Question
Assignment Description You are asked to develop a password brute-force tool that targets a web app. This web app uses hashing (SHA-256) and salt (an
Assignment Description You are asked to develop a password brute-force tool that targets a web app. This web app uses hashing (SHA-256) and salt (an alphanumeric string of length 5) to protect passwords. We also know that only [A-Z], [a-z], [0-9], [#$!&] characters are allowed in the passwords, but the web app does not check passwords' lengths upon user signup; thus, some users might have short passwords. Upon signup, a random salt value of length 5 is generated for each user and stored (in plaintext) along user id and the SHA-256 hash of the user's password+salt. You have hacked the user data file of this web app that includes the hash of user passwords and their plaintext salts, but plaintext passwords are nowhere in the data. Thus, you need to use brute force (because hash functions are irreversible) to recover the original password. Example of hacked user data: user_id, user_password_hash, user_salt 1458451, cdd0cdba5a676747d11f5c17cf2e156fdfcb66ecf1cabd003c7d0cf544c73bf2, a567c 1785634, 7f68eb242ccd959f4337a71119608f8154a6a7a5e912b27dd6ecf371a77344d1, 5ctyk 5246513, aea84d8ef0c273f4ea22c3c4ebb0a29aca381898b6bc73808f29053e3d44b513, yc9za We want to build an offline password brute-force software in python to recover users' passwords in this dataset. We only want to recover passwords of up to length 8. Your program receives a dataset of user data as a file where the file includes n lines of text, and each line corresponds to one user: Example of input file content: 1458451, cdd0cdba5a676747d11f5c17cf2e156fdfcb66ecf1cabd003c7d0cf544c73bf2, a567c 1785634, 7f68eb242ccd959f4337a71119608f8154a6a7a5e912b27dd6ecf371a77344d1, 5ctyk 5246513, aea84d8ef0c273f4ea22c3c4ebb0a29aca381898b6bc73808f29053e3d44b513, yc9za Your program should be called as follows: > python3 main.py Links to an external site.input.txt where input.txt is the input file passed to the program as an argument. Receiving this input, your program needs to generate all passwords of lengths 1 to at least 8 and try them against each user. The output of your program is the list of user IDs, where for each user ID, you either print the successfully recovered password or "????" if the password was not recovered
Example of program output: 1458451, denver1 1785634, hello2 5246513, ????
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Current Trends In Database Technology Edbt 2006 Edbt 2006 Workshops Phd Datax Iidb Iiha Icsnw Qlqp Pim Parma And Reactivity On The Web Munich Germany March 2006 Revised Selected Papers Lncs 4254
Authors: Torsten Grust ,Hagen Hopfner ,Arantza Illarramendi ,Stefan Jablonski ,Marco Mesiti ,Sascha Muller ,Paula-Lavinia Patranjan ,Kai-Uwe Sattler ,Myra Spiliopoulou ,Jef Wijsen
2006th Edition
3540467882, 978-3540467885
