In the next few subsections, we will look at how we can use Perl to crack the commonly used SHA1 and less likely used MD5 password hashes. This is a simple task in Perl but, as previously mentioned, requires a lot of CPU power to accomplish and is very slow. We will simply perform the hashing process on each line from a password list file and compare its output to the compromised password hash value.
In this section, we will use the SHA1 Perl module,
Digest::SHA, to create the password hashes for comparison. We will also try to crack the SHA1 hashes that we obtained in Chapter 7, SQL Injection with Perl. If we recall those hashes and usernames, we have the following commands:
Table: users has record ...