w3resource

Python Cyber Security - Program for simulating dictionary attack on password


Write a Python program that simulates a dictionary attack on a password by trying out a list of commonly used passwords and their variations.

Note: This is a simple example and for educational purposes only and is not intended to be used for illegal purposes. In real-world scenarios, password attacks should only be carried out with explicit permission from the system owner being attacked.

Sample Solution:

Python Code:

import hashlib
# List of commonly used passwords and their variations
common_passwords = ["password", "password123", "letmein", "qwerty", "123456", "abc123", "admin", "welcome", "monkey", "sunshine"]
password_variations = ["", "123", "1234", "12345", "123456", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "-", "_", "+", "=", "/", "\\", "|", "[", "]", "{", "}", "<", ">"]
# Hash of the password to be attacked
hashed_password = hashlib.sha256(b"mypass12#@").hexdigest()
# Try out all possible combinations of common passwords and their variations
for password in common_passwords:
    for variation in password_variations:
        possible_password = password + variation
        hashed_possible_password = hashlib.sha256(possible_password.encode()).hexdigest()
        if hashed_possible_password == hashed_password:
            print(f"Password found: {possible_password}")
            break
    else:
        continue
    break
else:
    print("Password not found")

Sample Output:

Password not found

Explanation:

In the above exercise, we first define a list of commonly used passwords and their variations. We then define the hash of the password we want to attack (in this example, "mypass12#@" is hashed using SHA-256).

We then use a nested loop to try out all possible combinations of common passwords and their variations. For each combination, we hash the password using SHA-256 and check if it matches the hashed password we want to attack. If a match is found, we print the password and exit the loop. If no match is found, we print a message indicating that the password was not available.

Note:

Possible passwords generated the said program. 
password
password123
password1234
password12345
password123456
password!
password@
password#
password$
password%
password^
password&
password*
password(
password)
password-
password_
password+
password=
password/
password\
password|
password[
password]
password{
password}
password<
password>
password123
password123123
password1231234
password12312345
password123123456
password123!
password123@
password123#
password123$
password123%
password123^
password123&
password123*
password123(
password123)
password123-
password123_
password123+
password123=
password123/
password123\
password123|
password123[
password123]
password123{
password123}
password123<
password123>
letmein
letmein123
letmein1234
letmein12345
letmein123456
letmein!
letmein@
letmein#
letmein$
letmein%
letmein^
letmein&
letmein*
letmein(
letmein)
letmein-
letmein_
letmein+
letmein=
letmein/
letmein\
letmein|
letmein[
letmein]
letmein{
letmein}
letmein<
letmein>
qwerty
qwerty123
qwerty1234
qwerty12345
qwerty123456
qwerty!
qwerty@
qwerty#
qwerty$
qwerty%
qwerty^
qwerty&
qwerty*
qwerty(
qwerty)
qwerty-
qwerty_
qwerty+
qwerty=
qwerty/
qwerty\
qwerty|
qwerty[
qwerty]
qwerty{
qwerty}
qwerty<
qwerty>
123456
123456123
1234561234
12345612345
123456123456
123456!
123456@
123456#
123456$
123456%
123456^
123456&
123456*
123456(
123456)
123456-
123456_
123456+
123456=
123456/
123456\
123456|
123456[
123456]
123456{
123456}
123456<
123456>
abc123
abc123123
abc1231234
abc12312345
abc123123456
abc123!
abc123@
abc123#
abc123$
abc123%
abc123^
abc123&
abc123*
abc123(
abc123)
abc123-
abc123_
abc123+
abc123=
abc123/
abc123\
abc123|
abc123[
abc123]
abc123{
abc123}
abc123<
abc123>
admin
admin123
admin1234
admin12345
admin123456
admin!
admin@
admin#
admin$
admin%
admin^
admin&
admin*
admin(
admin)
admin-
admin_
admin+
admin=
admin/
admin\
admin|
admin[
admin]
admin{
admin}
admin<
admin>
welcome
welcome123
welcome1234
welcome12345
welcome123456
welcome!
welcome@
welcome#
welcome$
welcome%
welcome^
welcome&
welcome*
welcome(
welcome)
welcome-
welcome_
welcome+
welcome=
welcome/
welcome\
welcome|
welcome[
welcome]
welcome{
welcome}
welcome<
welcome>
monkey
monkey123
monkey1234
monkey12345
monkey123456
monkey!
monkey@
monkey#
monkey$
monkey%
monkey^
monkey&
monkey*
monkey(
monkey)
monkey-
monkey_
monkey+
monkey=
monkey/
monkey\
monkey|
monkey[
monkey]
monkey{
monkey}
monkey<
monkey>
sunshine
sunshine123
sunshine1234
sunshine12345
sunshine123456
sunshine!
sunshine@
sunshine#
sunshine$
sunshine%
sunshine^
sunshine&
sunshine*
sunshine(
sunshine)
sunshine-
sunshine_
sunshine+
sunshine=
sunshine/
sunshine\
sunshine|
sunshine[
sunshine]
sunshine{
sunshine}
sunshine<
sunshine>

Flowchart:

Flowchart: Check if passwords in a list have been leaked in data breaches

Python Code Editor:

Have another way to solve this solution? Contribute your code (and comments) through Disqus.

Previous: Generate password from a dictionary file.
Next: Program for a Brute-Force Attack on Passwords.

What is the difficulty level of this exercise?

Test your Programming skills with w3resource's quiz.



Follow us on Facebook and Twitter for latest update.