基于字典的 RSA 私钥暴力破解
Dictionary based bruteforce on a RSA Private Key
我的 SSL 证书有一个 RSA 私钥。不幸的是我忘记了密码。
这是 header 信息:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,9A3F1B0DB81DA3C64E5BCA3534544E04
我想进行字典攻击来尝试破解它。谁能告诉我该怎么做?也许使用像 John The Ripper 这样的工具。
我写了 python 小脚本来做我想做的事。我将密钥放在名称 "ssl.key" 下,并将单词列表放在名为 "wl.lst".[=11= 的文件中]
完整代码如下:
from subprocess import PIPE, Popen
import subprocess
import sys
def cmdline(command):
proc = subprocess.Popen(str(command), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
(out, err) = proc.communicate()
return err
def combinations(words, length):
if length == 0:
return []
result = [[word] for word in words]
while length > 1:
new_result = []
for combo in result:
new_result.extend(combo + [word] for word in words)
result = new_result[:]
length -= 1
return result
def main():
words = [line.strip() for line in open('wl.lst')]
s = b'writing RSA key\r\n';
print("\n")
res = combinations(words, 1)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 2)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 3)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 4)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]+result[3]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2]+result[3])
sys.exit()
if idx%25 == 0:
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 5)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]+result[3]+result[4]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2]+result[3]+result[4])
sys.exit()
if idx%100 == 0:
print(str(idx)+"/"+str(c))
print("\n")
if __name__ == '__main__':
main()
这个脚本是跨平台的。要增加或减少组合中使用的单词数量,只需 add/remove 个适当的代码块。
注意:去掉状态显示可以大大提高速度。
我的 SSL 证书有一个 RSA 私钥。不幸的是我忘记了密码。 这是 header 信息:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,9A3F1B0DB81DA3C64E5BCA3534544E04
我想进行字典攻击来尝试破解它。谁能告诉我该怎么做?也许使用像 John The Ripper 这样的工具。
我写了 python 小脚本来做我想做的事。我将密钥放在名称 "ssl.key" 下,并将单词列表放在名为 "wl.lst".[=11= 的文件中]
完整代码如下:
from subprocess import PIPE, Popen
import subprocess
import sys
def cmdline(command):
proc = subprocess.Popen(str(command), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
(out, err) = proc.communicate()
return err
def combinations(words, length):
if length == 0:
return []
result = [[word] for word in words]
while length > 1:
new_result = []
for combo in result:
new_result.extend(combo + [word] for word in words)
result = new_result[:]
length -= 1
return result
def main():
words = [line.strip() for line in open('wl.lst')]
s = b'writing RSA key\r\n';
print("\n")
res = combinations(words, 1)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 2)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 3)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2])
sys.exit()
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 4)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]+result[3]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2]+result[3])
sys.exit()
if idx%25 == 0:
print(str(idx)+"/"+str(c))
print("\n")
res = combinations(words, 5)
c = len(res)-1
for idx, result in enumerate(res):
str1 = "openssl rsa -in ssl.key -out ssld.key -passin pass:"+result[0]+result[1]+result[2]+result[3]+result[4]
if cmdline(str1) == s:
print("\nKey Found! The key is: "+result[0]+result[1]+result[2]+result[3]+result[4])
sys.exit()
if idx%100 == 0:
print(str(idx)+"/"+str(c))
print("\n")
if __name__ == '__main__':
main()
这个脚本是跨平台的。要增加或减少组合中使用的单词数量,只需 add/remove 个适当的代码块。
注意:去掉状态显示可以大大提高速度。