You are going to create a program that trys to hack users passwords given a list of the top 500 (450 with the explicit ones taken out) most common passwords (available in passwords.txt). You will also add in some common trick that people use to make their password 'more secure' like adding numbers or special characters to the end of a word. This will be an eye opener to how easily passwords can be hacked.
To do this you will have a list of usernames for the site you want to hack user_list imported from the password_check module that I wrote. You will also have access to a function check_user_pass that takes as parameters username and password and will return True if password is username's password and False if it is not a match. (Imagine it is like you checking by logging into a website)
#example
check_user_pass('Olivia', '123456') # -> True
check_user_pass('Olivia', '13579') # -> False
Fill in the functions starting with getallpasswords, and run the code. See if you can hack all seven user's passwords.
Since this is a project, the training wheels are off. Instead of telling you how to do something I'm only going to tell you what to do, and you can figure out the rest. I encourage you to look back over old lessons and to take your time, this should take much longer than other end of lesson projects.
In [ ]:
# Run this first no matter what!
from password_check import check_user_pass, user_list
In [ ]:
def getallpasswords():
'''
Opens file with list of all passwords and populates a list
with all of the passwords. (Don't forget to strip off the newline character)
Returns: the list of passwords
'''
pass
In [ ]:
def check_basic_passwords(user):
'''
Uses the check_user_pass function to check if a
user has a password that exactly matches one from the list
Returns: The password if there is a match, False if not
'''
pass
In [ ]:
def check_passwords_plus_number(user):
'''
Uses the check_user_pass function to check if a
user has a password that matches one from the list with a number from 0-9
either at the begining or the end of the password ex. 1password or password6
Returns: The password if there is a match, False if not
'''
pass
In [ ]:
def check_passwords_plus_special_char(user):
'''
Uses the check_user_pass function to check if a
user has a password that matches one from the list with a special character
in the following set: . ! @ # $ % ^ & *
either at the begining or the end of the password ex. #password or password^
Returns: The password if there is a match, False if not
'''
pass
In [ ]:
def check_passwords_plus_num_and_special_char(user):
'''
Uses the check_user_pass function to check if a
user has a password that matches one from the list with a special character
in the following set: . ! @ # $ % ^ & * and a number from 0-9
either at the begining or the end of the password in either order (6 possible permutations)
ex. #1password or 5password^
Returns: The password if there is a match, False if not
'''
pass
In [ ]:
def common_replacements(user):
'''
Uses the check_user_pass function to check if a
user has a password that matches one from the list with all of one of the vowels
replaced by a number with the following mapping a->4, e->3, i->1, o->0
ex. d0ct0r
Returns: The password if there is a match, False if not
'''
pass
In [ ]:
# Get a list of all passwords from the password file
passwords = getallpasswords()
# Loop through all users in website
for u in user_list:
# Check if any passwords match (this uses short circuiting, so as soon as one function returns a password, )
password = check_basic_passwords(u) or check_passwords_plus_number(u) or \
check_passwords_plus_special_char(u) or check_passwords_plus_num_and_special_char(u) or \
common_replacements(u)
if password:
print(u, password)
else:
print("Oops")