Hack through Rainbow

 

In this Python project, we aim to demonstrate a security vulnerability in password storage by utilizing hash functions. We assume a scenario where we have acquired unauthorized access to a website’s database and obtained a file containing user information. Within this file, we find usernames along with their corresponding hashed passwords. It is known that the website uses the sha256 hash function, and the passwords are numeric values ranging from 1000 to 9999.

Our program involves the creation of a dictionary that pairs each number from 1000 to 9999 with its corresponding hashed value using the sha256 algorithm. Subsequently, we prompt the user to provide the filename of the acquired database. The program then proceeds to compare the hashed passwords in the database with the entries in our dictionary. If a match is found for a username and a hashed password within the specified numeric range, the program records the corresponding password in another file.

This project highlights a security vulnerability commonly referred to as “rainbow hacking.” The name stems from the concept of a rainbow-like dictionary containing precomputed hashes for a wide range of possible passwords. By leveraging this dictionary, an attacker can quickly determine the original passwords associated with hashed values, particularly when passwords are weak and fall within a predictable range of values. It serves as a reminder of the importance of utilizing strong and unique passwords, as well as employing robust password hashing techniques to protect user credentials.

 

The project file can be downloaded from here.