CIT 480: Securing Computer Systems Lab #2: Passwords Name: _____________________ 1: Lab Preparations In this lab, you will not need to use a virtual machine. You will do all parts of this lab with your NKU Linux user account on the Linux server kosh.nku.edu with the exception of the final section of the lab which can be completed on an NKU Linux server or on your own machine. Copy and pasting commands from this lab document to the terminal will result in errors for some commands, due to character set differences. Type the commands yourself, using bash features like command history and pathname completion to reduce the amount of repetitive typing. 2: MD5 Hash Cracking Password leaks have shown us that many web applications use simple MD5 passwords without salts. These passwords are easily cracked by anyone with a web browser to access the wide variety of reverse hash lookup database web sites. Using reverse hash databases such as the ones listed on the Resources page of the class web site, crack the MD5 hashes in the left column of the table below. Write the corresponding password and the database that you found it in in the right two columns of the table. MD5 hashes Passwords Database 84f928034c38d9a079d8bd411d820a1f 844427886b4adb91cff8e12d59cfff1a 509081b7f8d9d0d03d6f44fcf938dc5c 0e13ca0098665801d3e304351adb16d3 e541ca7ecf72b8d1286474fc613e5e45 a2e42a76643b77bfccf66229ae6deac1 8e698ed576c307a4faaa42cec81abc6d 3: UNIX Password Database Examine the contents of the passwd file. Read the man page to understand the meaning of each of the colon-separated fields in the file. $ cat /etc/passwd $ man 5 passwd 3.1: What is the string used as a placeholder in place of the password in /etc/passwd? 3.2: Attempt to examine the contents of the shadow file. What error message do you see? How is that error message related to protecting user passwords? $ cat /etc/shadow 3.3: The mkpasswd command can be used to generate password hashes suitable for use in a UNIX password database. In the example below, we create a salted password hash for “test” using the sha512-crypt format used in most modern UNIX systems. $ mkpasswd -m sha-512 test | tee passtemp $6$BAJIXVc3cajY$Bmyb7qy0jhZpWcYMSvn0aNDSJJniPyZTR9C8rjgA.gtSOTlcnpFV8xbQefJegVoiYe1OYK9qULst3r vuUwOB60 The resulting output is divided into three fields, each separated by a $. We use the sed command to print each component on its own line. $ sed 's/\$/\n/g' passtemp 6 BAJIXVc3cajY Bmyb7qy0jhZpWcYMSvn0aNDSJJniPyZTR9C8rjgA.gtSOTlcnpFV8xbQefJegVoiYe1OYK9qULst3rvuUwOB60 The first field is a number that indicates the type of password hash, which we know is sha-512 since we used that argument to mkpasswd. See “man crypt” for a full list of password hash types. The second field is a random salt generated by mkpasswd. The third field is a sha-512-crypt hash of the password “test” and the random salt in the second field. Remember that sha-512-crypt is not just a SHA-512 hash, it's a SHA-512 hash iterated 5000 times to increase the amount of time required to crack it. Run the same mkpasswd command line. Write the output and the answers to the following questions in the box below. Which fields of the output are different? Why are they different? $ mkpasswd -m sha-512 test 4: Password Cracking with Word Lists In this part of the lab, we will use John the Ripper, a powerful open source password cracking tool. It can crack passwords using word lists and a set of permutation rules, as well as doing brute force guessing. John supports a dozens of password hash formats. While John is capable of guessing the hash format, it is best to specify the hash format because some hash formats look identical. For example, raw MD5, LM, and NTLM hash formats are all represented by 32 hexadecimal characters. The best way to distinguish the hashes is to know what type of system the hashes were retrieved from. John's documentation can be found at http://www.openwall.com/john/doc/. You can also get help with the command john --help | less. In this lab, we use John version 1.7.9-jumbo-7. To begin, create a UNIX password file that contains passwords. Start by copying the system passwd file which contains only placeholders, then edit the file to replace the placeholders with the sha-512crypt hash of the password specified below. $ cp /etc/passwd . $ vim passwd Create passwords for the following accounts: root, git, mysql, and manager. Use the following passwords: password, password1, password2019, p@ssword. To generate the password hashes, we can use the mkpasswd command as we did above. You can substitute the placeholder with the output of the mkpasswd command from within vim, with the following command executed on the line describing the account. Be sure you're not in the middle of an insert command when you do this. :s/x:/\=system('mkpasswd -m sha-512 password | tr “\n” “:”')/ 4.1: We will first use John the Ripper in word list mode without any permutation rules. In this mode, John will try the passwords in the word list one by one, storing matches in the john.pot file located in your ~/.john directory by default. If a word list is not specified on the command, John will use its default word list. How many passwords does John's default word list contain? $ wc -l /usr/local/share/john/password.lst 4.2: Let us attempt to crack the passwd file we created at the beginning of this section using wordlist mode. When you start John with a command like $ john –-crack-status --wordlist –-format=sha512crypt passwd the first line will display how many password hashes were found, along with how many salts if any were used. In our example, the first line of output should be: Loaded 4 password hashes with 4 different salts (sha512crypt [64/64]) If this line displays 0 (zero) password hashes found, that means that John could not find any hashes in the specified file. In this case, it is likely that you specified an incorrect file or hash format. When using the --crack-status option, John will report each password found once cracked. The report lines look like the following one, which should appear soon after you type the command above. password (root) Which passwords were you able to crack in this mode? Include the output of the following command in the box below. $ john --show passwd 4.3: One technique to improve our ability to crack passwords is to use a better wordlist. While increasing the size of wordlists helps, it is important to have the right words, that is, words that people are likely to use as passwords. Due to the high frequency of large password leaks, there are freely available lists of millions of commonly used passwords. We will use one of these lists in our attempt to crack the remaining passwords in our file. How large is this list? $ wc -l /home/waldenj/cit480/wordlists/cleanrockyou.txt 4.4: Try to crack the remaining passwords using the large wordlist above. How many additional passwords were you able to find in the 3 minutes allocated by the max-run-time option? $ john –crack-status –-max-run-time=180 -wordlist=/home/waldenj/cit480/wordlists/cleanrockyou.txt --format=sha512crypt passwd 5: Password Cracking with Permutation Rules We had to use a large word list and a considerable amount of processor time to crack one additional password. Even if we let the command above run for over 15 minutes it would take to attempt the entire wordlist, John would not find the remaining password, because it is not in the word list as you can determine with a quick grep command. $ grep password2019 /home/waldenj/cit480/wordlists/cleanrockyou.txt It would be faster to find such passwords by using John's permutation rules, which can append or prepend numbers or symbols to words in the list or replace characters in words. The permutation rules also have the advantage of being able to find all such appends and substitutions, not just the changes that exist in the original word list. The word list we are using has a wide variety of combinations of password followed by four digits, but it is missing the one that we need. $ egrep ^password[0-9]{4}$ /home/waldenj/cit480/wordlists/cleanrockyou.txt | wc -l In this section, we will use the KoreLogic John the Ripper ruleset from the “Crack me if you can” password cracking contest held at DefCon 2010. A description of the rules can be found at http://contest-2010.korelogic.com/rules.html. The rules are stored on kosh in a file named korelogic2010-rules.txt, which we will use as John's configuration file via the --config option. To use a specific named ruleset from the configuration, use the --rules option with the name of the ruleset. Before beginning work on the questions for this section, we need to create a very short wordlist, containing only one word, password. $ echo “password” > word.lst 5.1: To see how John produces new candidate passwords from its permutation rules, we will use the -stdout option which prints the words produced by the rules to STDOUT. We use I/O redirection to save the words to a file. Use the ruleset that appends 4 numbers to each word. How many words are produced? What is John doing in addition to appending 4 numbers to increase the number of words from the expected 10,000? Use the output of the head and tail commands to determine the answer to this question. $ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt --rules=KoreLogicRulesAppend4Num --stdout > passwords4num.lst $ wc -l passwords4numlst $ head passwords4numlst $ tail passwords4numlst 5.2: While the permutation ruleset above produces every variation of password with a four digit number appended, users do not pick their passwords randomly. We know that people are more likely to choose numbers that have meaning for them. In particular, people are more likely to choose years. The Kore Logic rules include a ruleset designed to do just that, which we will use in this question. How many passwords are produced with the year ruleset? What is the earliest year produced? What is the latest year? $ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt -rules=KoreLogicRulesAppendYears --stdout > passwordsyears.lst $ wc -l passwordsyears.lst $ head -1 passwordsyears.lst $ tail -1 passwordsyears.lst 5.3: How much faster would it be to use KoreLogicRulesAppendYears compared to KoreLogicRulesAppend4Num? Show your work below and round your answer to one decimal point. Remember that speedup numbers greater than 1 indicate that the process is faster, while speedup numbers less than 1 indicate that the process is slower, so if your result is less than 1, you've made a mistake. 5.4: Crack an additional password with the KoreLogicRulesAppendYears ruleset. How long did it take to crack this password? Use the wall clock (real) time output by the time command. $ time john --crack-status --format=sha512crypt --wordlist=word.lst -config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt --rules=KoreLogicRulesAppendYears passwd 5.5: To retrieve the last remaining password, we need to use the KoreLogicRulesL33t ruleset, which performs common letter to symbol substitutions, like o to 0, s to $, and a to @. Start by generating the list of permuted passwords as we did with the appending rulesets. How many passwords are produced with the l33t ruleset? Does the list include the word we need? $ john --wordlist=word.lst --config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt -rules=KoreLogicRulesL33t --stdout > passwordsl33t.lst $ cat passwordsl33t.lst $ wc -l passwordsl33t.lst 5.6: Crack the remaining password with the KoreLogicRulesL33t ruleset. How long did it take to crack this password? Use the wall clock (real) time output by the time command. $ time john --crack-status --format=sha512crypt --wordlist=word.lst -config=/home/waldenj/cit480/rules/korelogic-2010-rules.txt --rules=KoreLogicRulesL33t passwd 6: Creative Cracking In this section, you may use any tools that you wish to crack a set of MD5 hashes. The hashes are stored in the file /home/waldenj/cit480/hashes/cit480-10000-hashes.txt on kosh.nku.edu, along with a set of word lists ending in .txt which you can use for this lab. There are approximately 10,000 passwords in this list. To receive any points for this lab, you must crack at least 2000 of the passwords. A submission with 1900 passwords will receive a zero, while a submission with 2000 passwords will receive 70% of the total points. To earn a perfect score, you do not need to crack all the passwords. If you can crack at least 8000 passwords and complete all of the lab questions, you can earn a 100% on the lab. Intermediate numbers of cracked passwords will result in 70% and 100% of the total points for the lab. You may use John the Ripper, other cracking tools like Hashcat, reverse hash databases, or Google. You can use any of the wordlists found in /home/waldenj/cit480/wordlists. Do not copy these wordlists to your home directory as some are many gigabytes in length. If many students did this, the disk would fill up, preventing John from writing any cracked passwords to disk, at least until the disk cleaner program runs. The disk cleaner deletes overly large files like the wordlists from student directories and will cause your John to crash, losing all progress made. To crack this many passwords, you will need to run your password cracking program for an extended period of time. As VPN and terminal sessions are terminated after some minutes of inactivity, you will need to prepend John the Ripper commands with the nohup command and append your command with & to run it in the background and prevent it from ending when you logout. In other words, your command will look something like: $ nohup john --format=raw-md5 --wordlist=MYWORDLIST --config=MYCONFIG --rules=MYRULE /home/waldenj/cit480/hashes/cit480-10000-hashes.txt & If you encounter any errors, you will find them easier to resolve by running the command in the foreground rather than the background, so omit the nohup and & when attempting to identify and resolve problems. Once you have resolved all errors, you can resume running the command in the background. Whether John has finished or if it is still running in the background, the most accurate method for checking the status of your cracking efforts is to examine the john.pot file. The options shown in John's help message and man page may not do what you expect, but you can always rely on the john.pot file. Do not run more than two copies of john on kosh.nku.edu simultaneously. If you do, the instructor may terminate your john processes to allow other students fair access to the CPU. 6.1 In the box below list the wordlists (with pathnames for wordlists on kosh.nku.edu and URLs for ones you found on the web) and commands used to crack the passwords. 6.2 Analyze the list of cracked passwords by running the following command on kosh.nku.edu in the directory where your john.pot file is located. $ password-analysis -p john.pot If you used a different password cracker, then you need to either convert its output to a john.pot format and use the above command or convert its output to a text file with one cracked password per line, then run the following command where passwords.txt is your text file. $ password-analysis passwords.txt This program will generate a report in a file named password-report.html. Use that file to answer the questions below. Based on this analysis, how long was the longest password cracked? 6.3 Paste the password length line graph in the space below. 6.4 50% of the passwords are shorter or equal than what number of characters? 6.5 What was the largest number of character sets used by a cracked password? How many passwords used the maximum number of character sets? 6.6 What was the number of character sets used by the longest password? Hint: check the outlier points in the box plot. 7: Lab Submission You will need to submit this lab both as hardcopy and electronically one week after receiving this lab. The hardcopy submission will be a completed copy of this document, while the instructions for the electronic submission are below. Online students do not need to submit a hardcopy but will upload the same files via the Blackboard LMS that offline students send via e-mail. The electronic submission must contain two files: 1) a completed copy of this lab document with the answers filled in, and 2) a file containing cracked passwords in the format discussed below. The format of the cracked password file is one hash/password pair per line separated by a :, e.g. “7c6a180b36896a0a8c02787eeafb0e4c:password1” would be a valid line of the file. This is the format used by John the Ripper in its stored password file ~/.john/john.pot, so you can simply rename the john.pot file to lab02-passwords-USERNAME-hashes.txt and submit it if using John the Ripper. Other password cracking programs may or may not use the same format. If the format differs from John’s, then you must convert the format to match the format described in this paragraph. Offline students must send an e-mail to your instructor with the subject “CIT 480 Lab #2: Passwords” with two attachments. The first attachment is the completed lab file with the name lab02-passwordsUSERNAME.docx, while the second attachment will contain your cracked hashes and corresponding passwords in the format specified below with filename lab02-passwords-USERNAME-hashes.txt. Replace USERNAME in both filenames with your actual username. Do not forget to include both files with the appropriate names and extensions as described above, as you will receive a grade of zero if either one or both is missing.