Last active
March 1, 2021 23:21
-
-
Save 0xsan-z/057dde5c49c4cdc8ca20cdd00f7529a4 to your computer and use it in GitHub Desktop.
Bcrypt password brute force for TryHackMe's room Lunizz CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import bcrypt | |
import base64 | |
salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO' | |
mypass = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6' | |
with open('/usr/share/wordlists/rockyou.txt') as fp: | |
line = fp.readline() | |
while line: | |
#bpass = line.strip().encode('ascii') | |
#[UPDATED] | |
bpass = line.strip().encode('ascii','ignore') | |
passed= str(base64.b64encode(bpass)) | |
hashAndSalt = bcrypt.hashpw(passed.encode(), salt) | |
print("Password {}".format(line.strip())) | |
if ( hashAndSalt == mypass ): | |
print(hashAndSalt) | |
print("Password {}".format(line.strip())) | |
print("============================FOUND========================") | |
break | |
line = fp.readline() | |
#salt = b' $2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6 ' | |
# I wrote this code last year and i didnt save password verify line... I need to find my password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment