CSCI 530 Lab

An authentication mechanism: passwords, and cracking them

Overview

In this lab students will use a tool called "John the Ripper" to crack the passwords stored in a file. They were obtained from a Unix computer. Unix stores hashes of all its accounts' passwords in a single file. On old systems the file was /etc/passwd; on new ones it is /etc/shadow instead. The passwords themselves are never stored, but gaining their hashes is a matter of copying the containing file. Given the file, an attacker can try at his leisure to figure out what the original passwords were. That's what John the Ripper does. It has three techniques that you will  use in this lab: dictionary attack, hybrid attack, and combination attack. There are John the Ripper versions for linux and Windows. You will run it on Windows, against passwords taken from a linux system.

1. Install needed software and files

If John the Ripper is not already on the system, download it from http://www.openwall.com/john/f/john171w.zip. Extract to the root directory C:\ on the C drive. The result should be a containing directory C:\john1701.

Save the file holding the passwords to your disk. Its name is "crack-these-please.zip". Save it to disk and place it in C:\john1701\run. Unzip it, to yeild a file named "crack-these-please". This file contains passwords for 50 users, with names crack01 through crack50. The passwords are various, some chosen to be simple and easy and others complex and hard.

2. Executing a dictionary attack

John the Ripper is a command line tool.
Press the Start button -> Press the Run icon -> Enter "cmd" in the Open text box
Change directory by executing cd C:\john1701\run

A dictionary attack uses a word database, and tries it repeatedly. John the Ripper has this capability. Enter dir and see that there is a file called password.lst. Dump the file's contents to the screen by giving the command:

more  password.lst

Press the spacebar, or hold it down, to make the display advance to the end of the file. You see that it is a list of potential passwords. There are about 3000 of them. You can order a wordlist of 40 million. Enter the following command to launch a dictionary attack:

john-386 -w:password.lst  crack-these-please

Note how many of the 50 passwords it was able to crack, what they are, and the time it took. John has created a list of solved passwords called john.pot. Dump to the screen by executing the command:

type john.pot

You see the same passwords you did before. But previously they were displayed along with the users who own them, now with their hashed versions. The hashed versions were the input to John's process; it is they that got cracked.

3. Executing a hybrid attack

A hybrid attack checks for variations of a word or a combination of dictionary words. Launch a hybrid attack by executing:

john-386  -w:password.lst   -rules  crack-these-please

Note the passwords it was able to crack and the time it took. How many more passwords did the hybrid attack crack?

4. Executing a combination attack

In default usage John the Ripper executes dictionary, hybrid, and bruteforce attacks in combination. Launch a combination attack by executing:

john-386   crack-these-please

While john is working, examine the CPU utilization of your computer.

press ctrl-alt-del -> select the Performance tab -> observe the CPU Usage meter

Let John run long enough to do some more cracking. Note the time it took and how many additional passwords it was able to crack. Also note what the passwords are. The "simpler" ones should have been cracked in the earlier attempts, and these should be "less simple." What proportion of the cracked passwords could be found in the dictionary? How about a foreign language dictionary? How many of the cracked passwords contain varied combinations of letters, symbols, numerals, and case? Do the cracked passwords tend to be long or short?

Getting all the passwords could take forever, so if it is taking too long, you can hit CTRL-C to stop the run.

5. Create your own linux password file and try to crack it

Start up the Linux Virtual Machine, as follows
Open up VMWare by going to Start -> VMWare -> VMWare Workstation
Click on the fedora 7 line in the panel on the left-hand side
Under Commands select Start this virtual machine.
Wait the lengthy process until the linux virtual machine starts up. It will have completely started up when you get a prompt for a user name.

(Quick VMware lesson: you can give the "guest" linux operating system the whole screen, or not. With the vmware window selected ctrl-alt-delete expands it to full screen, then ctrl-alt restores it visually to a containing window within the host XP operating system.)

Once the Linux virtual machine has started up, enter root as the username and password as the password.

At the command prompt, execute:

useradd user1

At the next command prompt, execute:

passwd user1

You will be prompted for a password. Enter hello as the password. You will be given a message saying the password is a weak password, but you will be allowed to use it because you are user root (who has special privileges). Reenter the password when prompted. Create the following additional users with these corresponding passwords:

Further, add some more of your own. Choose whatever you like. It would be interesting to test some passwords you actually use in the world to see whether they're weak or strong, but don't. The method we will use next to move these over from the linux to the Windows system on your computer will expose them to your fellow students, and the world at large. (Test your real-world passwords with John-the-Ripper at home sometime if this assignment has raised doubt in your mind about their adequacy.) The passwords you have entered are in /etc/shadow.

Let's transfer /etc/shadow from linux to XP, where John can analyze it. Remember as you sit at your keyboard you have 2 computers-- XP host and linux guest. Think of them as entirely separate. To transfer files between them you have to use the same techniques as between any two separate computers. Like physical computers that each have their own distinct hard disk, the linux guest has its own virtual but distinct hard disk. It does not (virtually) use the same hard disk as XP so a simple copy is not available. (VMware has a feature whereby a directory could be shared between host and guest but it is too much work to install for this exercise.) One way different computers can transfer files is with ftp. Let's use that. Before you transfer it, make a copy of it under a unique name. At the linux machine's prompt, execute:

cd  /etc
cp  shadow  shadow-<your name>

where you substitute your own, unique name for <your name>. Now execute:

ftp  dmorgan.us

And at the resulting user and password prompts supply "cs530" and "Wireshark-CS530" respectively. Then at the ftp prompt (it is ftp's prompt at this point, not linux's) execute:

put  shadow-<your name>

After the file transfer is complete (it will be quick) execute:

quit

Now switch to your XP machine. Windows has a command mode ftp client, modeled after the unix client you just used. In Windows' command box execute:

ftp  dmorgan.us   [supply the same cs530 credentials]
get  shadow-<your name>
quit

You now have the file on the Windows machine. Put it in C:\john1701\run. Execute:

john-386   shadow-<your name>

Before very long john should reveal some of the secret passwords you just created. Don't choose such simple ones in the real world!

Please shut down the linux system. From its command prompt execute:

poweroff

The assignment:

1. When applied to the file crack-these-please, how many of its 50 passwords were cracked at each phase:

    a. dictionary attack solved __________ of the passwords

    b. hybrid attack solved __________ of the passwords

    c. combination attack solved __________ of the passwords

    d.  __________ of the passwords were never solved within the time spent

2. Imagine a "file-based/static/pre-computed" type dictionary attack for cracking all the words in a language of 100,000 words. Suppose, when utilized as passwords, these are hashed as-is (unsalted), and the result then stored. To attack this, the cracker creates his dictionary in advance by 1) hashing all 100,000 words from a to z, then 2) re-sorting his dictionary on the hashes. Then, given a hashed password to crack, he simply looks it up and there he finds the original, plaintext password.

Without salt:
a) the number of different ways a password can come out if hashed with a standard algorithm (e.g. sha1) using no salt, is __________.
b) the number of entries there will be in the dictionary the cracker must create is _________.

Now imagine that a 2-byte salt is introduced, randomly chosen then prefixed to each word before it is hashed and stored for use as a password.

With salt:
c) the number of different ways a password could come out if hashed when prefixed with a random 2-byte salt is __________.
d) the number of  entrties will there be in the dictionary the cracker must create is __________.
e) if all the words in the language are 8 characters long and resolve to hashes 22 bytes long, thus requiring 30 bytes to store each mapped pair (dictionary entry), then the number of gigabytes the cracker's dictionary must occupy is __________.

3. The password-holding file is /etc/shadow for linux. Where are passwords stored for Windows XP Systems?

4. Use the Mandylion "Brute Force Attack Estimator" Excel spreadsheet (my slightly modified version). Suppose you want a password that requires the rest of your life for a PC to crack. You have 50 years to live. How many days (live each to the fullest) is that? In the spreadsheet, consider passwords consisting of numerals ("Numbers") only. 

a) the length of the numbers-only password that requires at least 50 years to crack, according to the spreadsheet, is _________ characters? 

b) account for Moore's law. It says computing power doubles every 2 years. The spreadsheet is dated. It reflects the computing power of 4 years ago . For today, you need to quadruple its computing power assumptions. Do so by entering 4 as the "Special factor" in cell G1 (which is applied in the "computing power" cell, E24, as a multiplier). Thus, with today's computing power, the length of the password that requires at least the rest of your life to crack is __________ characters. 

c) account for Moore's law's continued operation. If Moore's law doesn't stop, today's isn't the right computing power for the upcoming 50 years' calculations. I say that on average (less near term, more far term) that computing power is 2.5 million times today's (approximately). With that as your future computing power, the length of the password that requires at least 50 years to crack is now __________ characters. (Multipy the current special factor by yet a further 2.5x10^6) 

d) if you now allow mixed random characters (spreadsheet's "PURELY Random Combo of Alpha/Numeric/Special") instead of confining your password to numerals only you should be able to use a shorter password with equal effect. The shortest "mixed character" password that'll last 50 years is __________ characters.

5. Refer to the slides about Yubico Inc's YubiKey hardware authentication token. We see usage sessions depicted in Wireshark. They show that when I pressed my YubiKey causing it to emit a one-time password , that OTP was sent for validation to a server called api.yubico.com. The server was seen able to perform successful and discriminating authentication. Since the Yubikey contains a symmtetric key, and uses it to AES-encrypt the OTP, that key must have been known/shared with api.yubico.com. Broadly, when and how was the sharing accomplished?