Password Hashing and Cracking Scripts

This repository contains two Python scripts designed for password security and analysis:

1. gen_login.py: A script for generating secure bcrypt-based hashed passwords.
2. reverse_hash.py: A script for cracking hashed passwords using a dictionary-based approach.

Both scripts are inspired by the tools and concepts described on Crackstation.net, and follow their recommendations for proper password hashing and cracking techniques.

---

Features

gen_login.py

• Generates a secure bcrypt hash for a username-password pair.
• Outputs the result in the format: username:bcrypt_hash.
• Designed to safeguard user credentials against brute force and dictionary attacks.

reverse_hash.py

• Attempts to crack a given hash using a provided dictionary file.
• Supports multiple hashing algorithms:
  • MD5
  • SHA1
  • SHA224
  • SHA256
• Outputs the discovered password or indicates that no match was found.

---

Requirements

Prerequisites

• Python 3.7 or later.
• bcrypt Python library (for gen_login.py).

Install dependencies:

pip install bcrypt

Supported Platforms

• Windows
• Linux
• macOS

---

Installation

Windows

1. Install Python:

   • Download the latest version of Python from python.org.

2. Clone the repository:

   git clone https://github.com/Luffy0xCyber/Hashing-and-Cracking.git
   cd Hashing-and-Cracking

3. Install dependencies:

   pip install bcrypt

4. Run the scripts:

   • To generate a hashed password:

     python gen_login.py <username> <password>

   • To crack a hash:

     python reverse_hash.py <hash> <dictionary_file>

Linux & macOS

1. Install Python:

   • Most Linux and macOS systems have Python pre-installed. To install or update Python refers to How to install Python on Linux?

2. Clone the repository:

   git clone https://github.com/Luffy0xCyber/Hashing-and-Cracking.git
   cd Hashing-and-Cracking

3. Install dependencies:

   pip3 install bcrypt

4. Run the scripts:

   • Make the scripts executable:

     chmod +x gen_login.py reverse_hash.py

   • To generate a hashed password:

     ./gen_login.py <username> <password>

   • To crack a hash:

     ./reverse_hash.py <hash> <dictionary_file>

---

Usage Examples

Generating a Secure Login Entry

python gen_login.py alice mysecurepassword

Output:

alice:$2b$12$H3wGJ6fjBZ9Mhfji.FqauuLHo0QxQj2blfQQDXMifJ5FA9XEzpX2m

Cracking a Hash

Given a hash 5f4dcc3b5aa765d61d8327deb882cf99 and a dictionary file passwords.lst :

python reverse_hash.py 5f4dcc3b5aa765d61d8327deb882cf99 passwords.lst

_About the dictionary file, you can create a list of passwords or download it from the internet. For example, you can download a list of passwords from here_

Output:

Found password `password` with matching MD5 hash.

---

Security Practices

This repository is inspired by Crackstation, a well-known resource for password security. The recommendations for secure password storage, such as using bcrypt with proper salt, are implemented in gen_login.py. For more information on securing passwords, refer to this article.

---

Limitations

• reverse_hash.py is limited to MD5, SHA1, SHA224, and SHA256 algorithms.
• Cracking efficiency depends on the size and quality of the dictionary file.

---

License

This project is no licensed. You are free to use, modify, and distribute the code as needed.

---