A C-based tool for cracking shadow files through dictionary, rainbow table cracking, and brute-force techniques.
This educational tool demonstrates password security concepts by implementing:
-
Attack Methods
- Dictionary attacks
- Brute force attacks
- Rainbow table attacks
-
Supported Hash Algorithms
- MD5 (
$1$format) - SHA-256 (
$5$format) - bcrypt (
$2a$format)
- MD5 (
To understand more about shadow files in the context of this project, go to Shadow Files.
The project includes a devcontainer configuration for an isolated, reproducible development environment:
-
Prerequisites
-
Setup Steps
# Clone the repository git clone https://github.com/G3mha/pwcracker.git cd pwcracker # Open in VS Code code . # When prompted, click "Reopen in Container" # Or use Command Palette (F1): "Dev Containers: Reopen in Container"
-
Building Inside Devcontainer
mkdir build && cd build cmake .. make clean; make
The project includes comprehensive tests using the Criterion framework:
# In the build directory
ctest --output-on-failure
# To run specific test
./test/test_dictionary
./test/test_brute_force
./test/test_rainbow_table
./test/test_cliThe executable provides various options for password cracking:
# Dictionary attack example
./src/pwcracker -d ../data/test_pws.txt ../data/test_hashed_md5.txt
# Brute force attack with custom charset and length
./src/pwcracker -b -c "abc123" -l 4 ../data/test_hashed_md5.txt
# Rainbow table attack
./src/pwcracker -r ../data/test_rainbow_table.txt ../data/test_hashed_md5.txt
# Benchmark mode
./src/pwcracker -B
# Multi-threaded attack with timeout
./src/pwcracker -d ../data/test_pws.txt -t 4 -T 30 ../data/test_hashed_sha256.txt-b, --brute-force Use brute force attack
-c, --charset=CHARSET Character set for brute force
-d, --dictionary=FILE Use dictionary attack with specified wordlist
-B, --benchmark Run in benchmark mode
-H, --hash-type=TYPE Specify hash type (md5, sha256, bcrypt)
-l, --max-length=LENGTH Maximum password length for brute force
-o, --output=FILE Write results to FILE
-t, --threads=NUM Number of threads to use
-T, --timeout=SECONDS Timeout in seconds
-v, --verbose Produce verbose output
The repository includes test data:
data/test_pws.txt: Common passwords for dictionary attacksdata/test_hashed_md5.txt: MD5-hashed passwordsdata/test_hashed_sha256.txt: SHA-256 hashed passwordsdata/test_hashed_bcrypt.txt: bcrypt hashed passwordsdata/test_rainbow_table.txt: Sample rainbow table
This tool is intended for educational purposes and security research only. Usage against systems without explicit permission is illegal and unethical.
This project is licensed under the AGPL License - see the LICENSE file for details.
The test files used in this project's unitary tests are generate using built-in commands from UNIX, like:
md5 -s "<salt><password>" # For MD5