Crack -- it's addictive!
Due by 11:59pm on Friday 16 Sep 2016
In this assignment, you will be trying your hand at cracking various passwords.
As with the other assignments in this class, I encourage you to discuss various approaches with your peers. However, as you are all working from the same password lists, try not to be too specific about revealing details.
You may work in small teams (up to three people per team). You may not work on multiple teams, and you must clearly identify your team members in your writeup.
For this assignment, I want you to attempt to crack the passwords that are contained within the following zip file: hw01-pwdumps.zip
There are 4 files contained within the zip file. The first is Unix style, the second is MS-Windows. You may need to reformat them as standard /etc/passwd or /etc/shadow files in order to feed them to your cracking tools. (See "man 5 passwd" or "man 5 shadow" for details.)
Your primary goal is to crack the passwords listed in file 1 and file 2. The other two files are much larger and intended to represent actual passwords used on Internet sites. You will likely get many of these passwords cracked quickly, and others will take you much longer. These files are intended for you to get a sense of how your chosen tool works on a larger scale data set. (They also are in a different format from the first two.)
Go forth onto the Internet and find a password cracking program that works on either Unix or MS-Windows style passwords. I want you to find at least 4 different programs and select from them. You will need to explain the logic behind your reasoning.
Compile/build/install the software on either lab machines or your personal machine. If installing on a lab machine, I'd recommend installing into a subdirectory of your home directory so that it is available on multiple machines.
You will probably also need to go out and find word lists or dictionaries to use.
Before throwing time and energy into breaking the full password file, verify that your tool is functioning correctly. Here are a couple plain text and crypted password pairs.
happy : bdWh.7jf3zFJM password : mlO36EwSe8sTk
happy : 4E1FB9BDD16A8F51AAD3B435B51404EE password : E52CAC67419A9A224A3B108F3FA6CB6D
You should have read the documentation for your selected tool as part of step 1. If you haven't, you really should. One thing to look for is some way to cause it to suspend and resume operations. If it doesn't have such, you can tell it to suspend and resume using kill -STOP <pid> to stop and kill -CONT <pid> to resume. You can also use pkill to do the same thing, but be sure to limit it to your own processes.
Also, you should look at how well it will continue in case the machine is rebooted. You may want to look at creating a cron job that checks to see if it is running (return value from kill -0 <pid>) and restarts it if necessary. Similarly, you might want a cron job to automatically stop it during lab times.
I've obtained permission for us to use the physical machines in the CS labs for this assignment. You should not run them on occs, clyde, or other CS computers.
Important restriction: due to the high enrollment in CSCI 150 and 151 this semester, you should be sure your programs are NOT running in either lab between 1-5pm on Monday through Thursday.
Out of respect for other lab users, there are a few things you should do:
Keep track of the passwords cracked and the amount of time it took to do it.
Note: I don't expect you to be able to crack all of the passwords in the time allotted.
You should also put your password(s) into the mix. You can use the program ~kuperman/bin/htpasswd.pl to generate a crypted version of any password.
If you need additional disk space, you can use /scratch which is local to each machine and persists across reboots. However, it does get wiped out during a reinstall, so don't keep anything important here for a long time.
You will be submitting a typed report on your selections and results via Blackboard by the end of the day on Friday, 16 September 2016. Include the following information in your report: