[soujinsan69]

Crack SHA1 from BreachDirectory Partial Passwords

     If you're trying to check someone's breached password on IntelX or DeHashed, you always see that it needs a PRO version to view results. Disgusting, right? And you're the type who always wants FREE stuff. But then you find BreachDirectory it shows some part of the password, but the rest is censored like:

• Bluef****
  
• Skibidi****
  
  

     You get curious about it and want to do something. Don’t worry they give you the SHA1 hash, which is easy to crack. Even better, you already have half of the password, making it easier. I’ve used this on a low-end GPU and still got around 0.1 seconds if it’s an easy password.

So what is SHA1?

SHA1 is a hashing algorithm. It turns plain text (like a password) into a fixed-length string that looks random. It’s one-way, but if you know part of the password and have the hash, you can brute-force the rest.

You’ll see something like this on BreachDirectory:

Password: bluef****

Hash: 6468adb55b27ba6b4345c84dbbec5544d6c4c5c0

They show you the first few characters, then censor the rest  but they give the full SHA1 hash. This tool fills that gap.

You just input the known prefix and the SHA1 hash, and it brute-forces the rest until it finds the match. No GPU needed. Lightweight. Works on Linux, Windows, even Termux.

I’ve got the solution with this code:

Script Type: Python CLI Tool
Input: SHA1 Hash + Known Password Prefix
Output: Full Matching Password
Estimated Speed: ~0.01 seconds per try
Max Password Length: Configurable
Use Case: Brute-forcing censored passwords from BreachDirectory
Dependencies: hashlib, itertools
Platform: Windows / Linux / Termux
File Type: .py
Author: Awiones

URL for the source code:
(note: replace your own hash and prefix okay :3)

Hidden Content

You must register or login to view this content.

Sample dump output:

PASSWORD FOUND: Hazelnut1
Time taken: 1.19 seconds
Verification:
Target : 93b05160c938a5ac5fb9c5732014aa830eecdf70
Found  : 93b05160c938a5ac5fb9c5732014aa830eecdf70
Match  : True

PASSWORD FOUND: bluefire
Time taken: 0.87 seconds
Verification:
Target : 6468adb55b27ba6b4345c84dbbec5544d6c4c5c0
Found  : 6468adb55b27ba6b4345c84dbbec5544d6c4c5c0
Match  : True

PASSWORD FOUND: tigerkilla
Time taken: 3.56 seconds
Verification:
Target : e5c41e279b1282fdc1a6d21b2485e28c9834550d
Found  : e5c41e279b1282fdc1a6d21b2485e28c9834550d
Match  : True

PASSWORD FOUND: sunsetdreams
Time taken: 5.02 seconds
Verification:
Target : a3fcee4f372c1469f7e17613dcde1e98b899f680
Found  : a3fcee4f372c1469f7e17613dcde1e98b899f680
Match  : True

PASSWORD FOUND: jellycat123
Time taken: 7.42 seconds
Verification:
Target : 41d1d0dcdccf1ac01f3e474b5085b89b83e4af4a
Found  : 41d1d0dcdccf1ac01f3e474b5085b89b83e4af4a
Match  : True

Hope this helps you without paying just to look up one password.

[Kameliko]

But what has happened in this community?

I know I'm nobody but I've been disappointed when I've returned to the community and I find that almost all posts ask for very high credits (at least for someone like me). I understand that everyone has to earn credits, reputation, etc. etc. but 8 credits for something that is available on Github !, what a barbarity!! And all this assuming that the sources are the same, , maybe @soujinsan69  has added improvements, I don't know

If someone is interested in:  hxxps://github.com/awiones/SCrack

Anyway, thanks @soujinsan69 for the information, it may come in handy in the future.