Welcome bask, aspiring cyberwarriors! Hackers-Arise has previously published articles on the basics of Bash scripting. During this time, the importance of this skill has not diminished, so today we will explore how to debug your code. And since the best way to learn is through practice, we’ll create a simple password cracking tool inspired by […]
The post Bash Scripting: Mastering Debugging of Our Password Cracking Script first appeared on Hackers Arise.
Welcome bask, aspiring cyberwarriors!
Hackers-Arise has previously published articles on the basics of Bash scripting. During this time, the importance of this skill has not diminished, so today we will explore how to debug your code. And since the best way to learn is through practice, we’ll create a simple password cracking tool inspired by John the Ripper.
Bash (Bourne Again SHell) was created by Brian Fox in 1989 as a free software replacement for the Bourne Shell. It has since become the default shell on most Unix-like systems, including Linux and macOS. Bash scripting is widely used for automation, system administration, and creating simple tools like the one we’ll build in this tutorial.
Let’s start creating our script. We’ll build it step by step and then use debugging techniques to improve and fix any issues.
The concept of our script is straightforward. It takes a password hash and a password dictionary as input. The script then hashes each word in the dictionary and compares the resulting hashes to the provided hash. If a match is found, the script reveals the corresponding password.
Step #1: Initial Script
First, specify that the script should be run with Bash. Then, create a function to hash each entry in the dictionary using MD5.
Where:
echo -n “$1” – This command prints the value of the first argument ($1) without appending a newline character.
md5sum – This command calculates the MD5 hash of the input, producing a 128-bit hash represented as a 32-character hexadecimal number.
awk ‘{print $1}’– This command extracts and prints only the first field ($1), which is the MD5 hash itself.
Afterward, the script checks whether exactly two arguments are provided. If not, it prints a usage message and exits. If the correct number of arguments is given, the script assigns them to variables.
Next, we will create a function to verify whether the dictionary file containing passwords exists.
Where:
-f – is a test operator that returns true if the specified file exists.
! negates the test, so [! -f “$dictionary_file” ] is true if the file does not exist.
Next, let’s develop the core of the password-cracking process.
while IFS= read -r password; do – This begins a while loop that reads each line from the input file. The IFS= (Internal Field Separator) ensures that leading and trailing whitespace is preserved, while the -r option prevents backslash escaping.
if [ “$(generate_hash “$password”)” = “$password_hash” ]; then – Inside the loop, the script calls the generate_hash function with the current password as an argument. This function generates a hash from the password. If the generated hash matches the target hash ($password_hash), the script prints the message “Hash cracked: $password” and exits with a status code of 0, indicating success.
echo “Password not found in dictionary” – If the loop finishes without finding a match (i.e., the target hash does not match any hash generated from the dictionary entries), this message is printed to indicate that the password was not found. The script then exits with a status code of 1, signaling a failure to crack the hash.
Step #2: Testing the Script
Now, save the code and make it executable. Then, test the script with a sample password and dictionary:
kali> echo “password
123456
secret
secure
qwerty
” > dictionary.txt
Generate a test password hash:
kali> echo -n “qwerty” | md5sum
Run the script:
kali> ./bashcracker.sh “d8578edf8458ce06fbc5bb76a58c5ca4” dictionary.txt
Step #3: Debugging
Now that we have our initial script, let’s explore some debugging techniques to improve it and fix any potential issues.
- One of the simplest debugging techniques is to use echo statements to print variable values and track the script’s progress. Let’s add some debug output:
As a result, when you run the script, you will see the following output:
- Bash offers a built-in tracing feature that can be enabled with set -x. This feature prints each command and its arguments as they are executed. You can selectively enable this feature in specific sections of your code with set -x and disable it with set +x where it’s not needed. For example:
It allows us to analyze the script in detail.
- We can use the trap command to catch errors and perform cleanup operations.
The trap command in the script defines a cleanup() function that is executed whenever the script exits, regardless of whether it was successful or not. By associating the cleanup() function with the EXIT signal, it ensures that the function is called upon the script’s termination.
Inside the cleanup() function, the script first checks the exit status of the last command. If this status is non-zero, indicating an error, the function prints a message informing the user of the error.
Additionally, the cleanup() function can be used to perform necessary cleanup operations, such as deleting temporary files. This ensures that the script leaves a clean environment after execution, even if errors occurred.
Finally, the cleanup() function exits the script with the appropriate exit status, ensuring that the script’s overall execution is accurately reported.
Summary
The tutorial covers the fundamental structure and functions of Bash scripts, including file handling and input processing. It
The post Bash Scripting: Mastering Debugging of Our Password Cracking Script first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/bash-scripting-mastering-debugging-of-our-password-cracking-script/