Last active
February 28, 2018 03:54
-
-
Save roycewilliams/60b77640a962125b04ae673db6518712 to your computer and use it in GitHub Desktop.
pwned-passwords-range-example.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#----------------------------------------------------------------------------- | |
# Step 1: Compute the SHA1 sum. | |
# Step 2: Grab the first 5 chars of the hash. | |
# Step 3: Use API to pull all hashes with that prefix, sort by how often they | |
# appear, and crack the first few. | |
# | |
# (This means that if this query can be intercepted, the attacks has a pretty | |
# good chance of figuring out your password (if it's non-random or too short).) | |
#----------------------------------------------------------------------------- | |
# First, a less-dramatic example: | |
$ echo -n 'P@ssword123' | sha1sum | |
af218ea96a34c5bc5829a95248227654853e1043 - | |
$ echo -n 'P@ssword123' | sha1sum | cut -b1-5 | |
af218 | |
$ curl -s 'https://api.pwnedpasswords.com/range/AF218' | sort -t: -k2 -nr | |
7F3A19CB7A204D201CD4AAE454B8F639DD6:1008 | |
EA96A34C5BC5829A95248227654853E1043:977 <----- this is the hash of our password | |
72A937BDEF2415D591E3EAFBD9B941033B3:87 | |
733F74C246CDE48E2C22514E6088901277D:32 | |
9097EFA33C66C34C1393F12CE0B50049BC2:29 | |
B1E94C862B3BCD01583EF97A5016310B4CD:27 | |
D28983FF168BC58BCD4482E795E0A3D9568:25 | |
AE78FB7992A3C18AEFF80E66D3019450C7B:25 | |
ECB53566C7019EC04F056B16F98333AE78E:24 | |
A7E393F92FED747AB312541A627F979194A:24 | |
9BC336DB803AD249CA3F6FD98C2913D4950:23 | |
ADEC317FA4E1A01514FD21CFD9DA20AC040:22 | |
DC39EF3EDDCAD3B508A70AC50234C2D4084:20 | |
32EB991793F7B6E361FBE944274AA3DD609:19 | |
43071AAC3CC75DC4CA185E7E3092DB5131D:17 | |
3E41D25CCD3180EE2C5D5600F74DBCEDAAC:16 | |
D772FF6365A193FA41F8D636E98EECC61EA:15 | |
599257C99260FEDDCBF9C80AFE20FF69E81:15 | |
4270C18932A6D7803E053B9AD790A5A7D6F:15 | |
377AE0954C1CE8E509A573467C66BFF461B:15 | |
32E3CB302B72C2CE5B6DB820F7240995509:15 | |
2FBE7797338BCAE55193A1EF5C925D6A7F0:15 | |
AC3251BD003AE177C8AB1C57E8C923C6F89:13 | |
7C688587C44C6DE39962917AF5F1898051A:13 | |
FF7E3B1D95BE63DCB65755D242846145C02:12 | |
76C3F9B35F7D00320296318AD0FE6BE6732:11 | |
51CF549926B1F9E94FCCB870CCE07730C77:11 | |
0269A283CA92D352E81C74093C59BF34680:11 | |
E2CBDA63F7DA93AA006769A6AD6E82EDEDA:10 | |
0AAAE09B677E76C3B988526667FB53DA2D9:10 | |
[...] | |
03F43E58A0BFF3F0EAEF392AD0F4DAC1258:1 | |
03327FAE07F16C7E332FB51B88A320ED623:1 | |
#----------------------------------------------------------------------------- | |
# More dramatic example: | |
$ echo -n 'password' | sha1sum | |
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 - | |
$ echo -n 'password' | sha1sum | cut -b1-5 | |
5baa6 | |
$ curl -s 'https://api.pwnedpasswords.com/range/5baa6' | sort -t: -k2 -nr | |
1E4C9B93F3F0682250B6CF8331B7EE68FD8:3303003 <----- this is the hash of our password | |
2648FB0B2EDA4FDFF99BF51E912CD95C023:6927 | |
8E0D5C9D144BACC76E52C44F5B61E8DF629:182 | |
EF0E14CCB17E525D76050283148A57828F8:40 | |
A516C42C8CD4C7E7E328ABB90D002A9890E:25 | |
3A8ADE4CF1DAD5342AF2F9FC9247EC21943:17 | |
EA2008F79BE2B0E0C02A1642725433BBB2F:15 | |
5E2BCB2FEF09257B0306B4744418999611B:15 | |
7550A5F6BE01B7A448B0BF5171EE5010549:13 | |
42BAADCD710F9EA7E62B60E01D05469AC64:13 | |
270C60DC07A9247E2770AE4B78870F41275:13 | |
32F203CB544F48B0FA79B280B7B7A562442:12 | |
C84782B604BE48977583E108AC6014C5909:11 | |
A469A1756F617687038731E29E65EEE9A0D:11 | |
A209E7253ED38864D64D9780E03FD868127:11 | |
9F15CB4E8267D785B118793E4B3CCE1F617:11 | |
82EF3E8DFA456A4C024AF143DB2F6CF620F:11 | |
941F4DBE019927FFEF89210C3509525DFF0:10 | |
83A5679C95CA20A34EC232230A89E6105F7:10 | |
69FFB53C7AAE39CB18370BE1B9A43978211:10 | |
14064116E29F235C7069D746496596D2051:10 | |
A08C645E088E588F9E5B9ABDFCBCD9E9230:9 | |
[...] | |
01330C689E5D64F660D6947A93AD634EF8F:1 | |
012C192B2F16F82EA0EB9EF18D9D539B0DD:1 | |
#----------------------------------------------------------------------------- | |
# And most will be crackable in minutes, because they'll be well-known passwords. | |
#----------------------------------------------------------------------------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment