Lab1_Password_Cracking

docx

School

University of Rochester *

*We aren’t endorsed by this school

Course

3710

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by SargentFlagKomodoDragon15

CS 3710 Introduction to Cybersecurity Term: Spring 2024 Lab Exercise 1 – Introduction to Password Cracking Due Date: January 26, 2024 11:59pm Points Possible: 7 points Name: By submitting this assignment you are digitally signing the honor code, “On my honor, I pledge that I have neither given nor received help on this assignment.” Generative AI assistance is NOT permitted on this assignment. 1. Overview This lab exercise will provide some hands-on experience with password strength analysis using command-line tools in Linux. 2. Resources required This exercise requires a Kali Linux VM running in the Virginia Cyber Range. 3. Initial Setup From your Virginia Cyber Range course, select the Cyber Basics environment. Click “start” to start your environment and “join” to get to your Linux desktop login. 4. Tasks Task 1: Introduction to password auditing. On Linux systems, user accounts are stored in the /etc/passwd file (world-readable text file) and passwords are hashed and stored in /etc/shadow (a text file only readable by root). Click on the Terminal Emulator to open a command prompt. You will need to become an administrator on the system to see the shadow file. Type “ sudo su -” and hit enter. You will notice your command prompt changed from a $ to a # and your user changed from student to root. Go ahead and “cat” those two password files to see what they look like. Question #1: What hash type is used by your Cyber Range version of Linux? How can you determine that by looking at the hashed passwords in /etc/shadow ? (.5 point) Yescrypt, since the password architecture begins with $y$ which indicates the hash type of Yescrypt. Question #2: What are two other hash IDs and their types that you may see in /etc/shadow ? (The ID is the numbers/letters that identify the hash and the type is the name of the hash) (.5 point) $1$ which corresponds to the type MD5, and $6$ which corresponds to the type SHA-512. Question #3: What is password salting and why is it important ? (.5 point) It’s the second part of the hashed password which is made of some random data to make the password more unique. It can add complexity to the password to ensure its safety. © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY 4.0) Modified by Angela Orebaugh, Ph.D., CISSP, University of Virginia

CS 3710 Introduction to Cybersecurity Term: Spring 2024 We’ll use a password auditing tool called John the Ripper (JTR), a very effective and widely known password cracker. JTR is available from www.openwall.com/john . JTR is already installed in the virtual environment so you won’t need to download it. Task 2 : Crack Linux passwords. 1. Create 2 new accounts, one with an easy to guess password (such as 1234) and one with a difficult to guess password. Question #4: Cut and paste or screen capture the commands you used to create the accounts and set the passwords. (.5 point) 2. Now let’s see which ones we can crack. Run john against the /etc/shadow file. You will need to use the -format:crypt command line option to crack this particular hash method. JTR will attempt to crack the passwords and display any that it ‘cracks’ as it goes along. It starts in “single crack” mode, mangling username and other account information. It then moves on to a dictionary attack using a default dictionary, then with a hybrid attack, then brute force where it will try every possibly combination of characters (letters, numbers, and special characters) until it cracks them all. You may see several warnings about candidates buffered for the current salt and that is ok. You can ignore those warnings. The account with the easy to guess password should be cracked rather quickly. Wait for a little bit for it to crack the difficult password, but don’t wait too long as it could take months or years to complete if your password is really strong! Press [CTRL]-[C] to stop execution if it doesn’t automatically complete and return to the command prompt. Question #5: Provide a screenshot of your JTR cracked passwords (.5 point) © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY 4.0) Modified by Angela Orebaugh, Ph.D., CISSP, University of Virginia

CS 3710 Introduction to Cybersecurity Term: Spring 2024 Question #6: Briefly describe how a dictionary based password attack works. (.75 point) Dictionary based password goes through a list of words.Password cracking can take a long time since it requires hashing and comparing over and over. Question #7: Briefly describe how a brute force password attack works. (.75 point) Brute force password is the most effective one. Since it tries every possible combination of numbers, characters, special characters, it could take millions of trillion of time to crack such passwords. John uses the following files to manage execution. Most are all stored in the /usr/share/john folder on your Kali virtual machine (john.pot is stored elsewhere as indicated): - password.lst is john’s default dictionary. You can cat this file to look at it. You can specify another wordlist on the command line using the --wordlist= directive (for example # john --wordlist=/usr/share/dict/american-english /etc/shadow - john.conf is read when JTR starts up and has rules for dictionary mangling for the hybrid crack attempt - john.rec is used to record the status of the current password cracking attempt. If john crashes, it will start where it left off instead of starting again from the beginning of the dictionary. - /root/.john/ john.pot lists passwords that have already been cracked. If you run john again on the same shadow file, it won’t show these cracked passwords unless you delete this file first using rm /root/.john/john.pot. Task 3. More password cracking. John the Ripper’s default dictionary is a short list of common passwords. Sometimes a standard English dictionary is a better option. In this exercise we will 1) download a new Linux shadow file that contains a © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY 4.0) Modified by Angela Orebaugh, Ph.D., CISSP, University of Virginia

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

CS 3710 Introduction to Cybersecurity Term: Spring 2024 set of user accounts and hashed passwords, 2) download a different dictionary, and then 3) attempt to determine the passwords using the default dictionary and the new dictionary. 1. Download the following new shadow file using the wget command: artifacts.virginiacyberrange.net/gencyber/shadow 2. Take a look at the newly downloaded shadow file. It should be in your current working directory, it is not /etc/shadow. Notice that it uses a different hash ID. You won’t need to use the -format:crypt command line option, let’s see if John can automatically figure out the hash. Run John against the newly downloaded shadow file. Let John run for a few minutes, then stop with [CTRL]-[C]. Question #8: Which passwords are revealed ? (cut and paste or screen capture) (.5 point) 3. Next we will run John again with a different dictionary. First, we will download an American English dictionary on to our Kali Linux system. (If the dictionary is already there, it will be updated.) # sudo apt update; sudo apt install -y wamerican 4. Clear the John cache from the previous run by deleting the /root/.john/john.pot file. 5. Next run John against the downloaded shadow file again but this time using the newly downloaded dictionary by invoking the --wordlist option at the command line with the location of the new dictionary ( --wordlist=/usr/share/dict/american-english ) Note: If you get an error about a locked /root/.john/john.rec file, you can delete that file. Question #9: Which passwords were revealed this time? (cut and paste or screen capture) (.5 point) © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY 4.0) Modified by Angela Orebaugh, Ph.D., CISSP, University of Virginia

CS 3710 Introduction to Cybersecurity Term: Spring 2024 Question #10: What is the difference between the two dictionaries that made one attempt more effective than the other? (You may want to take a look at each of the dictionaries or metadata about the dictionaries to compare them.) (1 point) The difference between the default dictionary and the American English dictionary in password cracking probably relates to their content and specificity. The default dictionary likely includes more common passwords, basic phrases, and typical character variations. In contrast, the newly downloaded American English dictionary may contain a more focused selection of words and phrases specifically used in American English, potentially making it more effective for cracking passwords that align with American English usage. Question #11: What are two methods that will help provide more secure authentication and protect against password cracking? (Something different than just making your password longer or more complex.) (1 point) Using Two-Factor authentication and using facial recognition(biometric authentication). To close the exercise, just click the X on the terminal window to close it and click on the Log Out icon in the upper right hand corner of the screen to log out. By submitting this assignment you are digitally signing the honor code, “I pledge that I have neither given nor received help on this assignment”. END OF EXERCISE References  John the Ripper (JTR): www.openwall.com/john © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY 4.0) Modified by Angela Orebaugh, Ph.D., CISSP, University of Virginia

Related Documents

LAB2_COMP311.docx

Python Codes.pdf

CP4P_NumberSystems_Activity_Answers.docx

SDEV-M07 Evaluate_ Quiz - Arrays and File I_O_ Knowledge Assessment for IT - Cohort 8 Virtual Instru

Oryzanin_outcroppings_areae.docx

Technology Lesson Demonstration.docx

Lab2_Recon_Network_Scanning.docx

Lab3_Sniffing.pdf

Framework for Enhancing Digital Proficiency K Lazard.docx

metcs633_M3_A3_Optimize Peer Reviews(1).docx

CSC420 Week 2 Exercise Lab.docx

3.1.4 Section Quiz.pdf

Recommended textbooks for you

Systems Architecture

Computer Science

ISBN:9781305080195

Author:Stephen D. Burd

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Security (MindTap Cours...

Computer Science

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781305082168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Np Ms Office 365/Excel 2016 I Ntermed

Computer Science

ISBN:9781337508841

Author:Carey

Publisher:Cengage

SEE MORE TEXTBOOKS

Recommended textbooks for you

Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage