CIT 480: Securing Computer Systems Lab #2: Passwords Name

advertisement
CIT 480: Securing Computer Systems
Lab #2: Passwords
Name: _____________________
1: Lab Preparations
In this lab, you will not need to use a virtual machine. You will do all parts of this lab with your NKU
Linux user account on the Linux server kosh.nku.edu with the exception of the final section of the lab
which can be completed on an NKU Linux server or on your own machine.
Copy and pasting commands from this lab document to the terminal will result in errors for some
commands, due to character set differences. Type the commands yourself, using bash features like
command history and pathname completion to reduce the amount of repetitive typing.
2: MD5 Hash Cracking
Password leaks have shown us that many web applications use simple MD5 passwords without salts.
These passwords are easily cracked by anyone with a web browser to access the wide variety of reverse
hash lookup database web sites. Using reverse hash databases such as the ones listed on the Resources
page of the class web site, crack the MD5 hashes in the left column of the table below. Write the
corresponding password and the database that you found it in in the right two columns of the table.
MD5 hashes
Passwords
Database
84f928034c38d9a079d8bd411d820a1f
844427886b4adb91cff8e12d59cfff1a
509081b7f8d9d0d03d6f44fcf938dc5c
0e13ca0098665801d3e304351adb16d3
e541ca7ecf72b8d1286474fc613e5e45
a2e42a76643b77bfccf66229ae6deac1
8e698ed576c307a4faaa42cec81abc6d
3: UNIX Password Database
Examine the contents of the passwd file. Read the man page to understand the meaning of each of the
colon-separated fields in the file.
$ cat /etc/passwd
$ man 5 passwd
3.1: What is the string used as a placeholder in place of the password in /etc/passwd?
3.2: Attempt to examine the contents of the shadow file. What error message do you see? How is that
error message related to protecting user passwords?
$ cat /etc/shadow
3.3: The mkpasswd command can be used to generate password hashes suitable for use in a UNIX
password database. In the example below, we create a salted password hash for “test” using the sha512-crypt format used in most modern UNIX systems.
$ mkpasswd -m sha-512 test | tee passtemp
$6$BAJIXVc3cajY$Bmyb7qy0jhZpWcYMSvn0aNDSJJniPyZTR9C8rjgA.gtSOTlcnpFV8xbQefJegVoiYe1OYK9qULst3r
vuUwOB60
The resulting output is divided into three fields, each separated by a $. We use the sed command to
print each component on its own line.
$ sed 's/\$/\n/g' passtemp
6
BAJIXVc3cajY
Bmyb7qy0jhZpWcYMSvn0aNDSJJniPyZTR9C8rjgA.gtSOTlcnpFV8xbQefJegVoiYe1OYK9qULst3rvuUwOB60
The first field is a number that indicates the type of password hash, which we know is sha-512 since we
used that argument to mkpasswd. See “man crypt” for a full list of password hash types. The second
field is a random salt generated by mkpasswd. The third field is a sha-512-crypt hash of the password
“test” and the random salt in the second field. Remember that sha-512-crypt is not just a SHA-512
hash, it's a SHA-512 hash iterated 5000 times to increase the amount of time required to crack it.
Run the same mkpasswd command line. Write the output and the answers to the following questions in
the box below. Which fields of the output are different? Why are they different?
$ mkpasswd -m sha-512 test
4: Password Cracking with Word Lists
In this part of the lab, we will use John the Ripper, a powerful open source password cracking tool. It
can crack passwords using word lists and a set of permutation rules, as well as doing brute force
guessing. John supports a dozens of password hash formats. While John is capable of guessing the
hash format, it is best to specify the hash format because some hash formats look identical. For
example, raw MD5, LM, and NTLM hash formats are all represented by 32 hexadecimal characters.
The best way to distinguish the hashes is to know what type of system the hashes were retrieved from.
John's documentation can be found at http://www.openwall.com/john/doc/. You can also get help with
the command john --help | less. In this lab, we use John version 1.7.9-jumbo-7.
To begin, create a UNIX password file that contains passwords. Start by copying the system passwd
file which contains only placeholders, then edit the file to replace the placeholders with the sha-512crypt hash of the password specified below.
$ cp /etc/passwd .
$ vim passwd
Create passwords for the following accounts: root, git, mysql, and manager. Use the following
passwords: password, password1, password2019, p@ssword.
To generate the password hashes, we can use the mkpasswd command as we did above. You can
substitute the placeholder with the output of the mkpasswd command from within vim, with the following
command executed on the line describing the account. Be sure you're not in the middle of an insert
command when you do this.
:s/x:/\=system('mkpasswd -m sha-512 password | tr “\n” “:”')/
4.1: We will first use John the Ripper in word list mode without any permutation rules. In this mode,
John will try the passwords in the word list one by one, storing matches in the john.pot file located in
your ~/.john directory by default. If a word list is not specified on the command, John will use its
default word list. How many passwords does John's default word list contain?
$ wc -l /usr/local/share/john/password.lst
4.2: Let us attempt to crack the passwd file we created at the beginning of this section using wordlist
mode. When you start John with a command like
$ john –-crack-status --wordlist –-format=sha512crypt passwd
the first line will display how many password hashes were found, along with how many salts if any
were used. In our example, the first line of output should be:
Loaded 4 password hashes with 4 different salts (sha512crypt [64/64])
If this line displays 0 (zero) password hashes found, that means that John could not find any hashes in
the specified file. In this case, it is likely that you specified an incorrect file or hash format.
When using the --crack-status option, John will report each password found once cracked. The report
lines look like the following one, which should appear soon after you type the command above.
password
(root)
Which passwords were you able to crack in this mode? Include the output of the following command
in the box below.
$ john --show passwd
4.3: One technique to improve our ability to crack passwords is to use a better wordlist. While
increasing the size of wordlists helps, it is important to have the right words, that is, words that people
are likely to use as passwords. Due to the high frequency of large password leaks, there are freely
available lists of millions of commonly used passwords. We will use one of these lists in our attempt to
crack the remaining passwords in our file. How large is this list?
$ wc -l /home/waldenj/cit480/wordlists/cleanrockyou.txt
4.4: Try to crack the remaining passwords using the large wordlist above. How many additional
passwords were you able to find in the 3 minutes allocated by the max-run-time option?
$ john –crack-status –-max-run-time=180 -wordlist=/home/waldenj/cit480/wordlists/cleanrockyou.txt --format=sha512crypt passwd
5: Password Cracking with Permutation Rules
We had to use a large word list and a considerable amount of processor time to crack one additional
password. Even if we let the command above run for over 15 minutes it would take to attempt the
entire wordlist, John would not find the remaining password, because it is not in the word list as you
can determine with a quick grep command.
$ grep password2019 /home/waldenj/cit480/wordlists/cleanrockyou.txt
It would be faster to find such passwords by using John's permutation rules, which can append or
prepend numbers or symbols to words in the list or replace characters in words. The permutation rules
also have the advantage of being able to find all such appends and substitutions, not just the changes
that exist in the original word list. The word list we are using has a wide variety of combinations of
password followed by four digits, but it is missing the one that we need.
$ egrep ^password[0-9]{4}$ /home/waldenj/cit480/wordlists/cleanrockyou.txt | wc -l
In this section, we will use the KoreLogic John the Ripper ruleset from the “Crack me if you can”
password cracking contest held at DefCon 2010. A description of the rules can be found at
http://contest-2010.korelogic.com/rules.html. The rules are stored on kosh in a file named korelogic2010-rules.txt, which we will use as John's configuration file via the --config option. To use a specific
named ruleset from the configuration, use the --rules option with the name of the ruleset.
Before beginning work on the questions for this section, we need to create a very short wordlist,
containing only one word, password.
$ echo “password” > word.lst
5.1: To see how John produces new candidate passwords from its permutation rules, we will use the -stdout option which prints the words produced by the rules to STDOUT. We use I/O redirection to
save the words to a file.
Use the ruleset that appends 4 numbers to each word. How many words are produced? What is John
doing in addition to appending 4 numbers to increase the number of words from the expected 10,000?
Use the output of the head and tail commands to determine the answer to this question.
$ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt
--rules=KoreLogicRulesAppend4Num --stdout > passwords4num.lst
$ wc -l passwords4numlst
$ head passwords4numlst
$ tail passwords4numlst
5.2: While the permutation ruleset above produces every variation of password with a four digit
number appended, users do not pick their passwords randomly. We know that people are more likely to
choose numbers that have meaning for them. In particular, people are more likely to choose years. The
Kore Logic rules include a ruleset designed to do just that, which we will use in this question.
How many passwords are produced with the year ruleset? What is the earliest year produced? What is
the latest year?
$ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt -rules=KoreLogicRulesAppendYears --stdout > passwordsyears.lst
$ wc -l passwordsyears.lst
$ head -1 passwordsyears.lst
$ tail -1 passwordsyears.lst
5.3: How much faster would it be to use KoreLogicRulesAppendYears compared to
KoreLogicRulesAppend4Num? Show your work below and round your answer to one decimal point.
Remember that speedup numbers greater than 1 indicate that the process is faster, while speedup
numbers less than 1 indicate that the process is slower, so if your result is less than 1, you've made a
mistake.
5.4: Crack an additional password with the KoreLogicRulesAppendYears ruleset. How long did it take
to crack this password? Use the wall clock (real) time output by the time command.
$ time john --crack-status --format=sha512crypt --wordlist=word.lst -config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt --rules=KoreLogicRulesAppendYears
passwd
5.5: To retrieve the last remaining password, we need to use the KoreLogicRulesL33t ruleset, which
performs common letter to symbol substitutions, like o to 0, s to $, and a to @. Start by generating the
list of permuted passwords as we did with the appending rulesets.
How many passwords are produced with the l33t ruleset? Does the list include the word we need?
$ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt -rules=KoreLogicRulesL33t --stdout > passwordsl33t.lst
$ cat passwordsl33t.lst
$ wc -l passwordsl33t.lst
5.6: Crack the remaining password with the KoreLogicRulesL33t ruleset. How long did it take to crack
this password? Use the wall clock (real) time output by the time command.
$ time john --crack-status --format=sha512crypt --wordlist=word.lst -config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt --rules=KoreLogicRulesL33t passwd
6: Creative Cracking
In this section, you may use any tools that you wish to crack a set of MD5 hashes. The hashes are
stored in the file /home/waldenj/cit480/hashes/cit480-10000-hashes.txt on kosh.nku.edu, along with a
set of word lists ending in .txt which you can use for this lab. There are approximately 10,000
passwords in this list.
To receive any points for this lab, you must crack at least 2000 of the passwords. A submission
with 1900 passwords will receive a zero, while a submission with 2000 passwords will receive 70% of
the total points. To earn a perfect score, you do not need to crack all the passwords. If you can crack at
least 8000 passwords and complete all of the lab questions, you can earn a 100% on the lab.
Intermediate numbers of cracked passwords will result in 70% and 100% of the total points for the lab.
You may use John the Ripper, other cracking tools like Hashcat, reverse hash databases, or Google.
You can use any of the wordlists found in /home/waldenj/cit480/wordlists. Do not copy these
wordlists to your home directory as some are many gigabytes in length. If many students did this, the
disk would fill up, preventing John from writing any cracked passwords to disk, at least until the disk
cleaner program runs. The disk cleaner deletes overly large files like the wordlists from student
directories and will cause your John to crash, losing all progress made.
To crack this many passwords, you will need to run your password cracking program for an extended
period of time. As VPN and terminal sessions are terminated after some minutes of inactivity, you will
need to prepend John the Ripper commands with the nohup command and append your command with &
to run it in the background and prevent it from ending when you logout. In other words, your
command will look something like:
$ nohup john --format=raw-md5 --wordlist=MYWORDLIST --config=MYCONFIG --rules=MYRULE
/home/waldenj/cit480/hashes/cit480-10000-hashes.txt &
If you encounter any errors, you will find them easier to resolve by running the command in the
foreground rather than the background, so omit the nohup and & when attempting to identify and
resolve problems. Once you have resolved all errors, you can resume running the command in the
background.
Whether John has finished or if it is still running in the background, the most accurate method for
checking the status of your cracking efforts is to examine the john.pot file. The options shown in
John's help message and man page may not do what you expect, but you can always rely on the
john.pot file.
Do not run more than two copies of john on kosh.nku.edu simultaneously. If you do, the instructor may
terminate your john processes to allow other students fair access to the CPU.
6.1 In the box below list the wordlists (with pathnames for wordlists on kosh.nku.edu and URLs for
ones you found on the web) and commands used to crack the passwords.
6.2 Analyze the list of cracked passwords by running the following command on kosh.nku.edu in the
directory where your john.pot file is located.
$ password-analysis -p john.pot
If you used a different password cracker, then you need to either convert its output to a john.pot format
and use the above command or convert its output to a text file with one cracked password per line, then
run the following command where passwords.txt is your text file.
$ password-analysis passwords.txt
This program will generate a report in a file named password-report.html. Use that file to answer the
questions below.
Based on this analysis, how long was the longest password cracked?
6.3 Paste the password length line graph in the space below.
6.4 50% of the passwords are shorter or equal than what number of characters?
6.5 What was the largest number of character sets used by a cracked password? How many passwords
used the maximum number of character sets?
6.6 What was the number of character sets used by the longest password? Hint: check the outlier
points in the box plot.
7: Lab Submission
You will need to submit this lab both as hardcopy and electronically one week after receiving this lab.
The hardcopy submission will be a completed copy of this document, while the instructions for the
electronic submission are below. Online students do not need to submit a hardcopy but will upload the
same files via the Blackboard LMS that offline students send via e-mail.
The electronic submission must contain two files: 1) a completed copy of this lab document with the
answers filled in, and 2) a file containing cracked passwords in the format discussed below. The format
of the cracked password file is one hash/password pair per line separated by a :, e.g.
“7c6a180b36896a0a8c02787eeafb0e4c:password1” would be a valid line of the file. This is the
format used by John the Ripper in its stored password file ~/.john/john.pot, so you can simply rename
the john.pot file to lab02-passwords-USERNAME-hashes.txt and submit it if using John the Ripper.
Other password cracking programs may or may not use the same format. If the format differs from
John’s, then you must convert the format to match the format described in this paragraph.
Offline students must send an e-mail to your instructor with the subject “CIT 480 Lab #2: Passwords”
with two attachments. The first attachment is the completed lab file with the name lab02-passwordsUSERNAME.docx, while the second attachment will contain your cracked hashes and corresponding
passwords in the format specified below with filename lab02-passwords-USERNAME-hashes.txt.
Replace USERNAME in both filenames with your actual username.
Do not forget to include both files with the appropriate names and extensions as described above, as
you will receive a grade of zero if either one or both is missing.
Download