superkojiman/moincrack.py

## moincrack.py
#!/usr/bin/env python -Wignore::DeprecationWarning
import sha, base64, traceback, sys

if len(sys.argv) < 3:
    print "usage: %s [user_password_list] [wordlist]" % (sys.argv[0])
    sys.exit(0)

try:
    for line in open(sys.argv[1], "r"):
        a = line.strip().split(":")
        user = a[0]
        password = a[1]

        print "trying to crack password for", user
        for guess in open(sys.argv[2], "r"):
            guess = guess.strip()

            # extract the salt from the hash.
            # the salt is the last 20 chars
            salt = base64.decodestring(password)[-20:]

            # encrypt our password with the salt
            hash = sha.new(guess)
            hash.update(salt)
            our_hash = base64.encodestring(hash.digest() + salt).rstrip()
            if our_hash == password:
                print " * password for %s: %s" % (user.strip(), guess)
                break
except Exception, e:
    traceback.print_tb(None)
	#!/usr/bin/env python -Wignore::DeprecationWarning
	import sha, base64, traceback, sys

	if len(sys.argv) < 3:
	print "usage: %s [user_password_list] [wordlist]" % (sys.argv[0])
	sys.exit(0)

	try:
	for line in open(sys.argv[1], "r"):
	a = line.strip().split(":")
	user = a[0]
	password = a[1]

	print "trying to crack password for", user
	for guess in open(sys.argv[2], "r"):
	guess = guess.strip()

	# extract the salt from the hash.
	# the salt is the last 20 chars
	salt = base64.decodestring(password)[-20:]

	# encrypt our password with the salt
	hash = sha.new(guess)
	hash.update(salt)
	our_hash = base64.encodestring(hash.digest() + salt).rstrip()
	if our_hash == password:
	print " * password for %s: %s" % (user.strip(), guess)
	break
	except Exception, e:
	traceback.print_tb(None)