Try to use Ubuntu/Linux to solve this. Thank you so much Setting the Stage for Y

Question

Try to use Ubuntu/Linux to solve this. Thank you so much

Setting the Stage for Your First Python Program: The Cuckoo's Egg A system administrator at Lawrence Berkley National Labs, Clifford Stoll, documented his personal hunt for a hacker (and KGB informant) who broke into various United States national research laboratories, army bases, defense contractors, and academic institutions in The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (Stoll, 1989). He also published a May 1988 article in Communications of the ACM describing the in-depth technical details of the attack and hunt (Stoll, 1988) Fascinated by the attacker's methodology and actions, Stoll connected a printer to a compromised server and logged every keystroke the attacker made. Dur- ing one recording, Stol noticed something interesting (at least in 1988). Almost immediately after compromising a victim, the attacker downloaded the encrypted password file. What use was this to the attacker? After all, the victim systems encryptedle user passwords using the UNIX crypt algorithm. However, within a week of stealing the encrypted password files, Stoll saw the attacker log on with the stolen accounts. Confronting some of the victim users, he learned they had used common words from the dictionary as passwords (Stoll, 1989) Upon learning this, Stoll realized that the hacker had used a dictionary attack to decrypt the encrypted passwords. The hacker enumerated through all the words in a dictionary and encrypted them using the Unix Crypt() func- tion. After encrypting each password, the hacker compared it with the stolen encrypted password. The match translated to a successful password crack. Consider the following encrypted password file. The victim used a plaintext password egg and salt equal to the first two bytes or HX. The UNIX Crypt func- tion calculates the encrypted password with crypt('egg,'HX') = HX9LLTdc/jiDE. attackers cat /etc/passwd victim: HX9LLTdc/jiDE: 503:100:Iama Victim:/home/victim:/bin/sh root: DFNFxgW7C05fo: 504:100: Markus Hess:/root:/bin/bash Let's use this encrypted password file as an opportunity to write our first Python script, a UNIX password cracker

Explanation / Answer

Linux store your password in an encrypted form. it uses crypt function which takes two arguments one is plaintext password other is salt( random data that is used as an additional input to a one-way function that "hashes" data, a password or passphrase)

We have used the crypt library in the python to encrypt the commonly used words, then we have matched that with the encrypted password. if it matches that word is our password.

Python Code :

import crypt,sys

## Encrypted password that we have to crack.
EncryptedPasswd = "HX9LLTdc/jiDE"

## List of comman dictonary words
CommanUsageWordList = ["egg", "country", "etc"]

for word in CommanUsageWordList :
if crypt.crypt(word,"HX") == EncryptedPasswd or crypt.crypt(word, EncryptedPasswd[:2]) == EncryptedPasswd :
print "Password is" , word
sys.exit(1)

print "Password is not belongs to the comman words"

Output ScreenShot:

$ python a.py
Password is egg

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.