زبان برنامهنویسی پایتون، مزایا و ویژگیهایی دارد که به هکرها در هنگام هک پسورد یا رمز گوشی کمک میکند. یکی از سوالات متداولی که افراد مطرح میکنند این است که چگونه و با چه کدی میتوانیم پسورد مورد نظر خود را هک کنیم؟ شیوه هک رمز با پایتون چگونه است؟ در این مقاله تصمیم داریم نحوه هک پسورد با پایتون را توضیح دهیم. در صورتی که شما هم به این مبحث علاقهمند هستید، پیشنهاد میشود که تا انتهای این مقاله با ما همراه شوید.
ساخت اسکریپت؛ نخستین گام برای هک پسورد با پایتون
اولین گام برای هک رمز با پایتون، ساخت یک اسکریپت است. برای ساخت این اسکریپت، نخست باید یک فایل hack_password.py ایجاد کنیم.
این فایل، حاوی کد زیر است:
import hashlib
<span class="linenumber react-syntax-highlighter-line-number">2</span>
<span class="linenumber react-syntax-highlighter-line-number">3</span>from urllib<span class="token">.</span>request import urlopen
<span class="linenumber react-syntax-highlighter-line-number">4</span>
<span class="linenumber react-syntax-highlighter-line-number">5</span>def <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">6</span>
<span class="linenumber react-syntax-highlighter-line-number">7</span>result <span class="token">=</span> hashlib<span class="token">.</span><span class="token">sha256</span><span class="token">(</span>password<span class="token">.</span><span class="token">encode</span><span class="token">(</span><span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">8</span>
<span class="linenumber react-syntax-highlighter-line-number">9</span><span class="token">return</span> result<span class="token">.</span><span class="token">hexdigest</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">10</span>
<span class="linenumber react-syntax-highlighter-line-number">11</span>def <span class="token">get_wordlist</span><span class="token">(</span>url<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">12</span>
<span class="linenumber react-syntax-highlighter-line-number">13</span><span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">14</span>
<span class="linenumber react-syntax-highlighter-line-number">15</span>with <span class="token">urlopen</span><span class="token">(</span>url<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">16</span>
<span class="linenumber react-syntax-highlighter-line-number">17</span>wordlist <span class="token">=</span> f<span class="token">.</span><span class="token">read</span><span class="token">(</span><span class="token">)</span><span class="token">.</span><span class="token">decode</span><span class="token">(</span><span class="token">'utf-8'</span><span class="token">)</span><span class="token">.</span><span class="token">splitlines</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">18</span>
<span class="linenumber react-syntax-highlighter-line-number">19</span><span class="token">return</span> wordlist
<span class="linenumber react-syntax-highlighter-line-number">20</span>
<span class="linenumber react-syntax-highlighter-line-number">21</span>except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">22</span>
<span class="linenumber react-syntax-highlighter-line-number">23</span><span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get wordlist: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">24</span>
<span class="linenumber react-syntax-highlighter-line-number">25</span><span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">26</span>
<span class="linenumber react-syntax-highlighter-line-number">27</span>def <span class="token">bruteforce</span><span class="token">(</span>wordlist<span class="token">,</span> password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">28</span>
<span class="linenumber react-syntax-highlighter-line-number">29</span>password_hash <span class="token">=</span> <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">30</span>
<span class="linenumber react-syntax-highlighter-line-number">31</span><span class="token">for</span> guess_password <span class="token">in</span> wordlist<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">32</span>
<span class="linenumber react-syntax-highlighter-line-number">33</span><span class="token">if</span> <span class="token">hash</span><span class="token">(</span>guess_password<span class="token">)</span> <span class="token">==</span> password_hash<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">34</span>
<span class="linenumber react-syntax-highlighter-line-number">35</span><span class="token">return</span> guess_password
<span class="linenumber react-syntax-highlighter-line-number">36</span>
<span class="linenumber react-syntax-highlighter-line-number">37</span><span class="token">if</span> __name__ <span class="token">==</span> <span class="token">'__main__'</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">38</span>
<span class="linenumber react-syntax-highlighter-line-number">39</span>WORDLIST_URL <span class="token">=</span> <span class="token">'https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/2df55facf06c7742f2038a8f6607ea9071596128/Real-Passwords/Top1575-probable-v2.txt'</span>
<span class="linenumber react-syntax-highlighter-line-number">40</span>
<span class="linenumber react-syntax-highlighter-line-number">41</span>MY_PASSWORD <span class="token">=</span> <span class="token">'123123'</span>
<span class="linenumber react-syntax-highlighter-line-number">42</span>
<span class="linenumber react-syntax-highlighter-line-number">43</span>wordlist <span class="token">=</span> <span class="token">get_wordlist</span><span class="token">(</span>WORDLIST_URL<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">44</span>
<span class="linenumber react-syntax-highlighter-line-number">45</span><span class="token">print</span><span class="token">(</span>f<span class="token">'wordlist contains {len(wordlist)} items'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">46</span>
<span class="linenumber react-syntax-highlighter-line-number">47</span>password <span class="token">=</span> <span class="token">bruteforce</span><span class="token">(</span>wordlist<span class="token">,</span> MY_PASSWORD<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">48</span>
<span class="linenumber react-syntax-highlighter-line-number">49</span><span class="token">if</span> password is not None<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">50</span>
<span class="linenumber react-syntax-highlighter-line-number">51</span><span class="token">print</span><span class="token">(</span><span class="token">'your password is:'</span><span class="token">,</span> password<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">52</span>
<span class="linenumber react-syntax-highlighter-line-number">53</span><span class="token">else</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">54</span>
<span class="linenumber react-syntax-highlighter-line-number">55</span><span class="token">print</span><span class="token">(</span><span class="token">'your password is not in the wordlist'</span><span class="token">)</span>از آنجا که از هیچ ماژول شخص ثالثی استفاده نمیکنیم، نیازی به ساخت یک محیط مجازی و نصب کتابخانهها نداریم. ما میتوانیم اسکریپت را بیدرنگ اجرا کنیم. کد مربوط به اجرای آن را هم در ادامه آوردهایم:
python3 hack_password.py
کرک کردن پسوردها در دیتابیس
یک فایل database.csv بسازید که نمایانگر دیتابیس هکشده توسط کاربران است. در این فایل، کد زیر قرار میگیرد:
id<span class="token">,</span>username<span class="token">,</span>password
<span class="linenumber react-syntax-highlighter-line-number">2</span>
<span class="linenumber react-syntax-highlighter-line-number">3</span><span class="token">1</span><span class="token">,</span>wormweighty<span class="token">,</span>misty1239
<span class="linenumber react-syntax-highlighter-line-number">4</span>
<span class="linenumber react-syntax-highlighter-line-number">5</span><span class="token">2</span><span class="token">,</span>burlydefeated<span class="token">,</span>banking876
<span class="linenumber react-syntax-highlighter-line-number">6</span>
<span class="linenumber react-syntax-highlighter-line-number">7</span><span class="token">3</span><span class="token">,</span>ripefuturistic<span class="token">,</span>ddddrrrr
<span class="linenumber react-syntax-highlighter-line-number">8</span>
<span class="linenumber react-syntax-highlighter-line-number">9</span><span class="token">4</span><span class="token">,</span>angel<span class="token">,</span>qwerty123
<span class="linenumber react-syntax-highlighter-line-number">10</span>
<span class="linenumber react-syntax-highlighter-line-number">11</span><span class="token">5</span><span class="token">,</span>wightsquare<span class="token">,</span>macleod8756
<span class="linenumber react-syntax-highlighter-line-number">12</span>
<span class="linenumber react-syntax-highlighter-line-number">13</span><span class="token">6</span><span class="token">,</span>rampallianimpure<span class="token">,</span>sandals123
<span class="linenumber react-syntax-highlighter-line-number">14</span>
<span class="linenumber react-syntax-highlighter-line-number">15</span><span class="token">7</span><span class="token">,</span>neckedlewd<span class="token">,</span>request345
<span class="linenumber react-syntax-highlighter-line-number">16</span>
<span class="linenumber react-syntax-highlighter-line-number">17</span><span class="token">8</span><span class="token">,</span>sculliangusty<span class="token">,</span>$gdGD90
<span class="linenumber react-syntax-highlighter-line-number">18</span>
<span class="linenumber react-syntax-highlighter-line-number">19</span><span class="token">9</span><span class="token">,</span>anton<span class="token">,</span><span class="token">123123</span>
<span class="linenumber react-syntax-highlighter-line-number">20</span>
<span class="linenumber react-syntax-highlighter-line-number">21</span><span class="token">10</span><span class="token">,</span>villainmacho<span class="token">,</span>g672fdحالا یک فایل جدید بسازید و نام آن را hack_database.py بگذارید. در این فایل، کد زیر قرار میگیرد:
import csv
<span class="linenumber react-syntax-highlighter-line-number">2</span>
<span class="linenumber react-syntax-highlighter-line-number">3</span> import hashlib
<span class="linenumber react-syntax-highlighter-line-number">4</span>
<span class="linenumber react-syntax-highlighter-line-number">5</span> from urllib<span class="token">.</span>request import urlopen
<span class="linenumber react-syntax-highlighter-line-number">13</span> def <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">14</span>
<span class="linenumber react-syntax-highlighter-line-number">15</span> result <span class="token">=</span> hashlib<span class="token">.</span><span class="token">sha256</span><span class="token">(</span>password<span class="token">.</span><span class="token">encode</span><span class="token">(</span><span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">16</span>
<span class="linenumber react-syntax-highlighter-line-number">17</span> <span class="token">return</span> result<span class="token">.</span><span class="token">hexdigest</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">18</span>
<span class="linenumber react-syntax-highlighter-line-number">25</span> def <span class="token">get_wordlist</span><span class="token">(</span>url<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">26</span>
<span class="linenumber react-syntax-highlighter-line-number">27</span> <span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">28</span>
<span class="linenumber react-syntax-highlighter-line-number">29</span> with <span class="token">urlopen</span><span class="token">(</span>url<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">30</span>
<span class="linenumber react-syntax-highlighter-line-number">31</span> wordlist <span class="token">=</span> f<span class="token">.</span><span class="token">read</span><span class="token">(</span><span class="token">)</span><span class="token">.</span><span class="token">decode</span><span class="token">(</span><span class="token">'utf-8'</span><span class="token">)</span><span class="token">.</span><span class="token">splitlines</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">32</span>
<span class="linenumber react-syntax-highlighter-line-number">33</span> <span class="token">return</span> wordlist
<span class="linenumber react-syntax-highlighter-line-number">34</span>
<span class="linenumber react-syntax-highlighter-line-number">35</span> except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">36</span>
<span class="linenumber react-syntax-highlighter-line-number">37</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get wordlist: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">38</span>
<span class="linenumber react-syntax-highlighter-line-number">39</span> <span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">40</span>
<span class="linenumber react-syntax-highlighter-line-number">46</span>
<span class="linenumber react-syntax-highlighter-line-number">47</span> def <span class="token">get_users</span><span class="token">(</span>path<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">48</span>
<span class="linenumber react-syntax-highlighter-line-number">49</span> <span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">50</span>
<span class="linenumber react-syntax-highlighter-line-number">51</span> result <span class="token">=</span> <span class="token">[</span><span class="token">]</span>
<span class="linenumber react-syntax-highlighter-line-number">52</span>
<span class="linenumber react-syntax-highlighter-line-number">53</span> with <span class="token">open</span><span class="token">(</span>path<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">54</span>
<span class="linenumber react-syntax-highlighter-line-number">55</span> reader <span class="token">=</span> csv<span class="token">.</span><span class="token">DictReader</span><span class="token">(</span>f<span class="token">,</span> delimiter<span class="token">=</span><span class="token">','</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">56</span>
<span class="linenumber react-syntax-highlighter-line-number">57</span> <span class="token">for</span> row <span class="token">in</span> reader<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">58</span>
<span class="linenumber react-syntax-highlighter-line-number">59</span> result<span class="token">.</span><span class="token">append</span><span class="token">(</span><span class="token">dict</span><span class="token">(</span>row<span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">60</span>
<span class="linenumber react-syntax-highlighter-line-number">61</span> <span class="token">return</span> result
<span class="linenumber react-syntax-highlighter-line-number">62</span>
<span class="linenumber react-syntax-highlighter-line-number">63</span> except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">64</span>
<span class="linenumber react-syntax-highlighter-line-number">65</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get users: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">66</span>
<span class="linenumber react-syntax-highlighter-line-number">67</span> <span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">68</span>
<span class="linenumber react-syntax-highlighter-line-number">75</span> def <span class="token">bruteforce</span><span class="token">(</span>wordlist<span class="token">,</span> password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">76</span>
<span class="linenumber react-syntax-highlighter-line-number">77</span> password_hash <span class="token">=</span> <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">78</span>
<span class="linenumber react-syntax-highlighter-line-number">79</span> <span class="token">for</span> guess_password <span class="token">in</span> wordlist<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">80</span>
<span class="linenumber react-syntax-highlighter-line-number">81</span> <span class="token">if</span> <span class="token">hash</span><span class="token">(</span>guess_password<span class="token">)</span> <span class="token">==</span> password_hash<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">82</span>
<span class="linenumber react-syntax-highlighter-line-number">83</span> <span class="token">return</span> guess_password
<span class="linenumber react-syntax-highlighter-line-number">84</span>
<span class="linenumber react-syntax-highlighter-line-number">91</span> <span class="token">if</span> __name__ <span class="token">==</span> <span class="token">'__main__'</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">92</span>
<span class="linenumber react-syntax-highlighter-line-number">93</span> WORDLIST_URL <span class="token">=</span> <span class="token">'https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/2df55facf06c7742f2038a8f6607ea9071596128/Real-Passwords/Top12Thousand-probable-v2.txt'</span>
<span class="linenumber react-syntax-highlighter-line-number">94</span>
<span class="linenumber react-syntax-highlighter-line-number">95</span> DATABASE_PATH <span class="token">=</span> <span class="token">'database.csv'</span>
<span class="linenumber react-syntax-highlighter-line-number">96</span> <span class="linenumber react-syntax-highlighter-line-number">100</span> wordlist <span class="token">=</span> <span class="token">get_wordlist</span><span class="token">(</span>WORDLIST_URL<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">101</span>
<span class="linenumber react-syntax-highlighter-line-number">102</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'wordlist contains {len(wordlist)} items'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">103</span>
<span class="linenumber react-syntax-highlighter-line-number">104</span>
<span class="linenumber react-syntax-highlighter-line-number">107</span> users <span class="token">=</span> <span class="token">get_users</span><span class="token">(</span>DATABASE_PATH<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">108</span>
<span class="linenumber react-syntax-highlighter-line-number">109</span> <span class="token">for</span> user <span class="token">in</span> users<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">110</span>
<span class="linenumber react-syntax-highlighter-line-number">111</span> password <span class="token">=</span> <span class="token">bruteforce</span><span class="token">(</span>wordlist<span class="token">,</span> user<span class="token">[</span><span class="token">'password'</span><span class="token">]</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">112</span>
<span class="linenumber react-syntax-highlighter-line-number">113</span> <span class="token">if</span> password is not None<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">114</span>
<span class="linenumber react-syntax-highlighter-line-number">115</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'username: {user["username"]}, password: {password}'</span><span class="token">)</span>اکنون با کد زیر، اسکریپت را اجرا کنید:
python3 hack_database.py
پیشنهاد مطالعه: مسیر هکر شدن با پایتون
کرک پسوردها با استفاده از جدولهای رنگینکمانی
برای بهبود و تقویت اسکریپتی که ساختهایم، میتوانیم از جدولهای رنگینکمانی استفاده کنیم. جدول رنگینکمانی، پایگاه دادهای است که برای احراز هویت با کرک یا شکستن پسورد هش به کار میرود. به بیان دیگر، جدول رنگینکمانی، یک دیکشنری ازپیش محاسبهشده از پسوردهای متن ساده (Plaintext) و مقادیر هش متناظر با آنهاست. هدف از استفاده از جدول مذکور این است که بفهمیم چه رمز عبور متن سادهای، یک هش مشخص و خاص را ایجاد کرده است.
در این مرحله، اسکریپتی بسازید تا بتوانید یک جدول رنگینکمانی از فهرست کلماتی که معمولاً استفاده میکنیم، خلق کنید. این اسکریپت، create_rainbow_table.py نام دارد. در ادامه کدهای مربوط به این فایل را آوردهایم:
import csv
<span class="linenumber react-syntax-highlighter-line-number">2</span>
<span class="linenumber react-syntax-highlighter-line-number">3</span> import hashlib
<span class="linenumber react-syntax-highlighter-line-number">4</span>
<span class="linenumber react-syntax-highlighter-line-number">5</span> from urllib<span class="token">.</span>request import urlopen
<span class="linenumber react-syntax-highlighter-line-number">6</span>
<span class="linenumber react-syntax-highlighter-line-number">7</span> def <span class="token">get_wordlist</span><span class="token">(</span>url<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">8</span>
<span class="linenumber react-syntax-highlighter-line-number">9</span> <span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">10</span>
<span class="linenumber react-syntax-highlighter-line-number">11</span> with <span class="token">urlopen</span><span class="token">(</span>url<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">12</span>
<span class="linenumber react-syntax-highlighter-line-number">13</span> wordlist <span class="token">=</span> f<span class="token">.</span><span class="token">read</span><span class="token">(</span><span class="token">)</span><span class="token">.</span><span class="token">decode</span><span class="token">(</span><span class="token">'utf-8'</span><span class="token">)</span><span class="token">.</span><span class="token">splitlines</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">14</span>
<span class="linenumber react-syntax-highlighter-line-number">15</span> <span class="token">return</span> wordlist
<span class="linenumber react-syntax-highlighter-line-number">16</span>
<span class="linenumber react-syntax-highlighter-line-number">17</span> except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">18</span>
<span class="linenumber react-syntax-highlighter-line-number">19</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get wordlist: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">20</span>
<span class="linenumber react-syntax-highlighter-line-number">21</span> <span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">22</span>
<span class="linenumber react-syntax-highlighter-line-number">23</span> def <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">24</span>
<span class="linenumber react-syntax-highlighter-line-number">25</span> result <span class="token">=</span> hashlib<span class="token">.</span><span class="token">sha256</span><span class="token">(</span>password<span class="token">.</span><span class="token">encode</span><span class="token">(</span><span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">26</span>
<span class="linenumber react-syntax-highlighter-line-number">27</span> <span class="token">return</span> result<span class="token">.</span><span class="token">hexdigest</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">28</span>
<span class="linenumber react-syntax-highlighter-line-number">29</span>
<span class="linenumber react-syntax-highlighter-line-number">30</span> def <span class="token">create_rainbow_table</span><span class="token">(</span>wordlist_url<span class="token">,</span> rainbow_table_path<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">31</span>
<span class="linenumber react-syntax-highlighter-line-number">32</span> wordlist <span class="token">=</span> <span class="token">get_wordlist</span><span class="token">(</span>wordlist_url<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">33</span>
<span class="linenumber react-syntax-highlighter-line-number">34</span> <span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">35</span>
<span class="linenumber react-syntax-highlighter-line-number">36</span> with <span class="token">open</span><span class="token">(</span>rainbow_table_path<span class="token">,</span> <span class="token">'w'</span><span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">37</span>
<span class="linenumber react-syntax-highlighter-line-number">38</span> writer <span class="token">=</span> csv<span class="token">.</span><span class="token">writer</span><span class="token">(</span>f<span class="token">,</span> delimiter<span class="token">=</span><span class="token">','</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">39</span>
<span class="linenumber react-syntax-highlighter-line-number">40</span> writer<span class="token">.</span><span class="token">writerow</span><span class="token">(</span><span class="token">[</span><span class="token">'password'</span><span class="token">,</span> <span class="token">'hash'</span><span class="token">]</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">41</span>
<span class="linenumber react-syntax-highlighter-line-number">42</span> <span class="token">for</span> word <span class="token">in</span> wordlist<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">43</span>
<span class="linenumber react-syntax-highlighter-line-number">44</span> writer<span class="token">.</span><span class="token">writerow</span><span class="token">(</span><span class="token">[</span>word<span class="token">,</span> <span class="token">hash</span><span class="token">(</span>word<span class="token">)</span><span class="token">]</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">45</span>
<span class="linenumber react-syntax-highlighter-line-number">46</span> except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">47</span>
<span class="linenumber react-syntax-highlighter-line-number">48</span> <span class="token">print</span><span class="token">(</span>f<span class="token">'failed to create rainbow table: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">49</span>
<span class="linenumber react-syntax-highlighter-line-number">50</span> <span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">51</span>
<span class="linenumber react-syntax-highlighter-line-number">52</span>
<span class="linenumber react-syntax-highlighter-line-number">53</span> <span class="token">if</span> __name__ <span class="token">==</span> <span class="token">'__main__'</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">54</span>
<span class="linenumber react-syntax-highlighter-line-number">55</span> WORDLIST_URL <span class="token">=</span> <span class="token">'https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/2df55facf06c7742f2038a8f6607ea9071596128/Real-Passwords/Top1575-probable-v2.txt'</span>
<span class="linenumber react-syntax-highlighter-line-number">56</span>
<span class="linenumber react-syntax-highlighter-line-number">57</span> RAINBOW_TABLE_PATH <span class="token">=</span> <span class="token">'rainbow_table.csv'</span>
<span class="linenumber react-syntax-highlighter-line-number">58</span>
<span class="linenumber react-syntax-highlighter-line-number">59</span> <span class="token">create_rainbow_table</span><span class="token">(</span>WORDLIST_URL<span class="token">,</span> RAINBOW_TABLE_PATH<span class="token">)</span>اکنون باید آخرین اسکریپت خود را ایجاد کنیم و نام آن را hack_database_v2.py بگذاریم. توجه داشته باشید که ما در این اسکریپت هم از بسیاری از متدهایی که در مثالهای قبلی آمده است، استفاده میکنیم. در ادامه کدهای مربوط به این اسکریپت آمده است:
import csv
<span class="linenumber react-syntax-highlighter-line-number">2</span>
<span class="linenumber react-syntax-highlighter-line-number">3</span>import hashlib
<span class="linenumber react-syntax-highlighter-line-number">4</span>
<span class="linenumber react-syntax-highlighter-line-number">5</span>from urllib<span class="token">.</span>request import urlopen
<span class="linenumber react-syntax-highlighter-line-number">6</span>
<span class="linenumber react-syntax-highlighter-line-number">7</span>def <span class="token">hash</span><span class="token">(</span>password<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">8</span>
<span class="linenumber react-syntax-highlighter-line-number">9</span>result <span class="token">=</span> hashlib<span class="token">.</span><span class="token">sha256</span><span class="token">(</span>password<span class="token">.</span><span class="token">encode</span><span class="token">(</span><span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">10</span>
<span class="linenumber react-syntax-highlighter-line-number">11</span><span class="token">return</span> result<span class="token">.</span><span class="token">hexdigest</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">12</span>
<span class="linenumber react-syntax-highlighter-line-number">13</span>def <span class="token">get_wordlist</span><span class="token">(</span>url<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">14</span>
<span class="linenumber react-syntax-highlighter-line-number">15</span><span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">16</span>
<span class="linenumber react-syntax-highlighter-line-number">17</span>with <span class="token">urlopen</span><span class="token">(</span>url<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">18</span>
<span class="linenumber react-syntax-highlighter-line-number">19</span>wordlist <span class="token">=</span> f<span class="token">.</span><span class="token">read</span><span class="token">(</span><span class="token">)</span><span class="token">.</span><span class="token">decode</span><span class="token">(</span><span class="token">'utf-8'</span><span class="token">)</span><span class="token">.</span><span class="token">splitlines</span><span class="token">(</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">20</span>
<span class="linenumber react-syntax-highlighter-line-number">21</span><span class="token">return</span> wordlist
<span class="linenumber react-syntax-highlighter-line-number">22</span>
<span class="linenumber react-syntax-highlighter-line-number">23</span>except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">24</span>
<span class="linenumber react-syntax-highlighter-line-number">25</span><span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get wordlist: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">26</span>
<span class="linenumber react-syntax-highlighter-line-number">27</span><span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">28</span>
<span class="linenumber react-syntax-highlighter-line-number">29</span>def <span class="token">get_users</span><span class="token">(</span>path<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">30</span>
<span class="linenumber react-syntax-highlighter-line-number">31</span><span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">32</span>
<span class="linenumber react-syntax-highlighter-line-number">33</span>result <span class="token">=</span> <span class="token">[</span><span class="token">]</span>
<span class="linenumber react-syntax-highlighter-line-number">34</span>
<span class="linenumber react-syntax-highlighter-line-number">35</span>with <span class="token">open</span><span class="token">(</span>path<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">36</span>
<span class="linenumber react-syntax-highlighter-line-number">37</span>reader <span class="token">=</span> csv<span class="token">.</span><span class="token">DictReader</span><span class="token">(</span>f<span class="token">,</span> delimiter<span class="token">=</span><span class="token">','</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">38</span>
<span class="linenumber react-syntax-highlighter-line-number">39</span><span class="token">for</span> row <span class="token">in</span> reader<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">40</span>
<span class="linenumber react-syntax-highlighter-line-number">41</span>result<span class="token">.</span><span class="token">append</span><span class="token">(</span><span class="token">dict</span><span class="token">(</span>row<span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">42</span>
<span class="linenumber react-syntax-highlighter-line-number">43</span><span class="token">return</span> result
<span class="linenumber react-syntax-highlighter-line-number">44</span>
<span class="linenumber react-syntax-highlighter-line-number">45</span>except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">46</span>
<span class="linenumber react-syntax-highlighter-line-number">47</span><span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get users: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">48</span>
<span class="linenumber react-syntax-highlighter-line-number">49</span><span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">50</span>
<span class="linenumber react-syntax-highlighter-line-number">51</span>def <span class="token">get_rainbow_table</span><span class="token">(</span>path<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">52</span>
<span class="linenumber react-syntax-highlighter-line-number">53</span><span class="token">try</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">54</span>
<span class="linenumber react-syntax-highlighter-line-number">55</span>result <span class="token">=</span> <span class="token">[</span><span class="token">]</span>
<span class="linenumber react-syntax-highlighter-line-number">56</span>
<span class="linenumber react-syntax-highlighter-line-number">57</span>with <span class="token">open</span><span class="token">(</span>path<span class="token">)</span> as f<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">58</span>
<span class="linenumber react-syntax-highlighter-line-number">59</span>reader <span class="token">=</span> csv<span class="token">.</span><span class="token">DictReader</span><span class="token">(</span>f<span class="token">,</span> delimiter<span class="token">=</span><span class="token">','</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">60</span>
<span class="linenumber react-syntax-highlighter-line-number">61</span><span class="token">for</span> row <span class="token">in</span> reader<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">62</span>
<span class="linenumber react-syntax-highlighter-line-number">63</span>result<span class="token">.</span><span class="token">append</span><span class="token">(</span><span class="token">dict</span><span class="token">(</span>row<span class="token">)</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">64</span>
<span class="linenumber react-syntax-highlighter-line-number">65</span><span class="token">return</span> result
<span class="linenumber react-syntax-highlighter-line-number">66</span>
<span class="linenumber react-syntax-highlighter-line-number">67</span>except Exception as e<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">68</span>
<span class="linenumber react-syntax-highlighter-line-number">69</span><span class="token">print</span><span class="token">(</span>f<span class="token">'failed to get rainbow table: {e}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">70</span>
<span class="linenumber react-syntax-highlighter-line-number">71</span><span class="token">exit</span><span class="token">(</span><span class="token">1</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">72</span>
<span class="linenumber react-syntax-highlighter-line-number">73</span>def <span class="token">match_hash</span><span class="token">(</span>users<span class="token">,</span> rainbow_table<span class="token">)</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">74</span>
<span class="linenumber react-syntax-highlighter-line-number">75</span><span class="token">for</span> user <span class="token">in</span> users<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">76</span>
<span class="linenumber react-syntax-highlighter-line-number">77</span>password_hash <span class="token">=</span> <span class="token">hash</span><span class="token">(</span>user<span class="token">[</span><span class="token">'password'</span><span class="token">]</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">78</span>
<span class="linenumber react-syntax-highlighter-line-number">79</span><span class="token">for</span> row <span class="token">in</span> rainbow_table<span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">80</span>
<span class="linenumber react-syntax-highlighter-line-number">81</span><span class="token">if</span> password_hash <span class="token">==</span> row<span class="token">[</span><span class="token">'hash'</span><span class="token">]</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">82</span>
<span class="linenumber react-syntax-highlighter-line-number">83</span><span class="token">print</span><span class="token">(</span>
<span class="linenumber react-syntax-highlighter-line-number">84</span>
<span class="linenumber react-syntax-highlighter-line-number">85</span>f<span class="token">'username: {user["username"]}, password {row["password"]}'</span><span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">86</span>
<span class="linenumber react-syntax-highlighter-line-number">87</span><span class="token">if</span> __name__ <span class="token">==</span> <span class="token">'__main__'</span><span class="token">:</span>
<span class="linenumber react-syntax-highlighter-line-number">88</span>
<span class="linenumber react-syntax-highlighter-line-number">89</span>WORDLIST_URL <span class="token">=</span> <span class="token">'https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/2df55facf06c7742f2038a8f6607ea9071596128/Real-Passwords/Top12Thousand-probable-v2.txt'</span>
<span class="linenumber react-syntax-highlighter-line-number">90</span>
<span class="linenumber react-syntax-highlighter-line-number">91</span>DATABASE_PATH <span class="token">=</span> <span class="token">'database.csv'</span>
<span class="linenumber react-syntax-highlighter-line-number">92</span>
<span class="linenumber react-syntax-highlighter-line-number">93</span>RAINBOW_TABLE_PATH <span class="token">=</span> <span class="token">'rainbow_table.csv'</span>
<span class="linenumber react-syntax-highlighter-line-number">94</span>
<span class="linenumber react-syntax-highlighter-line-number">95</span>users <span class="token">=</span> <span class="token">get_users</span><span class="token">(</span>DATABASE_PATH<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">96</span>
<span class="linenumber react-syntax-highlighter-line-number">97</span>rainbow_table <span class="token">=</span> <span class="token">get_rainbow_table</span><span class="token">(</span>RAINBOW_TABLE_PATH<span class="token">)</span>
<span class="linenumber react-syntax-highlighter-line-number">98</span>
<span class="linenumber react-syntax-highlighter-line-number">99</span><span class="token">match_hash</span><span class="token">(</span>users<span class="token">,</span> rainbow_table<span class="token">)</span>در این مرحله از کار، باید از طریق کد زیر، اسکریپت را اجرا کنید:
python3 hack_database_v2.py
در حال حاضر بیشتر سیستمها از الگوریتمهای قدرتمند و حرفهای برای ذخیرهسازی رمز عبور مثل Bcrypt، Scrypt یا Argon2 استفاده میکنند و این الگوریتمها، در برابر جدولهای رنگینکمانی بسیار مقاوم هستند. حتا اگر پسوردها برابر باشند، هر هش، یگانه و منحصر به فرد است و به همین دلیل دیگر جدولهای رنگینکمانی کارگشا نیستند؛ از این رو امروزه دیگر جدولهای رنگینکمانی محبوبیت چندانی ندارند.
تبدیل شدن به یک برنامهنویس حرفهای و تمامعیار پایتون با دورههای مکتبخونه
در این مقاله تلاش کردیم روشهایی برای هک پسورد با پایتون ارائه دهیم. با این روشها میتوانید هر پسوردی را هک کنید. حتا اگر دنبال هک رمز گوشی با پایتون هستید هم این روشها برای شما مفید و کارآمد هستند.
در صورتی که تمایل دارید به یک برنامهنویس حرفهای پایتون تبدیل شوید و کلیه تکنیکها و ترفندهای این زبان برنامهنویسی را یاد بگیرید، پیشنهاد میشود که در دورههای آموزشی جامع و تخصصی پایتون شرکت کنید. پلتفرم آموزشی مکتبخونه، یکی از مراکزی است که دورههای مربوط به این زبان برنامهنویسی را به صورت آنلاین برگزار میکند. در صورت تمایل به آشنایی با دورههای آموزشی پایتون مکتبخونه و ثبت نام در این دورهها، کافی است به صفحه آموزش پایتون مراجعه کنید.
آیا علاوه بر روشهایی که در این مقاله بیان شد، روش دیگری برای هک پسورد با پایتون بلدید؟ لطفاً نظرها، پیشنهادها و تجربیات خود را با ما و سایر همراهان مکتبخونه در بخش دیدگاهها (زیر همین مقاله) به اشتراک بگذارید.
