#!/usr/bin/perl
#
# Name: Matthew Reeves
#
# program to execute a very simple dictionary attack
#
use warnings;
use strict;
use feature ":5.10";
use Digest::MD5 qw(md5_hex);

#open both files needed
open(SHADOW, "<shadow2");
open(DICTIONARY, "<dictionary");

#declares/initializes scalars/arrays
my @array;
my @username;
my @password;
my @dictionary;
my $count = 0;
my $tmp;
my $salt_check;

#@byte contains byte version of digits 0-255 to be used as salt values
my @byte = (
"\000","\001","\002","\003","\004","\005","\006","\007",
"\010","\011","\012","\013","\014","\015","\016","\017",
"\020","\021","\022","\023","\024","\025","\026","\027",
"\030","\031","\032","\033","\034","\035","\036","\037",
"\040","\041","\042","\043","\044","\045","\046","\047",
"\050","\051","\052","\053","\054","\055","\056","\057",
"\060","\061","\062","\063","\064","\065","\066","\067",
"\070","\071","\072","\073","\074","\075","\076","\077",
"\100","\101","\102","\103","\104","\105","\106","\107",
"\110","\111","\112","\113","\114","\115","\116","\117",
"\120","\121","\122","\123","\124","\125","\126","\127",
"\130","\131","\132","\133","\134","\135","\136","\137",
"\140","\141","\142","\143","\144","\145","\146","\147",
"\150","\151","\152","\153","\154","\155","\156","\157",
"\160","\161","\162","\163","\164","\165","\166","\167",
"\170","\171","\172","\173","\174","\175","\176","\177",
"\200","\201","\202","\203","\204","\205","\206","\207",
"\210","\211","\212","\213","\214","\215","\216","\217",
"\220","\221","\222","\223","\224","\225","\226","\227",
"\230","\231","\232","\233","\234","\235","\236","\237",
"\240","\241","\242","\243","\244","\245","\246","\247",
"\250","\251","\252","\253","\254","\255","\256","\257",
"\260","\261","\262","\263","\264","\265","\266","\267",
"\270","\271","\272","\273","\274","\275","\276","\277",
"\300","\301","\302","\303","\304","\305","\306","\307",
"\310","\311","\312","\313","\314","\315","\316","\317",
"\320","\321","\322","\323","\324","\325","\326","\327",
"\330","\331","\332","\333","\334","\335","\336","\337",
"\340","\341","\342","\343","\344","\345","\346","\347",
"\350","\351","\352","\353","\354","\355","\356","\357",
"\360","\361","\362","\363","\364","\365","\366","\367",
"\370","\371","\372","\373","\374","\375","\376","\377");

#while not at EOF for shadow2 file, read line by line, apply regex with 
#back referencing to extract username and password and store each in appropriate
#array, also tracks number of users represented in shadow2
while(<SHADOW>)
{
	$_  =~ /(\w*):([0-9a-fA-F]*)/;

	push (@username, $1);
	push (@password, $2);
}

#while not at EOF for dictionary file, read line by line, read each dictionary
#password, push onto array @dictionary; tracks # of dictionary passwords
while(<DICTIONARY>)
{
	$_ =~ /(\w*)/;

	push (@dictionary, $1);
}

#nested for loops, for each username, tries each dictionary password hashed
#with each possible salt with the perl md5_hex function, prints to screen
#username:salt:password if match found
foreach my $pass (@password)
{
	foreach my $dict (@dictionary)
	{
		foreach my $salt (@byte)
		{
			$tmp = md5_hex($salt.$dict);
#			print $salt.$dict.":$tmp\n";

			if ($tmp ~~ $pass)
			{
				print "$username[$count]:$salt_check:$dict\n"; 
			}
			$salt_check++;
		}
		#resets salt value for next password to be tried
		$salt_check = 0;
	}
	#increments $count which is used to track decimel value of byte value
	$count++;
}