SHA-256 Password Hash Cracking

On a Kali Linux VM through UTM, I created a python script for cracking a SHA-256 Hashed Password using Sublime. I then tested it with a password that I knew was in the password list until successful.

I created this script during TCM's Python 101 for Hackers course.

Code

This is the final script. You can see my comments throughout the code detailing the purpose of different parts of it.

PROCESS

Password File

I chose to use the rockyou.txt file that was already installed on my kali linux vm. I used gunzip to unzip it and verified the file looked as it should.

I located the rockyou.txt on my vm.

I unzipped it with gunzip.

I verified it had been created, including the number of lines in the file & details.

Finding Password for Testing Script

In order to test the script, I needed to test it against a password in the list. I didn't want to choose the first password, because I wanted a couple of seconds to see the script run. I also didn't want to choose the last password because it would take a while. So, I used sed -n and p to print a password that was in the list that was close to the beginning but not too close.

Debugging

Bug #1 - Mistyped "progress"

Bug #2 - Didn't properly identify path to rockyou.txt

Bug #3 - Didn't save password in encoded format

Bug #4 - Needed to save in hex format rather than binary

Success