Skip to content

Instantly share code, notes, and snippets.

@0xsan-z
Last active March 1, 2021 23:21
Show Gist options
  • Save 0xsan-z/057dde5c49c4cdc8ca20cdd00f7529a4 to your computer and use it in GitHub Desktop.
Save 0xsan-z/057dde5c49c4cdc8ca20cdd00f7529a4 to your computer and use it in GitHub Desktop.
Bcrypt password brute force for TryHackMe's room Lunizz CTF
import bcrypt
import base64
salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO'
mypass = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6'
with open('/usr/share/wordlists/rockyou.txt') as fp:
line = fp.readline()
while line:
#bpass = line.strip().encode('ascii')
#[UPDATED]
bpass = line.strip().encode('ascii','ignore')
passed= str(base64.b64encode(bpass))
hashAndSalt = bcrypt.hashpw(passed.encode(), salt)
print("Password {}".format(line.strip()))
if ( hashAndSalt == mypass ):
print(hashAndSalt)
print("Password {}".format(line.strip()))
print("============================FOUND========================")
break
line = fp.readline()
#salt = b' $2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6 '
# I wrote this code last year and i didnt save password verify line... I need to find my password
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment