CSCI 343 - Homework 5

Crack -- it's addictive!

Due before class, Friday 17 Nov 2006

Homework

In this assignment, you will be trying your hand at cracking Unix passwords.

Collaboration

As with the other assignments, I encourage you to discuss various approaches with your peers. However, as you are all working from the same password lists, try not to be too specific about revealing details.

Assignment Requirements

For this assignment, I want you to attempt to crack the following list of passwords that are using the standard Unix crypt() function for passwords: 

    ew4pdU/Pb6JkI
    pjE9Zk2VlH1XM
    urMO1Sgdkz7Nc
    zj2IgJCkbmaT2
    ziCRHHTeGIM1Q
    ljJxMG./2a2dc
    mmIzlWPabcL5k
    elV5FJNK0YW3c
    uqxxTaKm4VQSc
    puHfUcl3xKRfU
    ezlOTn6SGO1CI
    iwoEVepS0Qu2.
    qw4nhdkFvQHdk
    hy84u3NYTeaIQ
    pp42TRLXCuUSc
    neeN49qb0h.7Y
    btLxiB9iT2YUg
    hbnLR86nuUj3s
    hk5kLdLA7W28o
    lwKW1L/kYU11Y
    unlatEf7wKvLY
    wigqmyS4Qb0Aw
    epYB5FRhq0KLk
    oew2EQIrFLr.w
    cft6shITBvayc
    zdrvBjMrY8rOg
    cyjrM.q1wO5PI
    vqnVkJCdydyE6
    kyK652pM1M1r6
    ywWVxo5Je4qPM
    xdcvwNTFtg7DA
    czllYQ7wyRgaE
    owP1B.YfrUtxE
    km3ukqJ8NVcoE
    fslk8EV/uRWaE
    wrpW8pu1fVZSk
    yed1CLvnqkUCI
    gc0qAhc68CA82
    uchHseBkiSI8U
    hnV2P5NMMZ6cI
    kjo9T1PDpwh2k
    ch70nbftjSA7g

You will probably need to reformat them as standard /etc/passwd or /etc/shadow files. (See "man 5 passwd" or "man 5 shadow" for details.)

Step 1: Get a password cracking program

Go forth into the internet and find a password cracking program that works on Unix style passwords. I want you to look at at least 4 different programs and select from them.

Compile/build/install the software on either lab machines or your personal machine. If installing on a lab machine, I'd recommend installing into a subdirectory on /anarchy so that it is available on multiple machines.

You will probably also need to go out and find word lists or dictionaries to use.

Step 2: Test your tool

Before throwing time and energy into breaking the full password file, verify that your tool is functioning correctly. Here are a couple plain text and crypted password pairs. 

    happy    : bdWh.7jf3zFJM
    password : mlO36EwSe8sTk

Step 3: Learn to suspend your tool

You should have read the documentation as part of step 1. If you haven't you really should. One thing to look for is some way to cause it to suspend and resume operations. If it doesn't have such, you can tell it to suspend and resume using kill -STOP <pid> to stop and kill -CONT <pid> to resume. You can also use pkill to do the same thing, but be sure to limit it to your own processes.

Also, you should look at how well it will continue in case the machine is rebooted. You may want to look at creating a cron job that checks to see if it is running (return value from kill -0 <pid>) and restarts it if necessary.

Step 4: Get cracking!

I've obtained permission for us to use the machines in the upstairs lab along the far wall (across from the whiteboard) for this assignment. You should not run them on occs or other lab machines.

Out of respect for other lab users, there are a few things you should do:

  1. Don't leave yourself logged in with the screen locked.
  2. Limit your tool to not run between 1 and 4pm as that is lab time. You'd be best served to set up a cron job to do this for you.
  3. Run "niced" so that someone using the console can have a responsive system. Some of the tools will let you configure this, or you can simple tell it to do so from the command line:
    /bin/nice -19 <command>

Keep track of the passwords cracked and the amount of time it took to do it.

Note: I don't expect you to be able to crack all of the passwords in the time allotted.

You should also put your password(s) into the mix. You can use the program ~kuperman/bin/htpasswd.pl to generate a crypted version of any password.

Report

You will be submitting a typed report on your selections and results at the start of class. Include the following information in your report:

  1. What cracking tools you considered, and why you selected the one you did. Include discussion of features.
  2. List where you found the cracking tool, and discuss the potential for malcious tampering that may have taken place.
  3. What dictionaries did you use, and where did you find them. How many total entries were in your final dictionary?
  4. How many crypts per second was your tool able to perform? How long should it take to do one pass through your dictionary? How long to brute force an 8 character password made from just letters, numbers, and shifted numbers "!@#$%^&*()"?
  5. What passwords were you able to break? What passwords were still unbroken? How long did your program run?
  6. How much faster would you expect this to run with unsalted passwords?
  7. Come up with at least 3 passwords that should be uncrackable by the tool you used, but still memorable. Be sure to explain this.
  8. Any final comments or suggestions you wish to share with me about this exercise.
Last Modified: November 08, 2006 - Benjamin A. KupermanVI Powered