+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Password Hacker Science Project (/thread-2885.html)
Password Hacker Science Project - BenjC - Apr-17-2017
Hello,
I need some help with my science fair project. If you want to look at the sit I got my idea from just google "How easily can your password be hacked science fair". I am not sure that I have the code correct or even that I attached the password txt correctly. Here is my code though:
#!/usr/bin/python
# makeup of a good password. This program will help you understand some
# methods that people use to guess other people's passwords.
#
# the program begins execution at 'main' after the helper programs and functions
# are defined. You'll also notice that several functions have places where
# print() functions have been turned into comments. When debugging a program, it's
# helpful to add in more descriptive screen output than you might want later on.
# Once the program is working, you can remove the extra output os, as we've done here,
# 'comment it out' so that someone else can use it again later on if they decide to
# modify your program.
#Tell Python we want to use some functions it doesn't always use
import sys, time, hashlib
from array import *
#--------------- global variables we expect will be used by any function -----------
#
# a number from 1 to 6 selects which password we'll be trying to guess from
# a selection below.
which_password = 0
# the user names and password we're trying to 'crack'. These will get written
password0 = ""
password1 = ""
password2 = ""
password3 = ""
password4 = ""
password5 = ""
password6 = ""
# total number of guesses we had to make to find it
totalguesses = 0
#--------------- extra helper functions -------------------
# These will be used by our search routines later on. We'll get these defined and out
# of the way. The actual search program is called "main" and will be the last one
# defined. Once it's defined, the last statement in the file runs it.
#
#
## Convert a string into MD5 hash
def MD5me(s):
result = s.encode("utf-8")
result = hashlib.md5(result).hexdigest()
return result
# Takes a number from 0 on up and the number of digits we want it to have. It uses that
# number of digits to make a string like "0000" if we wanted 4 or "00000" if we wanted
# 5, converts our input number to a character string, sticks them together and then returns
# the number we started with, with extra zeroes stuck on the beginning.
def leading_zeroes(n, zeroes):
t=("0"*zeroes)+str(n)
t=t[-zeroes:]
return t
# check_userpass
def check_userpass(which_password, password):
global password0, password1, password2, password3
global password4, password5, password6
result = False
if (0 == which_password):
if password == password0:
result = True
if (1 == which_password):
if MD5me(password) == password1:
result = True
if (2 == which_password):
if (MD5me(password) == password2):
result = True
if (3 == which_password):
if (MD5me(password) == password3):
result = True
if (4 == which_password):
if (MD5me(password) == password4):
result = True
if (5 == which_password):
if (MD5me(password) == password5):
result = True
if (6 == which_password):
if (MD5me(password) == password6):
result = True
return result
# This displays the results of a search including tests per second when possible
def report_search_time(tests, seconds):
if (seconds > 0.000001):
print ("The search took "+make_human_readable(seconds)+" seconds for "+make_human_readable(tests)+" tests or "+make_human_readable(tests/seconds)+" tests per second.")
else:
print ("The search took "+make_human_readable(seconds)+" seconds for "+make_human_readable(tests)+" tests.")
return
# search method 1 will try using digits as the password.
def search_method_1(num_digits):
global totalguesses
result = False
a=0
#num_digits = 3 # How many digits to try. 1 = 0 to 9, 2 = 00 to 99, etc.
starttime = time.time()
tests = 0
still_searching = True
print("Using method 1 and searching for "+str(num_digits)+" digit numbers.")
while still_searching and a<(10**num_digits):
ourguess = leading_zeroes(a,num_digits)
tests = tests + 1
totalguesses = totalguesses + 1
if (check_userpass(which_password, ourguess)):
print ("Success! Password "+str(which_password)+" is " + ourguess)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess + " is NOT the password.")
a=a+1
seconds = time.time()-starttime
report_search_time(tests, seconds)
return result
# search method 2 is a simulation of a letter-style combination lock. Each'wheel' has the
# letters A-Z, a-z and 0-9 on it as well as a blank. The idea is that we have a number of
# wheels for a user name and password and we try each possible combination.
def search_method_2(num_pass_wheels):
global totalguesses
result = False
starttime = time.time()
tests = 0
still_searching = True
print("Using method 2 and searching with "+str(num_pass_wheels)+" password wheels.")
wheel = " ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
# we only allow up to 8 wheels for each password for now
if (num_pass_wheels > 8):
print("Unable to handle the request. No more than 8 characters for a password")
still_searching = False
# set all of the wheels to the first position
pass_wheel_array=array('i',[1,0,0,0,0,0,0,0,0])
while still_searching:
ourguess_pass = ""
for i in range(0,num_pass_wheels): # once for each wheel
if pass_wheel_array[i] > 0:
ourguess_pass = wheel[pass_wheel_array[i]] + ourguess_pass
#print ("trying ["+ourguess_pass+"]")
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
# spin the rightmost wheel and if it changes, spin the next one over and so on
carry = 1
for i in range(0,num_pass_wheels): # once for each wheel
pass_wheel_array[i] = pass_wheel_array[i] + carry
carry = 0
if pass_wheel_array[i] > 62:
pass_wheel_array[i] = 1
carry = 1
if i == (num_pass_wheels-1):
still_searching = False
seconds = time.time()-starttime
report_search_time(tests, seconds)
return result
# This function takes in numbers, rounds them to the nearest integer and puts
# commas in to make it more easily read by humans
def make_human_readable(n):
if n>=1:
result = ""
temp=str(int(n+0.5))
while temp != "":
result = temp[-3:] + result
temp = temp[:-3]
if temp != "":
result = "," + result
else:
temp = int(n*100)
temp = temp /100
result = str(temp)
return result
## A little helper program to remove any weird formatting in the file
def cleanup (s):
s = s.strip()
return s
## A little helper program that capitalizes the first letter of a word
def Cap (s):
s = s.upper()[0]+s[1:]
return s
# search method 3 uses a list of dictionary words. In this case, we have a list
# of the 500 most commonly used passwords in 2005 as collected by Mark Burnett
# for his book "Perfect Passwords" (ISBN 978-1597490412). Because the list comes
# from so many people around the world, we had to remove some of the passwords.
# People like to use passwords that they think will shock other people, so
# sometimes they're not fit for polite company.
def search_method_3(file_name):
global totalguesses
result = False
# Start by reading the list of words into a Python list
f = open(passwords.txt)
words = f.readlines()
f.close
# We need to know how many there are
number_of_words = len(words)
print("Using method 3 with "+str(number_of_words)+" in the list")
## Depending on the file system, there may be extra characters before
## or after the words.
for i in range(0, number_of_words):
words[i] = cleanup(words[i])
# Let's try each one as the password and see what happens
starttime = time.time()
tests = 0
still_searching = True
word1count = 0 # Which word we'll try next
while still_searching:
ourguess_pass = words[word1count]
#print("Guessing: "+ourguess_pass)
# Try it the way it is in the word list
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
else:
print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
# Now let's try it with the first letter capitalized
if still_searching:
ourguess_pass = Cap(ourguess_pass)
#print("Guessing: "+ourguess_pass)
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
else:
print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
word1count = word1count + 1
if (word1count >= number_of_words):
still_searching = False
seconds = time.time()-starttime
report_search_time(tests, seconds)
return result
## Search method 4 is similar to 3 in that it uses the dictionary, but it tries two
## two words separated by a punctuation character
def search_method_4(file_name):
global totalguesses
result = False
# Start by reading the list of words into a Python list
f = open(passwords.txt)
words = f.readlines()
f.close
# We need to know how many there are
number_of_words = len(words)
## Depending on the file system, there may be extra characters before
## or after the words.
for i in range(0, number_of_words):
words[i] = cleanup(words[i])
# Let's try each one as the password and see what happens
starttime = time.time()
tests = 0
still_searching = True
word1count = 0 # Which word we'll try next
punc_count = 0
word2count = 0
punctuation="~!@#$%^&*()_-+={}[]:<>,./X" # X is a special case where we omit
# the punctuation to run the words together
number_of_puncs = len(punctuation)
print("Using method 4 with "+str(number_of_puncs)+" punc chars and "+str(number_of_words)+" in the list")
while still_searching:
if ("X" == punctuation[punc_count]):
# If we're at the end of the string and found the 'X', leave it out
ourguess_pass = words[word1count] + words[word2count]
else:
ourguess_pass = words[word1count] + punctuation[punc_count] + words[word2count]
#print("Guessing: "+ourguess_pass)
# Try it the way they are in the word list
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
# Now let's try it with the first letter of the first word capitalized
if still_searching:
ourguess_pass = Cap(words[word1count]) + punctuation[punc_count] + words[word2count]
#print("Guessing: "+ourguess_pass)
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Passwword "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
# Now let's try it with the first letter of the second word capitalized
if still_searching:
ourguess_pass = words[word1count] + punctuation[punc_count] + Cap(words[word2count])
#print("Guessing: "+ourguess_pass)
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
# Now let's try it with the both words capitalized
if still_searching:
ourguess_pass = Cap(words[word1count]) + punctuation[punc_count] + Cap(words[word2count])
#print("Guessing: "+ourguess_pass)
if (check_userpass(which_password, ourguess_pass)):
print ("Success! Password "+str(which_password)+" is " + ourguess_pass)
still_searching = False # we can stop now - we found it!
result = True
#else:
#print ("Darn. " + ourguess_pass + " is NOT the password.")
tests = tests + 1
totalguesses = totalguesses + 1
word1count = word1count + 1
if (word1count >= number_of_words):
word1count = 0
punc_count = punc_count + 1
if (punc_count >= number_of_puncs):
punc_count = 0
word2count = word2count + 1
if (word2count >= number_of_words):
still_searching = False
seconds = time.time()-starttime
report_search_time(tests, seconds)
return result
def main(argv=None):
global password0, password1, password2, password3
global password4, password5, password6, totalguesses
global which_password
# This is a place for you to set a password of your own
password0 = "314"
# Set up the passwords we want to crack. These must be MD5 hash
# data blocks. Set them up using MD5me like:
# 'password1=MD5me("ScienceBuddies")'
#
password1="202cb962ac59075b964b07152d234b70"
password2="570a90bfbf8c7eab5dc5d4e26832d5b1"
password3="f78f2477e949bee2d12a2c540fb6084f"
password4="09408af74a7178e95b8ddd4e92ea4b0e"
password5="2034f6e32958647fdff75d265b455ebf"
password6="9b3af42d61cde121f40b96097fb77d3e"
# start searching
which_password = 1
which_password = int(input("Which password (0-6)? "))
overallstart = time.time()
foundit = False
print("Trying to guess password "+str(which_password))
# Look through our list of common passwords first
if not foundit:
foundit = search_method_3("passwords.txt")
# Still looking? Let's combine the common passwords 2 at a time
if not foundit:
foundit = search_method_4("passwords.txt")
# Still looking? See if it's a single digit
if not foundit:
foundit = search_method_1(1)
# Still looking? See if it's a 2 digit number
if not foundit:
foundit = search_method_1(2)
# Still looking? See if it's a 3 digit number
if not foundit:
foundit = search_method_1(3)
# Still looking? See if it's a 4 digit number
if not foundit:
foundit = search_method_1(4)
# Still looking? Use our rotary wheel simulation up to 6 wheels.
# This should take care of any 5 digit number as well as letter
# combinations up to 6 characters
if not foundit:
foundit = search_method_2(6)
# Still looking? Try 7 digit numbers
if not foundit:
foundit = search_method_1(7)
# Still looking? Try 8 digit numbers
if not foundit:
foundit = search_method_1(8)
seconds = time.time()-overallstart
# When testing this project, some users reported that the next lines of code reported
# an error when Python tried to divide by zero. On those machines, the clock seems
# to think that the seconds calculation just above gave us "zero" seconds which doesn't
# make any sense. To avoid the crash though, we'll test for that case and avoid the
# problem.
if (seconds < 0.00001):
print ("The total search for all methods took "+make_human_readable(seconds)+" seconds and "+make_human_readable(totalguesses)+" guesses.")
print ("(on some machines, Python doesn't know how long things actually took)")
else:
print ("The total search for all methods took "+make_human_readable(seconds)+" seconds and "+make_human_readable(totalguesses)+" guesses.("+make_human_readable(totalguesses/seconds)+" guesses per second)")
if foundit:
if (6 == which_password):
print("Wow! Be sure to confirm your find at ")
elif (0 == which_password): # The Science Buddies website can't confirm passwords you added yourself
print ("Your algorithm correctly guessed the password you entered. Try some others or see if you can make it guess faster.")
else:
print("You can confirm your find at ")
print ("Science Buddies: How Easily Can Your password Be Hacked?")
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))When I run the code it doesnt even try to use method 3 or 4 so it only tries to guess a string of numbers but no letters.
Moderator sparkz_alot:
Added spoiler tags
RE: Password Hacker Science Project - sparkz_alot - Apr-17-2017
This looks as if it was just copied from the web site. It also seems the site has it's own forum regarding this particular lesson. So what leads you to believe it's not using tests 3 and 4? Did you modify the code? Did you modify the text file? Are you receiving any errors?
RE: Password Hacker Science Project - volcano63 - Apr-17-2017
Wow, that is too much effort
.Before help - 444 lines of code
, and many of them redundant 
- you need Code Review first.Let me start by - ever heard of lists, elif? You just don't add numbers to names - you make list!
Let's start
passwords = [""] * 6Now, about global - the only time you need global is when you want to re-assign value within a function - and it is still a bad idea. Outer-scope variables are visible within enclosed functions as they are - without qualifier. Still, arguments are better
But still - you write a lot of redundant code - you first function - since only one condition will be true - all ifs, startig from second and excluding the last, should be elifs, and the last should be else
if which_password == 0: ..... elif which_password == 1: .....But even that is still lousy! Why? You repeat yourself! And - as I was recently preached to on FB
, there's a DRY approach (the priestess called it paradigm 
), Don't Repeat YourselfSo, instead of this monstrosity, you may write just that
def check_userpass(password_index, password_guess, passwords): if password_index == 0: return password_guess == passwords[0] elif password_index <len(passwords): return MD5me(password_guess) == passwords[password_index] return FalseConcise, readable and to the point.
I am done for now. Now your turn - start chopping away redundancies in your code