So I’ve been in the IT industry for over ten years working with a variety of organisations doing all sorts of cool things. Thoughout my career I have done a variety of stupid things and as I got older I was convinced that these stupid mistakes would become less or would become so obscure that they wouldn’t be considered stupid. This obviously isn’t the case based on the title of this blog post.
About a month ago, I got an email from EC-Council’s training platform: Codered, due to my Certified Ethical Hacker (CEH) certification expiring. Offering a bunch of courses all for $1. Now I know what you’re thinking here, this is a phishing scam but I went directly to the website signed in and it was true. I signed up for Wireshark for Hackers and Black Hat Python. The Wireshark course was for beginners which needless to say it very much was. I picked up a few things but what annoyed me the most was watching the trainer figure out what he was trying to teach on video, not cool. The Python course though was cool, the educator was brilliant. Super detailed but put it all in a way that was really easy to understand. This was also helped by the fact that I’ve done some Python work before so the syntax was familiar.
Now the backstory is done, onto the stupidity part. Within the Python course, there was a module specifically dedicated to Brute Force cracking Linux/Unix passwords from the /etc/shadow or /etc/passwd file. This used the module crypt. I build the script and had it all ready but with me being on a Windows machine it wouldn’t work with a sample shadow/passwd file available on the internet. So after a little bit of time, I built a Linux VM for something else, copied the file across and tried it out.
Fail. The code wouldn’t run and just threw the following error:
AttributeError: ‘module’ object has no attribute ‘crpyt’
So to everyone’s favourite troubleshooter, Google. I put the error into Google and nothing. This is very unusual, I almost always find someone with an error pretty much matching what I have. I’m not a programmer after all. I found a bunch of people with the same error but not against the same attribute. I spent hours, researching into this trying to find if there was a Pip module that I hadn’t installed. For those of you that are unsure Pip is a program to install Python modules onto a system. Everything suggested that I needed to install the cryptography module on Linux but when I tried that it said it was already installed. So I thought maybe it was the distribution of Linux that I was using, Kali. The trainer used Ubuntu so I moved over to one of my servers with Ubuntu on to try that. No dice.
Finally, I decided to give up on searching and went to the line of code in question which was throwing the error:
digest = crypt.crpyt(word, hashed_pass)
I use Visual Studio Code (VSCode) for my programming and the nice thing is in Python on VSCode each piece of code is usually colour coded, so green for a module, yellow for a function, light blue for variable and orange for some text, etc. This was when I realised the word crpyt after crypt. was white. Oh, balls, it’s a typo, changed it to crypt, the word went yellow, re-copied it to my Kali machine and hey presto everything is working.
For all of you out there that are either just starting out or have been in the field for a short while and end up making a mistake like this. Don’t worry, someone who’s got a job as a Senior Engineer makes these mistakes too and I don’t doubt that I won’t stop making these mistakes until I retire. Don’t get disheartened by it, it’s human nature and I hope this post helps you in realising that. For those of you that run into this issue yourself whilst messing about with Python, check your code and make sure you haven’t made a typo as that error can be quite misleading if you don’t read it letter by letter like me.