- 判断运行参数
- passfile linux 密码文件,dictionary 密码文件
- 打开linux密码文件,读取密码字典
- 使用bufio.NewScanner 去循环读取 linux文件,
- 判断是是否包含 :
- 以:分割
- 取0,1,为user、password
- 进入循环进行破解(以一个linux密码,对应字典所有)
- 调用testpass函数破解
- testpass传入 加密的密码,明文密码
- github.com/amoghe/go-crypt 主要使用这个库,用于加密为linux密码那种类型把,类似md5 碰撞
- 为什么要用bufio 去操作文件
- github.com/amoghe/go-crypt 怎么使用 ```go package main
import ( “bufio” “flag” “fmt” “io/ioutil”
"os""log""strings"crypt "github.com/amoghe/go-crypt"
)
var ( passfile string dictionary string )
func init() { flag.StringVar(&passfile, “f”, “”, “Open shadow”) flag.StringVar(&dictionary, “d”, “”, “Open pass dictionary”) }
func main() { // разбор флагов flag.Parse()
// вывод справкиif passfile == "" || dictionary == "" {println("Please " + os.Args[0] + " -h")os.Exit(0)}// открываем shadowpassFile, err := os.Open(passfile)if err != nil {log.Fatalln(err)}defer passFile.Close()// парольный словарьdictFile, err := ioutil.ReadFile(dictionary)if err != nil {log.Fatalln(err)}passDict := strings.Split(string(dictFile), "\n")// построчноscanner := bufio.NewScanner(passFile)for scanner.Scan() {j := scanner.Text()// строки с логин/парольif strings.Contains(j, ":") {shadowText := strings.Split(j, ":")user, cryptPass := shadowText[0], shadowText[1]fmt.Printf("[*] Cracking Password For: %v\n", user)for i := 0; i < len(passDict)-1; i++ {if testPass(cryptPass, passDict[i]) != "" {println(testPass(cryptPass, passDict[i]))break}}}}
}
func testPass(cryptPass string, passWord string) string { saltSearch := strings.LastIndex(cryptPass, “$”) salt := cryptPass[0:saltSearch]
cryptWord, err := crypt.Crypt(passWord, salt)if err != nil {log.Fatalf("Ошибка SHA: %v", err)}// если найден !if cryptWord == cryptPass {return "[+] Found PASSWORD: " + passWord}return ""
}
```
若有收获,就点个赞吧
0 人点赞
