Scanning the Dump

inertia (73) in ruby • 7 years ago (edited)

So I was minding my own business reading my feed and I noticed that @matt-a posted:

PSA: NEW HUGE PASSWORD DUMP. Are You One Of The 501,636,842 Earth Dwellers That Have Been Pwn3d?! You Might Want To Find Out. READ ME.

Now I have to write a ruby script to comb this 29 GB file of hashes. But I have a lot of things to check. I got one of the files over torrent, and extracted it (pwned-passwords-2.0.txt).

Here's what I'm using to check it:

Gemfile

source 'https://rubygems.org'
gem 'highline'

check.rb

require 'rubygems'
require 'bundler/setup'
require 'digest'

Bundler.require

filename = 'pwned-passwords-2.0.txt'
cli = HighLine.new
answers = []

loop do
  answer = cli.ask 'What do you want to check?  Empty line to start check.' do |q|
    q.echo = '*'
  end

  break if answer == ''
  answers << answer
end

shas = answers.map do |answer|
  Digest::SHA1.hexdigest(answer).upcase
end

File.open(filename, 'r') do |f|
  f.each_line do |line|
    exit if shas.empty?

    if line =~ /(#{shas.join('|')})/
      puts line
      sha = line.split(':').first
      shas.delete(sha)
    end
  end
end

Enjoy.

Originally posted in the /f/ruby forum on chainBB.com (learn more).

ruby infosec security haveibeenpwned troy-hunt

7 years ago by inertia (73)

$31.08

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

shihabieee (8) · 7 years ago

Thank you for this article. I'll be using this to send to people asking me the exact same questions.

$0.00

1 vote

[-]

moniristi (58) · 7 years ago

Learn some new from your post. Love to read it.

$0.00

1 vote

[-]

abdurrazzak (43) · 7 years ago

OMG....
that's way, you have need long time for the ready of ruby script.
its a great work....
thanks for the share

$0.00

1 vote

[-]

gaintshoulder (50) · 7 years ago

This is so advanced for me... are we being hacked?
Because am so worried. Those scripts are not in human language

$0.00

[-]

hrishikeshmatre (50) · 7 years ago (edited)

Help me @inertia for setting up of drotto
getting this error after run rake
are you on discord?
Thank you

$0.00

[-]

inertia (73) · 7 years ago

I recommend rvm to manage ruby if the system version is giving you trouble:

https://rvm.io/

$0.00

[-]

hrishikeshmatre (50) · 7 years ago

Ok thank you i will do the same

$0.00

[-]

abdurrahim007 (42) · 7 years ago

Hum Very interesting Coding ! Some this is really gone be awesome Hehe

$0.00

[-]

exxodus (60) · 7 years ago

Hey @inertia, great post! I enjoyed your content. Keep up the good work! It's always nice to see good content here on Steemit! Cheers :)

$0.00

[-]

cryptogee (75) · 7 years ago

Is this passwords from Bitcoin or just anywhere?

Love the look of Ruby by the way, the syntax is very clean. Do you work with it a lot?

$0.00

[-]

abbottsteem (39) · 7 years ago

Good post my friend
You have provided information to me and other steemit friends thank you @inertia

$0.00

[-]

hrishikeshmatre (50) · 7 years ago

@inertia
Do you have any article on how to do with rvm to manage ruby?
I am new to this so just need help
Thank you...

$0.00

[-]

inertia (73) · 7 years ago

If you refuse to read the documentation on https://rvm.io/, you can usually just get up and running by blindly entering these commands into your terminal:

$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
$ curl -sSL https://get.rvm.io | bash -s stable
$ source ~/.rvm/scripts/rvm
$ rvm install ruby-head
$ rvm use ruby-head --create
$ gem install bundler

$0.00

1 vote

[-]

hrishikeshmatre (50) · 7 years ago

ok fine....

$0.00

[-]

hrishikeshmatre (50) · 7 years ago

This also not worked for me...

$0.00

[-]

azizulhassan (65) · 7 years ago

well its amazing nd new

$0.00

[-]

diya28 (53) · 7 years ago

so you are going to consume your lot of time

$0.00

[-]

vaniapriani (46) · 7 years ago

I like you,,, nice to meet you

$0.00

[-]

bilal-haider (58) · 7 years ago

I am going to look into it also ..

$0.00

[-]

matt-a (65) · 7 years ago

Cool! Do you plan on attacking this with a SHA-1 dictionary?

$0.00

[-]

inertia (73) · 7 years ago

Na, I just wanted a way to dump passwords into it without having to worry about them showing up on the screen. I also wanted to check efficiently, so it does a regex on all of the passwords at once. It's almost exactly the same as doing it with grep, except the passwords don't get saved to .bash_history.

$0.00

[-]

athena06 (38) · 7 years ago

What was this all about? I don't understand anything.

$0.00

[-]

inertia (73) · 7 years ago

$0.38

1 vote

[-]

athena06 (38) · 7 years ago

$0.00

[-]

inertia (73) · 7 years ago

Says the Queen, not the princess. I just thought it was funny that you felt the need to inform me that you don't understand anything.

$0.00

[-]

athena06 (38) · 7 years ago

I was merely asking what was this all about. Maybe, just maybe, you could answer a newbie because you're the author. But if you don't feel like answering, so be it. No hard feelings anyway.

$0.00

[-]

inertia (73) · 7 years ago (edited)

What did you figure out when you clicked on the link in the original article?

$0.00