Assignment #4

Download PDF
14 downloads 294 Views 44KB Size Report
Comment
Note that the Backtrack 4 ISO and VMware images are approximately. 2GB in size, so if you choose one of those approaches, allow a substantial amount of time.
CSC 482/582 Password Cracking

Assignment #4 Due: November 4, 2010

In this lab, students will study the security of passwords by using password cracking tools. Such software is an essential part of a security professional’s toolkit, both for verifying the security of the passwords of valid users and for gaining access to password-protected malware. To do this lab, students will need both this handout and the accompanying a4-files.zip file, which contains data that will be analyzed during the assignment. They will also need to install password cracking software as described below.

1

Installing the Software

There are three ways to install the password cracking tools for this assignment listed below. When choosing a method remember that it may take hours or even days to crack the full set of passwords. Note that the Backtrack 4 ISO and VMware images are approximately 2GB in size, so if you choose one of those approaches, allow a substantial amount of time for downloading. 1. Install tools directly on your PC. John the Ripper is a password cracker that can be downloaded from http://www. openwall.com/john/ as a zip archive for Microsoft Windows or as source code for UNIX. It may also be available to be installed with apt-get or yum as part of your Linux distribution. Note that some anti-virus programs on Windows will delete the John the Ripper executable the moment it is extracted onto your system. In this case, you will have to configure your anti-virus software to ignore John or you will have to use one of the other two methods. Archive files can be cracked by tools such as RARcrack, which can be found at http://rarcrack.sourceforge.net/, or FCrackZip, which can be found at http://oldhome.schmorp.de/marc/fcrackzip.html. 2. Use Password Crackers from the Backtrack 4 DVD. Download the Backtrack 4 ISO image from http://www.backtrack-linux.org/downloads/, then burn it to a DVD and boot your computer from the DVD. Backtrack will boot into a command line prompt. The command startx will start the graphical user interface. There is documentation on the BackTrack page and a variety of YouTube videos on installing it. 3. Use Password Crackers from the Backtrack 4 VMware Image. If you do not already have VMware, download and install VMware Player from https: //www.vmware.com/tryvmware/?p=player. Download the Backtrack 4 VMware image from http://www.backtrack-linux.org/downloads/, then start VMware Player and run the image with it. Backtrack will boot into a command line prompt. The command startx will start the graphical user interface. There is documentation on the BackTrack page and a variety of YouTube videos on installing it. 1

If you encounter problems using the network on BackTrack, redo the network configuration with the command /etc/init.d/networking restart.

2

Learning to Use Password Crackers

The Backtrack 4 graphical interface can be started with the startx command. Password cracking tools can be found under the Backtrack menu by selecting the Privilege Escalation menu then going to the Password Attacks submenu. There are a large number of videos on using Backtrack on YouTube. A guide to using a variety of password cracking tools, Cracking Passwords Version 1.1, can be found at http://tools.question-defense.com/ Cracking_Passwords_Guide.pdf. John the Ripper is a fast password cracking tool that can use dictionary attacks, password modification rules, and brute force attacks. It is a command line tool with many options. If you run john without specifying any options, it will print a help message listing all options. To use it, you will need to learn a variety of its features and what its output looks like. Read the online documentation for John the Ripper to learn how to use it: 1. Introduction at http://www.openwall.com/john/doc/. 2. EXAMPLES link from page above. 3. OPTIONS link from page above. John will store guessed passwords in the file john.pot. RARcrack is a brute force command line tool for cracking passwords on archive files, such as zip, 7-zip, and RAR files. Documentation is available on the BackTrack CD or from http://rarcrack.sourceforge.net/. Note that while the documentation claims that it can guess the filetype of an archive, the program often crashes when trying to do so, so use the --type zip option to specify ZIP archives. As RARcrack runs, it will print Probing messages indicating progress in the brute force attack. It will print GOOD: password cracked when it finds the password. Read http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ about cracking MD5 passwords.

2

3

Cracking UNIX Passwords

In this part of the lab, you will attempt to crack the hashed UNIX passwords in the file passwords.txt included in the a4-files.zip using John the Ripper. First use the password list that comes with John. How many passwords does it recover? ./john -w:password.lst passwords.txt Next add the option for John’s permutation rules. How many passwords are recovered with these options? ./john -w:password.lst -rules passwords.txt The lab file archive includes the password list from another password cracking tool called Cain and Abel. How many passwords are recovered with this list? ./john -w:cain.txt passwords.txt Add the option for John’s permutation rules to the Cain and Abel list. How many passwords are recovered with these options? ./john -w:cain.txt -rules passwords.txt In the last time, run john in brute-force mode overnight. How many passwords are recovered? ./john passwords.txt

4

Cracking MD5 Hashes

Using the online MD5 hash databases from http://www.stottmeister.com/blog/2009/ 04/14/how-to-crack-md5-passwords/, crack the following MD5 passwords. You will almost certainly need to use multiple sites to crack all of the passwords below, as each site has its own database focusing on different sets of strings. For each password, list the password and the site where you found it in your lab report. • e10adc3949ba59abbe56e057f20f883e • 5f4dcc3b5aa765d61d8327deb882cf99 • e0d00b9f337d357c6faa2f8ceae4a60d • 74a2c279f608311cb7e0ae266da2c2dc • ff14808409579e04e52642fc80fc29c1 3

5

Cracking ZIP Passwords

In this part of the lab, you will need to find the password for the encrypted ZIP file secret.zip included in the a4-files.zip archive. A variety of ZIP cracking tools can be used for this purpose, including RARcrack, which is included on the Backtrack 4 CD. For this part of the lab report, explain the steps of how you cracked the password and provide both the password and the name of the files included in secret.zip as part of your answer. Also indicate how long it took to crack the password and what type and speed of processor you ran the cracking tool on. If you use a tool other than RARcrack, explain your reasons for using that tool as part of your answer.

6

Deliverables

For this assignment, you need to turn in both an electronic copy of the lab report by e-mail and a hardcopy in class. The electronic copy must be in Rich Text Format (RTF). The lab report should include the answers requested in the three cracking sections above (with the number and name of the section above included in your report), along with answers to the following questions: 1. How does John the Ripper improve on simple dictionary attacks? 2. Rainbow tables can find passwords faster than John the Ripper. What is the tradeoff for this extra speed? How does this tradeoff scale with longer passwords? 3. Using a GPU instead of a CPU can increase the speed of password cracking. How large is the speed increase? Why are GPUs faster than CPUs for this task? You will need to do research on the Internet in addition to using your textbooks and class notes to answer these questions. Cite any and all sources used in your answers.

4