I am having difficulty getting 4.1 started. I have the zip file with the files n

Question

I am having difficulty getting 4.1 started. I have the zip file with the files needed but do not know how to start. I am using kali Linux terminal for this, so I am looking for you to help me on how I start 4.1. What lines of code should I start with since I already have the zip file. If you can provide me step by step process of to solve this within the terminal. Thank you

1 General description This lab explores the dictionary attacks, as in runing a dietionsry (or of woeds) agais a cryptosystem to find a matching key· Cboong the correct dictionary and peely the right modifications on each word can quickly yield a ley, passng a simple tehnee attak 2 File with samples and results The files are in lab-crypto2zip. It coutains most files to get you stated loding the samples and thr chalrturs In sorne asrs, you ill hare to drwky, sonr Kripts or te your own code to improve the resuts The tools include John the Rippes, Cain& Able, and OpCrack 3 Crack ing passwords and hashes In this part of the lab, wr etack pasmeds, i.e· we apply dietinary attacks ae t hubs mot cass this asums we are Eamiliar with the eryplosytem ce hash functiin sed to ceate the cipbertext or hash, respectively. There wil be one case where the hash functice will be u Possible targets: rype (Unix), modified crypt (lonish),IDS, NTL.MSHAI Extensions are possible for ZIP files (or RAR,Tip), as well as PDF and MS Office eserypion 3.1 Requirement * Yo-should use, the tools provided in t Sk, but are not limited to tr·RF5x-num you door De to, please justify your dice. If you wrote scripts ce alitie code, pear include it * Yatput sbuld dmonstrate that you hav dne the e periments suh ,Ten1tx, Unix typeseripts, o logs or password entries You shoald specify in each case how you cracked the pawwde.g by using Swedish dictionary, applying the rule to substitute 3 es, etc. As a let ~t brute-force method may be und (sonw pawwurdCTarkers we that as alast dr /pms), but then you should specify that this was done Tasks 4.1 Finding Unix passwords Using the tools of your choice, find the passwoed that gerated each of the ollowing Unis erypt hash entries in the following entries from the lete/pas aud file root:x1 1UGaj7vR.A michael 9r Spoy.eGGDN

Explanation / Answer

You can easily extract the encrypted password with awk. You then need to extract the prefix $algorithm$salt$ (assuming that this system isn't using the traditional DES, which is strongly deprecated because it can be brute-forced these days).

correct=$(</etc/shadow awk -v user=bob -F : 'user == $1 {print $2}')

prefix=${correct%"${correct#$*$*$}"}

For password checking, the underlying C function is crypt, but there's no standard shell command to access it.

On the command line, you can use a Perl one-liner to invoke crypt on the password.

supplied=$(echo "$password" |

perl -e '$_ = <STDIN>; chomp; print crypt($_, $ARGV[0])' "$prefix")

if [ "$supplied" = "$correct" ]; then …

Since this can't be done in pure shell tools, if you have Perl available, you might as well do it all in Perl. (Or Python, Ruby, … whatever you have available that can call the crypt function.) Warning, untested code.

#!/usr/bin/env perl

use warnings;

use strict;

my @pwent = getpwnam($ARGV[0]);

if (!@pwent) {die "Invalid username: $ARGV[0] ";}

my $supplied = <STDIN>;

chomp($supplied);

if (crypt($supplied, $pwent[1]) eq $pwent[1]) {

exit(0);

} else {

print STDERR "Invalid password for $ARGV[0] ";

exit(1);

}

On an embedded system without Perl, I'd use a small, dedicated C program. Warning, typed directly into the browser, I haven't even tried to compile. This is meant to illustrate the necessary steps, not as a robust implementation!

/* Usage: echo password | check_password username */

#include <stdio.h>

#include <stdlib.h>

#include <pwd.h>

#include <shadow.h>

#include <sys/types.h>

#include <unistd.h>

int main(int argc, char *argv[]) {

char password[100];

struct spwd shadow_entry;

char *p, *correct, *supplied, *salt;

if (argc < 2) return 2;

/* Read the password from stdin */

p = fgets(password, sizeof(password), stdin);

if (p == NULL) return 2;

*p = 0;

/* Read the correct hash from the shadow entry */

shadow_entry = getspnam(username);

if (shadow_entry == NULL) return 1;

correct = shadow_entry->sp_pwdp;

/* Extract the salt. Remember to free the memory. */

salt = strdup(correct);

if (salt == NULL) return 2;

p = strchr(salt + 1, '$');

if (p == NULL) return 2;

p = strchr(p + 1, '$');

if (p == NULL) return 2;

p[1] = 0;

/*Encrypt the supplied password with the salt and compare the results*/

supplied = crypt(password, salt);

if (supplied == NULL) return 2;

return !!strcmp(supplied, correct);

}

A different approach is to use an existing program such as su or login. In fact, if you can, it would be ideal to arrange for the web application to perform whatever it needs via su -c somecommand username. The difficulty here is to feed the password to su; this requires a terminal. The usual tool to emulate a terminal is expect, but it's a big dependency for an embedded system. Also, while su is in BusyBox, it's often omitted because many of its uses require the BusyBox binary to be setuid root. Still, if you can do it, this is the most robust approach from a security point of view.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.