PBKDF2

It generates PBKDF2 hash based on rockyou. If that hash equals the key it return the password.

import hashlib
import binascii
from pwn import log

# Parameters from gitea.db
salt = binascii.unhexlify('227d873cca89103cd83a976bdac52486')
key = '97907280dc24fe517c43475bd218bfad56c25d4d11037d8b6da440efd4d691adfead40330b2aa6aaf1f33621d0d73228fc16'
dklen = 50
iterations = 50000

# Hashes a password using PBKDF2 from wordlist.
def pbkdf2_hash(password, salt, iterations, dklen):
    hash_value = hashlib.pbkdf2_hmac(
        hash_name='sha256',
        password = password,
        salt = salt,
        iterations = iterations,
        dklen = dklen
    ) 
    return hash_value

# Cracking password
dict = '/home/kali/rockyou.txt'
passwd_found = False

with open(dict, 'r', encoding='utf-8') as file:
    for line in file:
        password = line.strip().encode('utf-8') 
            
        # Generate hash
        hash_value = pbkdf2_hash(password, salt, iterations, dklen)

        # Convert target hash to hex
        target_hash_bytes = binascii.unhexlify(key)
    
        # Check for match
        if hash_value == target_hash_bytes:   
            print(f'Found password: {password}!')
            passwd_found = True
            break
               
    if not passwd_found:
        print("Not found.")

Last updated

Was this helpful?