Thursday, December 19, 2019

Cheap and Cheerful Password Breach Check


Get the HIBP NTLM hashes ordered by hash, and unzip: 

wget https://downloads.pwnedpasswords.com/passwords/pwned-passwords-ntlm-ordered-by-hash-v5.7z
 7z x pwned-passwords-ntlm-ordered-by-hash-v5.7z

Download and compile sgrep: https://sourceforge.net/projects/sgrep/ 

Create the following python code: 

$ cat breachdb.py
#!/usr/bin/python3
import hashlib
import fileinput
import subprocess

for line in fileinput.input():
    line=line.rstrip()
    ntlmhash=hashlib.new('md4', line.encode('utf-16le')).hexdigest()
    process = subprocess.Popen(['/home/jamie/sgrep', '-i',ntlmhash,'/home/jamie/pwned-passwords-ntlm-ordered-by-hash-v5.txt'],stdout=subprocess.DEVNULL)
    process.communicate()
    return_code = process.poll()
    if return_code is not None:
        if return_code == 0:
            print("Found '"+line+"' in breach")

And run with your password list: 

$ echo password | ./breachdb.py
Found 'password' in breach

And you can just omit the ntlmhash bit if you want to look up hashes directly, rather than plaintexts.



No comments:

Post a Comment