Question: Assignment Description You are asked to develop a password brute-force tool that targets a web app. This web app uses hashing (SHA-256) and salt (an

Assignment Description You are asked to develop a password brute-force tool that targets a web app. This web app uses hashing (SHA-256) and salt (an alphanumeric string of length 5) to protect passwords. We also know that only [A-Z], [a-z], [0-9], [#$!&] characters are allowed in the passwords, but the web app does not check passwords' lengths upon user signup; thus, some users might have short passwords. Upon signup, a random salt value of length 5 is generated for each user and stored (in plaintext) along user id and the SHA-256 hash of the user's password+salt. You have hacked the user data file of this web app that includes the hash of user passwords and their plaintext salts, but plaintext passwords are nowhere in the data. Thus, you need to use brute force (because hash functions are irreversible) to recover the original password. Example of hacked user data: user_id, user_password_hash, user_salt 1458451, cdd0cdba5a676747d11f5c17cf2e156fdfcb66ecf1cabd003c7d0cf544c73bf2, a567c 1785634, 7f68eb242ccd959f4337a71119608f8154a6a7a5e912b27dd6ecf371a77344d1, 5ctyk 5246513, aea84d8ef0c273f4ea22c3c4ebb0a29aca381898b6bc73808f29053e3d44b513, yc9za We want to build an offline password brute-force software in python to recover users' passwords in this dataset. We only want to recover passwords of up to length 8. Your program receives a dataset of user data as a file where the file includes n lines of text, and each line corresponds to one user: Example of input file content: 1458451, cdd0cdba5a676747d11f5c17cf2e156fdfcb66ecf1cabd003c7d0cf544c73bf2, a567c 1785634, 7f68eb242ccd959f4337a71119608f8154a6a7a5e912b27dd6ecf371a77344d1, 5ctyk 5246513, aea84d8ef0c273f4ea22c3c4ebb0a29aca381898b6bc73808f29053e3d44b513, yc9za Your program should be called as follows: > python3 main.py Links to an external site.input.txt where input.txt is the input file passed to the program as an argument. Receiving this input, your program needs to generate all passwords of lengths 1 to at least 8 and try them against each user. The output of your program is the list of user IDs, where for each user ID, you either print the successfully recovered password or "????" if the password was not recovered

Example of program output: 1458451, denver1 1785634, hello2 5246513, ????

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

I have to create a program in C and I can't figure it out. The program has to read a source file. Please help. /******************************************************************** PROJECT: Glossary...

Q:

JAVA PROGRAMMING please, thanks. Java programming. Every info needed has been provided. Thanks. Data Structures & Algorithms I Target Topics: Stacks & Queues Assignment Description: You are asked to...

Q:

JAVA PROGRAMMING LANGUAGE PREFERRED. Thank you! Target Topics: Stacks & Queues Assignment Description: You are asked to write a program that simulates processing documents in some imaginary legal...

Q:

ACCT 4550 - Accounting Data Analytics Homework #3 Instructions: This assignment is a follow-up on the in-class activity we did over the HUB analytics files. Please complete the assignment using...

Q:

THIS IS A JAVA CODE Assignment Description: You are asked to write a program that simulates processing documents in some imaginary legal office. This process involves a secretary, and two clerks....

Q:

Hello, Please I would like assistance with these stacks and Queues and coded in Java. Thank you Assignment Description: You are asked to write a program that simulates processing documents in some...

Q:

you will select an organization where you are currently employed or one that you are familiar with and find interesting.The company is Opay, You will delve into the realm of organizational innovation...

Q:

Assignment description You are asked to develop a web-based project over three phases. The project should allow you to control an items stock on a centralized server in order to update it and to...

Q:

Assignment Description: Bibitor, LLC asked you to complete due diligence on their wine and spirits business. Bibitor has 79 retail locations with approximately $484 million in sales. Their CFO is at...

Q:

General project instructions: Please read this document carefully, if you submit the assignment incorrectly and are asked to resubmit it for any reason, it will be considered as at least one day...

Q:

A dockworker applies a constant horizontal force of 89.0 N to a block of ice on a smooth horizontal floor. The frictional force is negligible. The biock starts from rest and moves a distance 12.5 m...

Q:

Many analysts argue that RBC requirements should force banks to raise loan rates. Explain this by assuming that a banks management sets loan rates to earn a 16 percent ROE. How does the allocation of...

Q:

Why is the selection of a proper predetermined rate so essential to accuratecosting? Explain.

Q:

SIMAD UNIVERSITY Class: BACC25 Subject: Islamic Accounting Instructions: a) Follow The Instructions. Midterm Exam Instructor: All Ibrahim Date: 6-4-2022 b) You Have 1.5 Hrs. To Complete This Test. c)...

Q:

Debate the diffi culties that could emerge with the direct transfer of Western HRM methods into a Gulf country. What approaches should you adopt to avoid these diffi culties?

Q:

In the Meteor case study, Sarah has put together a comprehensive human resource plan. Think about what could go wrong or what diffi culties could be faced and work out how you could deal with these...

Q:

Read the article about the staff shortages in Essex County Council. Think of other areas where there are shortages of professional staff (accounting, legal, planning, hospitals) and suggest ideas how...