In the next few subsections, we will look at how we can use Perl to crack the commonly used SHA1 and less likely used MD5 password hashes. This is a simple task in Perl but, as previously mentioned, requires a lot of CPU power to accomplish and is very slow. We will simply perform the hashing process on each line from a password list file and compare its output to the compromised password hash value.
In this section, we will use the SHA1 Perl module, Digest::SHA
, to create the password hashes for comparison. We will also try to crack the SHA1 hashes that we obtained in Chapter 7, SQL Injection with Perl. If we recall those hashes and usernames, we have the following commands:
Table: users has record count of: 6 1 trevelyn cbfdac6008f9cab4083784cbd1874f76618d2a97 2 gabriella a3ce284b3e5d63708dde3d7d9138f835a6760a57 3 chloe a2c91ed5cf3ec12fe5e4904d34667310ca8182af 4 julie 59c826fc854197cbd4d1083bce8fc00d0761e8b3 5 petey bf614e25ec8503d7c938bb0ea0609b74fd93d517...