1
00:00:00,570 --> 00:00:06,030
In this video I'm going to teach you how to crack hashes in Python and more specifically you're going

2
00:00:06,030 --> 00:00:11,520
to learn how to crack and the FIVE HASHES or an empty five hash.

3
00:00:11,520 --> 00:00:19,950
Now if you didn't know hashing or a hash function is an algorithm that computes or gives out a fixed

4
00:00:20,100 --> 00:00:25,690
size value from a file or even from one string right now.

5
00:00:25,800 --> 00:00:28,470
What does that actually mean.

6
00:00:28,470 --> 00:00:34,140
Well simply put let's say that you want to send the file to your friend over the Internet you trust

7
00:00:34,140 --> 00:00:35,400
the file that you're sending.

8
00:00:35,400 --> 00:00:41,330
Meaning that you are very certain and that's integrity and you want to make sure that your friend receives

9
00:00:41,440 --> 00:00:48,270
the same file such as that no other malicious entities intercept the file modify it and forward the

10
00:00:48,270 --> 00:00:50,220
modified version to your friend.

11
00:00:50,220 --> 00:00:58,110
Therefore in order to validate the integrity you end the five hash it and get the hash value of your

12
00:00:58,110 --> 00:01:00,610
file before sending it.

13
00:01:00,630 --> 00:01:07,440
That actually means that you calculate a unique value string from the entire information contained in

14
00:01:07,440 --> 00:01:08,520
the file.

15
00:01:08,730 --> 00:01:15,870
If the file suffers even the slightest modification the uniques value string will actually be different.

16
00:01:16,260 --> 00:01:21,840
Now in other words the file is going to have a different empty five hash.

17
00:01:21,900 --> 00:01:28,080
What's particularly interesting about the five hashes is that they have not only been used for data

18
00:01:28,080 --> 00:01:32,060
integrity but also for ways to store passwords.

19
00:01:32,100 --> 00:01:39,120
So let's say that you have a password code secret and you want to save it safely or not allow it.

20
00:01:39,120 --> 00:01:41,010
And it's plain text version.

21
00:01:41,070 --> 00:01:48,270
Similarly to what you're doing to amplify flash a file you can end the five hash this password and you

22
00:01:48,270 --> 00:01:50,370
will actually get a unique hash of it.

23
00:01:50,760 --> 00:01:57,030
And interestingly enough even though MDA five hashes are very poor and unsecure ways to store passwords

24
00:01:57,150 --> 00:02:02,270
there are a lot of systems that still use them today and to get back to what we're doing here.

25
00:02:02,280 --> 00:02:06,610
We're going to build the code that given an empty five hash password.

26
00:02:06,690 --> 00:02:08,200
It will try to crack it.

27
00:02:08,250 --> 00:02:10,970
In other words it will try to reverse it.

28
00:02:11,100 --> 00:02:15,360
In other words giving you the plaintext cracked password.

29
00:02:15,630 --> 00:02:21,510
Before we start I want to tell you that there are many other more secure ways to hash data other than

30
00:02:21,510 --> 00:02:23,150
and be five.

31
00:02:23,250 --> 00:02:33,660
You can have as a Che CRC so you can have as a Che CRC each man came back and so on.

32
00:02:33,660 --> 00:02:38,190
Look up Wikipedia for hashing function as it's a good place to start if you want to learn more.

33
00:02:38,730 --> 00:02:43,020
Now our program will be running the command line or terminal in the following way.

34
00:02:43,020 --> 00:02:54,780
It will say Python and the five crack P Y will also give it the hash and then the dictionary file look

35
00:02:54,780 --> 00:02:56,820
to see.

36
00:02:57,060 --> 00:03:02,850
So as you can see we have two arguments that will provide a hash and the dict text.

37
00:03:03,210 --> 00:03:06,350
So the basic idea behind the codes is very simple.

38
00:03:06,390 --> 00:03:06,840
One

39
00:03:09,830 --> 00:03:19,620
it's gonna look into the dictionary and in the dictionary there is a word on every line too.

40
00:03:19,870 --> 00:03:23,300
It's going to end the five hash each word.

41
00:03:23,300 --> 00:03:33,410
So Emily five hash each word and compare the hash with our provided hash and number three if there is

42
00:03:33,410 --> 00:03:39,230
a match then we've sort of speak cracked the hash and retrieve the password.

43
00:03:39,250 --> 00:03:39,740
All right.

44
00:03:39,890 --> 00:03:46,430
So let's generate an empty five hash for the word secret source a secret over here and then generate

45
00:03:49,080 --> 00:03:51,990
and then this is our hash.

46
00:03:52,090 --> 00:03:52,390
OK.

47
00:03:52,390 --> 00:03:58,120
Now this program or script would none of them possible without the inspiration coming from Cameron Buchanan's

48
00:03:58,150 --> 00:04:01,570
as a python weapon iteration testing cookbook.

49
00:04:01,570 --> 00:04:04,510
So a very big thank you for that.

50
00:04:04,510 --> 00:04:06,810
All right let's move into visual studio code.

51
00:04:06,830 --> 00:04:14,320
So first thing first we'll import to libraries which are both found in the python standard library.

52
00:04:14,320 --> 00:04:18,850
So the first one is hash lab and the second one.

53
00:04:19,600 --> 00:04:26,350
So we're going to use our pass instead of source for command line arguments because I think it's more

54
00:04:26,350 --> 00:04:27,410
developed solved.

55
00:04:27,440 --> 00:04:30,260
Also import are pass.

56
00:04:30,580 --> 00:04:37,270
Ok first we're going to work on the command line arguments which is going to help us make our program

57
00:04:37,270 --> 00:04:40,050
more user friendly so we'll see faster.

58
00:04:40,060 --> 00:04:49,450
We have to create a parser and we use armed force that argument faster and then we'll have a description

59
00:04:49,780 --> 00:04:54,380
which is going to say and the five cracker.

60
00:04:55,380 --> 00:04:55,860
OK.

61
00:04:55,870 --> 00:05:02,260
And then we add arguments like I said one for the hash and one for the dictionary.

62
00:05:02,260 --> 00:05:12,550
So we'll say for certain dot add argument it's gonna be minus and the five the destination variable

63
00:05:12,610 --> 00:05:24,370
is gonna be hash the help message display is gonna to say Andy five hash and this is gonna be a required

64
00:05:24,430 --> 00:05:27,910
argument so required equals true.

65
00:05:27,910 --> 00:05:35,560
Then another argument for the word list or dictionary so we'll say pass or an underscore or argument

66
00:05:35,740 --> 00:05:44,900
let's say minus W the destination variable is gonna be word list the help message display there's gonna

67
00:05:44,920 --> 00:05:48,440
be word lists for convenience.

68
00:05:48,700 --> 00:05:50,740
And this is also a required

69
00:05:53,820 --> 00:06:00,260
required argument then we have to pass them so that they can actually work.

70
00:06:00,260 --> 00:06:10,350
So we'll see forced args equals answer force args.

71
00:06:10,370 --> 00:06:14,200
So this is actually gonna pass the arguments.

72
00:06:14,270 --> 00:06:16,460
Then we'll grade a main function so we'll see.

73
00:06:16,460 --> 00:06:21,250
Def main not man.

74
00:06:21,560 --> 00:06:28,070
And then instantiate a variable as empty string that will output in the case the hash is not cracked

75
00:06:29,360 --> 00:06:35,370
so we'll see a hash underscore cracked equals empty string.

76
00:06:35,390 --> 00:06:38,560
Now let's open our dictionary or word list.

77
00:06:38,780 --> 00:06:53,720
So with open sourced or it's word list so past args word list as file and then go line by line through

78
00:06:53,720 --> 00:06:54,340
each word.

79
00:06:54,350 --> 00:06:55,190
So we'll say

80
00:06:57,870 --> 00:07:04,380
for line and file we'll do line equals line dot strip.

81
00:07:04,440 --> 00:07:07,450
We use the strip to strip the words of spaces.

82
00:07:07,590 --> 00:07:07,960
OK.

83
00:07:07,980 --> 00:07:12,090
And then we amplify flash the word and compare it with our provided hash.

84
00:07:12,090 --> 00:07:14,840
So this is actually the main functionality of the code.

85
00:07:16,020 --> 00:07:29,280
So say if hash lib thought and the five bytes we need the bytes of the line and we also need to encode

86
00:07:29,280 --> 00:07:41,580
it in UTF 8 and then we have to hex digest it so we use the hex digest method.

87
00:07:41,580 --> 00:07:53,110
So if the hash lib if the MDC file of our line is equal to past marks dot hash.

88
00:07:53,130 --> 00:08:04,650
So if we have a match then hash cracked is going to be updated to the lines so we actually got the password.

89
00:08:04,660 --> 00:08:19,610
Then we can simply print on a new line and define let's say Hash has been successfully cracked.

90
00:08:20,010 --> 00:08:21,930
The value is

91
00:08:28,380 --> 00:08:29,390
line of course

92
00:08:32,810 --> 00:08:41,010
however the other f f fashion on their score.

93
00:08:41,010 --> 00:08:41,720
Correct.

94
00:08:41,720 --> 00:08:45,430
This is indented here even more so here.

95
00:08:45,500 --> 00:08:52,400
If we get through the entire loop without actually having the hash correct updated.

96
00:08:52,400 --> 00:09:04,250
So if hash cracked equals equals an empty string we can simply print on a new line failed to crack.

97
00:09:06,340 --> 00:09:17,190
The hash try using a bigger different dictionary.

98
00:09:17,490 --> 00:09:18,090
That's it.

99
00:09:18,100 --> 00:09:25,690
Finally we get on the function and we say if underscore underscore name underscore underscore equals

100
00:09:25,690 --> 00:09:32,770
equals underscore underscore remain simply run.

101
00:09:32,800 --> 00:09:38,800
The main function this actually means that when we run the program in the command prompt or terminal

102
00:09:38,920 --> 00:09:42,040
the main function is going to execute.

103
00:09:42,460 --> 00:09:46,630
And that's actually the whole gist of it.

104
00:09:46,660 --> 00:09:51,570
Again simplicity at its finest.

105
00:09:51,580 --> 00:09:56,380
Now let's save this and does that in the command prompt.

106
00:09:56,920 --> 00:10:04,750
So I'm going to navigate the desktop where we have the script and I will say Python and the where I

107
00:10:04,750 --> 00:10:05,620
thought the Y.

108
00:10:06,010 --> 00:10:10,870
And then I need to provide the hash for the word secret that we have over here.

109
00:10:10,880 --> 00:10:20,780
So copy this and then I also need to specify the dictionary like I said so minus W the dictionary on

110
00:10:20,780 --> 00:10:21,550
the desktop.

111
00:10:21,550 --> 00:10:26,300
I think it's dict the text is invalid syntax.

112
00:10:26,340 --> 00:10:26,630
Okay.

113
00:10:26,640 --> 00:10:30,860
There is no done outside the dot as inside controls save.

114
00:10:30,910 --> 00:10:32,470
All right let's go back.

115
00:10:32,470 --> 00:10:41,470
Repeat the command we need to specify the arguments with blindness and the 5 which is the hash minus

116
00:10:41,640 --> 00:10:44,150
WD 60.

117
00:10:44,200 --> 00:10:45,050
There you have it.

118
00:10:45,070 --> 00:10:47,480
It's been actually cracked in no time.

119
00:10:47,650 --> 00:10:53,300
However this was a short word list and our attack was a dictionary attack.

120
00:10:53,380 --> 00:10:59,590
Now for a larger word lists such as in the millions of words it may take extensively longer and we'd

121
00:10:59,590 --> 00:11:05,530
have to use a queuing and threading in Python to actually dramatically increase the speed and reduce

122
00:11:05,530 --> 00:11:08,980
the time vs. a sequential approach like this one.

123
00:11:08,980 --> 00:11:15,310
In any case if you want to go deeper into this rabbit hole I encourage you to study and try it yourself

124
00:11:15,740 --> 00:11:17,350
but your imagination to work.

125
00:11:17,410 --> 00:11:22,400
This is Python and it gives you limitless possibilities.