28 Sep Write a program to perform a dictionary attack to crack Linux Passwords
Dictionary Attacks
Write a program to perform a dictionary attack to crack Linux Passwords.
Background Information:
1. Linux Password Storage: http://techlister.com/linux/linux-how-to-change-the-hashing-algorithm-on-linux-system/796/
2. Windows Password Storage: http://techgenix.com/how-cracked-windows-password-part1/
3. John the Ripper Password Cracker: http://openwall.info/wiki/john/tutorials
4. Implementation of SHA512-crypt vs MD5-crypt: http://www.vidarholen.net/contents/blog/?p=33
Steps:
1. Write a Python script to perform a dictionary attack on a Linux password file.
1. Copy /etc/shadow file to your local directory. Study the format of this file.
2. Add the following 3 lines to the /etc/shadow file. For speed purposes remove all other lines.
tommy:$6$HFQQdE2g$g0eyz6UN.c4Pg1tiQgdPPPXdQ1fEOwttCwzSah/Jo4RE9Eac4H7pgksaNLI/WSIyN8tNtCX4NaAq6Uwz.o.4W1:17400:0:99999:7:::
mathis:$6$niptplk1$.mMMVx4T375WhFkDN5RWEaD93HcmDCx3aBQrn2ZalbiRpl4FB2Rww/BeCPEfSYbegjPvoHM2llQmk/VBbSxWj.:17400:0:99999:7:::
tristan:$6$MWwusFJx$KCoO1wiWKtE.7j/7UiwD.1jXmOckMb5X4GGt1DotLS0laXdFga5n3wGfu43FC/Opxki7mY6Yf9XT.cBGN.pkp0:17400:0:99999:7:::
1. Use the “crypt” library crypt function to create your hash.
2. Use the “hmac” library compare_hash function to compare hashes from the /etc/shadow file to the hashes produced from your guesses.
3. Use the string split() function to separate the separate the password lines from the shadow file by the ‘:’ delimiter to isolate the userid and the hash from an entry in the shadow file.
4. Calculate the appropriate hash (using the method specified for the entry from the shadow file) for each word in this wordlist (http://www.openwall.com/passwords/wordlists/password-2011.lst (Links to an external site.)), compare the hash, and stop comparing when you find a match.
5. Attempt the dictionary attack for each entry in the shadow file.
6. Remember you need to provide the word from the dictionary, the method, and the salt to the crypt() function.
7. Print the userid and password when a match is found:
“Match found for userid [userid]. Password = [password]”
8. Print the “No match was found for [userid]” when there no match in the dictionary.
UPDATE: Your program should run with the following command line:
>> python3 dictionary.py [shadow filename] [dictionary filename]
Submit dictionary.py.
Rainbow Tables
Windows stores passwords using the NT LAN Manager (NTLM) hash. This hash is created by hashing the plain text password with the MD4 algorithm. There is no salt used. The lack of salt enables the use of a rainbow table to lookup passwords from their hash. For this assignment you will create a rainbow table for a set of passwords.
More about NTLM: http://techgenix.com/how-cracked-windows-password-part1/
For this assignment you will create a Rainbow table for NTLM passwords. Use the following list of steps as a guide.
1. Use the sys library to read a command line argument that is the name of a password dictionary file.
For your submission used the password dictionary file found at this link: http://www.openwall.com/passwords/wordlists/password-2011.lst (Links to an external site.)
2. Open the password dictionary.
3. Loop through the contents of the password dictionary one password at a time.
o Strip any leading and trailing whitespace characters.
o encode the word as ‘utf_16_le’ (https://docs.python.org/3/library/stdtypes.html#str.encode (Links to an external site.))
o Use the Python library hashlib to hash the password with the md4 algorithm.
import hashlib
hashlib.new() to select an algorithm
use update() to create the hash
use hexdigest() to refer to the hash
o Store the password in a Python dictionary with the hash as the key. (https://docs.python.org/3/tutorial/datastructures.html#dictionaries (Links to an external site.))
4. Sort the list of keys from your dictionary
5. Use a for loop to print all keys and passwords. Print on hash and password pair per line. Structure each line as follows to allow a password to be looked up easily from it’s hash:
[hash]:[password]
6. Store the output of your program as rainbow_table.txt.
*** Run your program as ‘python3 rainbowtable.py dictionary.txt > rainbow_table.txt’
7. Name your script rainbowtable.py
Submit your Python script and rainbow_table.txt files.
You now have created two rainbow tables. Your first rainbow table is the dictionary object in your Python script. The rainbow table dictionary can be used to lookup passwords from their associated password (Python dictionaries are associative arrays). Your second rainbow table is the printed list of hashes and keys sorted for easy lookup.
