1

I am currently testing a simple dictionary attack using bash scripts. I have encoded my password "Snake" with sha256sum by simply typing the following command:

echo -n Snake | sha256sum

This produced the following:

aaa73ac7721342eac5212f15feb2d5f7631e28222d8b79ffa835def1b81ff620 *-

I then copy pasted the hashed string into the program, but the script is not doing what is intended to do. The script is (Note that I have created a test dictionary text file which only contains 6 lines):

echo "Enter:"
read value

cat dict.txt | while read line1
    do
            atax=$(echo -n "$line1" | sha256sum)

            if [[ "$atax" == "$value" ]];
            then
                    echo "Cracked: $line1"
                    exit 1
            fi

    echo "Trying: $line1"

    done

Result:

Trying: Dog
Trying: Cat
Trying: Rabbit
Trying: Hamster
Trying: Goldfish
Trying: Snake

The code should display "Cracked: Snake" and terminate, when it compares the hashed string with the word "Snake". Where am I going wrong?

EDIT: The bug was indeed the DOS lines in my textfile. I made a unix file and the checksums matched. Thanks everyone.

Improve this question
5
  • BTW, running bash -x yourscript would give you a better idea of what was going on here. Commented Aug 21, 2016 at 1:34
  • 2
    ...as another aside, echo -n isn't actually good form. The POSIX specification for echo describes -n as "unspecified", meaning an implementation can do whatever it likes when given that argument -- it can suppress newlines on its output, but it could also print -n on output and be just as compliant -- and when running with both the xpg_echo and posix options enabled, bash's behavior can be just that. Commented Aug 21, 2016 at 1:38
  • ...see the aforementioned specification at pubs.opengroup.org/onlinepubs/009604599/utilities/echo.html, particularly the APPLICATION USAGE section, which provides alternative suggestions using printf to emulate common echo usages. Commented Aug 21, 2016 at 1:39
  • Can you show us the values of ${#atax} and ${#value} ? Commented Aug 21, 2016 at 9:22
  • Please edit the question replacing name by line1. You wrote that as a solution but first I only read the question and came to the same conclusion. Commented Aug 21, 2016 at 9:24

3 Answers 3

Reset to default
1

One problem is that, as pakistanprogrammerclub points out, you're never initializing name (as opposed to line1).

Another problem is that sha256sum does not just print out the checksum, but also *- (meaning "I read the file from standard input in binary mode").

I'm not sure if there's a clean way to get just the checksum — probably there is, but I can't find it — but you can at least write something like this:

atax=$(echo -n "$name" | sha256sum | sed 's/ .*//')

(using sed to strip off everything from the space onwards).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Or you could use awk '{print $1}', or an invocation of cut.
1

couple issues - the variable name is not set anywhere - do you mean value? Also better form to use redirection instead of cat

while read ...; do ... done <dict.txt

Variables set by a while loop in a pipeline are not available in the parent shell not the other way around as I mistakenly said before - it's not an issue here though

Improve this answer

2 Comments

Not my downvote. It's true that name is not set. It's not true that the subshell does not have access to variables set in the outer shell. (The reverse is true.)
Hey, thanks for the reply. I tried what you suggested but it didn't work. EDIT: i didn't downvote.
0

Could be a cut n paste error - add an echo after the first read

echo "value \"$value\""

also after atax is set

echo "line1 \"$line1\" atax \"$atax\""
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.