safe-password

CyberEDU

safe-password

Info

Details

Challenge Overview

In this challenge we have to verify what’s the most pwned password in the list, using the well-known website haveibeenpwned.com. Since there are more than 100 passwords, we can't do this manually so we must create a python script using haveibeenpwned API. The password that we’re looking for has been pwned 1204 times.

Script

import hashlib
import requests

def check_pwned(password):
    sha1 = hashlib.sha1(password.encode('utf-8')).hexdigest().upper()
    prefix = sha1[:5]
    suffix = sha1[5:]

    url = f"https://api.pwnedpasswords.com/range/{prefix}"
    res = requests.get(url)

    if res.status_code != 200:
        raise Exception(f"Error fetching data: {res.status_code}")

    hashes = (line.split(":") for line in res.text.splitlines())
    for h, count in hashes:
        if h == suffix:
            return int(count)
    return 0

with open("leaked.txt", "r", encoding="utf-8") as f:
    passwords = [line.strip() for line in f if line.strip()]

print(f"{'Password':<35} | {'Pwned Count'}")
print("-" * 55)

for pw in passwords:
    try:
        count = check_pwned(pw)
        if count:
            print(f"[PWNED] {pw:<30} | {count}")
        else:
            print(f"[SAFE]  {pw:<30} | 0")
    except Exception as e:
        print(f"Error checking '{pw}': {e}")

made by k0d

PreviousOSINT

Last updated 26 days ago

hashtagsafe-password

hashtagChallenge Overview

hashtagScript

safe-password

Challenge Overview

Script