Python : 重现 filezillaserver 密码的编码
Python : Reproduce the encoding of a filezillaserver password
我的 FileZilla 服务器中有以下 xml(用户名:toto,密码:toto):
<User Name="toto">
<Option Name="Pass">8112E67312B4EF84DB1A4F969C21E9405577162ACF761F26F1603C62BBA6046E90C7E13F696C1D2737F7196374DB673FB82E59D7C089C4F1134991698A08EC09</Option>
<Option Name="Salt">`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;'Wx#^K"Tu_XX.K'o<'c&A:vItTX-M|Z0Y</Option>
<Option Name="Group"></Option>
我想使用以下脚本重现编码后的密码:
import hashlib, binascii
salt = ""`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;'Wx#^K"Tu_XX.K'o<'c&A:vItTX-M|Z0Y""".encode('utf-8')
p = "toto".encode('utf-8')
print (hashlib.sha512(salt + p).hexdigest())
print (hashlib.sha512(p + salt).hexdigest())
print (hashlib.sha384(salt + p).hexdigest())
print (hashlib.sha384(p + salt).hexdigest())
print (hashlib.sha256(salt + p).hexdigest())
print (hashlib.sha256(p + salt).hexdigest())
print (hashlib.sha1(salt + p).hexdigest())
print (hashlib.sha1(p + salt).hexdigest())
print (hashlib.md5(salt + p).hexdigest())
print (hashlib.md5(p + salt).hexdigest())
我得到以下与之前密码不匹配的输出
62a7a9220d3b467cb1034c795c4855aace719e56996acca50afad58278b5da357768abda76fccc15b07d6ff669ccbfa7a23c1f9c3852b6a666fe182aefafe52b
d2e4478b5fe105dfb329bfa5360a6ab9c095b3cc6029db2eb50215ab4e0be4229d1f7602ec9804b361760962e3259d53fa5a68f733ff4370c3c09ace3eeaacb3
a1415d389f96134839d4bed2739ebe76099670153af6299d9d7366f68849f352639507d8fa861df383d5bf1d1a36fbe6
36b52cbd8cb3838c4e8e9498e77d3e29e3a12343f54d08019caf2810c12ab0516c978fc7949a3317b2145d0facd8c744
5a72de46d48ea1e645cc9e04b411b61d388b112773aa06eb5a3c62afc0383f33
2d7392648adbca28ea36859e0365e53bfcf06355926d484e5921b62fbf9e7a38
033ddf63dd9ba52117528e8e4a10fcd6f1ef6498
741ad131e5694af4d2332e0fff925b8bc1b25e22
45bbec7d1064d449aef5f3408eef287b
34ddc5c29ecfb76e92d22e5fe4569555
有人有解决方案
谢谢
XML对特殊字符的转义方式如下,代码中不要原封不动,将其转回原来的字符:
& = &
< = <
' = '
" = "
将这些替换为您的盐,第二行将产生所需的输出(请记住将引号(' 或 ")和反斜杠 (\) 转义为反斜杠!):
import hashlib, binascii
password = '8112E67312B4EF84DB1A4F969C21E9405577162ACF761F26F1603C62BBA6046E90C7E13F696C1D2737F7196374DB673FB82E59D7C089C4F1134991698A08EC09'.lower()
salt = '`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;\'Wx#^K"Tu_XX.K\'o<\'c&A:vItTX-M|Z0Y'.encode('utf-8')
# Alternatively with double quotes
salt = "`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;\'Wx#^K\"Tu_XX.K'o<'c&A:vItTX-M|Z0Y".encode('utf-8') #alternative
p = "toto".encode('utf-8')
print (hashlib.sha512(p + salt).hexdigest())
print (password)
print (hashlib.sha512(p + salt).hexdigest() == password)
我的 FileZilla 服务器中有以下 xml(用户名:toto,密码:toto):
<User Name="toto">
<Option Name="Pass">8112E67312B4EF84DB1A4F969C21E9405577162ACF761F26F1603C62BBA6046E90C7E13F696C1D2737F7196374DB673FB82E59D7C089C4F1134991698A08EC09</Option>
<Option Name="Salt">`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;'Wx#^K"Tu_XX.K'o<'c&A:vItTX-M|Z0Y</Option>
<Option Name="Group"></Option>
我想使用以下脚本重现编码后的密码:
import hashlib, binascii
salt = ""`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;'Wx#^K"Tu_XX.K'o<'c&A:vItTX-M|Z0Y""".encode('utf-8')
p = "toto".encode('utf-8')
print (hashlib.sha512(salt + p).hexdigest())
print (hashlib.sha512(p + salt).hexdigest())
print (hashlib.sha384(salt + p).hexdigest())
print (hashlib.sha384(p + salt).hexdigest())
print (hashlib.sha256(salt + p).hexdigest())
print (hashlib.sha256(p + salt).hexdigest())
print (hashlib.sha1(salt + p).hexdigest())
print (hashlib.sha1(p + salt).hexdigest())
print (hashlib.md5(salt + p).hexdigest())
print (hashlib.md5(p + salt).hexdigest())
我得到以下与之前密码不匹配的输出
62a7a9220d3b467cb1034c795c4855aace719e56996acca50afad58278b5da357768abda76fccc15b07d6ff669ccbfa7a23c1f9c3852b6a666fe182aefafe52b
d2e4478b5fe105dfb329bfa5360a6ab9c095b3cc6029db2eb50215ab4e0be4229d1f7602ec9804b361760962e3259d53fa5a68f733ff4370c3c09ace3eeaacb3
a1415d389f96134839d4bed2739ebe76099670153af6299d9d7366f68849f352639507d8fa861df383d5bf1d1a36fbe6
36b52cbd8cb3838c4e8e9498e77d3e29e3a12343f54d08019caf2810c12ab0516c978fc7949a3317b2145d0facd8c744
5a72de46d48ea1e645cc9e04b411b61d388b112773aa06eb5a3c62afc0383f33
2d7392648adbca28ea36859e0365e53bfcf06355926d484e5921b62fbf9e7a38
033ddf63dd9ba52117528e8e4a10fcd6f1ef6498
741ad131e5694af4d2332e0fff925b8bc1b25e22
45bbec7d1064d449aef5f3408eef287b
34ddc5c29ecfb76e92d22e5fe4569555
有人有解决方案
谢谢
XML对特殊字符的转义方式如下,代码中不要原封不动,将其转回原来的字符:
& = &
< = <
' = '
" = "
将这些替换为您的盐,第二行将产生所需的输出(请记住将引号(' 或 ")和反斜杠 (\) 转义为反斜杠!):
import hashlib, binascii
password = '8112E67312B4EF84DB1A4F969C21E9405577162ACF761F26F1603C62BBA6046E90C7E13F696C1D2737F7196374DB673FB82E59D7C089C4F1134991698A08EC09'.lower()
salt = '`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;\'Wx#^K"Tu_XX.K\'o<\'c&A:vItTX-M|Z0Y'.encode('utf-8')
# Alternatively with double quotes
salt = "`!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;\'Wx#^K\"Tu_XX.K'o<'c&A:vItTX-M|Z0Y".encode('utf-8') #alternative
p = "toto".encode('utf-8')
print (hashlib.sha512(p + salt).hexdigest())
print (password)
print (hashlib.sha512(p + salt).hexdigest() == password)