Username or E-Mail) and loads the hash value from the database.
- The server compares the crated hash value with the hash value from the database. (Timing attacks)
- If both strings are equal, the password was the right one.
The *salt is a random generated string of bytes. It's saved in the database or in configuration files.
This salt is used to generate hash values from submitted passwords.
If you don't use salt, you can access this big databases: http://project-rainbowcrack.com/table.htm
Then you don't have to create your own rainbow table. It's already since long time in the public.
Allowing only passwords like 0 - 9999 is crazy (low entropy).
Saving them without salt, is like saving them as clear text.
|
