CMSC 355 Lab 2: Password Security Due: Thursday, Sept. 16th, 2021 by 11:59:59pm

Password systems are by far the most common means of authenticating access to resources. Unfortunately, the strength of a password system is determined largely by the user's choice of a good password. Weak passwords can be easily exploited using several common techniques.

In this lab, we are going to investigate three techniques for finding weak passwords: a brute-force attack, a rainbow table attack, and a (also called a word list).

Step 1. Getting Started

This lab requires you to work with some rather large files. For this reason, it is wise to work from the /scratch folder on the hard drive of the computer rather from your /home directory stored on the network drive.

Download the file Lab2.tar.gz from my web site and then extract it:

cd /scratch/username

wget http://marmorstein.org/~robert/Fall2021/cs355/Lab2.tar.gz

tar xzvf Lab2.tar.gz

Then change directories to the Lab2/ folder. The folder contains several different files:

"fakeshadow" is an example password file that has several weak passwords I created. We will be trying to crack the passwords in this file using various cracking techniques.

"hash.txt" contains the same passwords, but without salt. We'll talk more about password salt later in the lab.

The "rainbow_tables" folder contains a set of pre-computed cracking tables (called rainbow tables) which we will use in Step 3.

The “hashcat-6.1.1” folder contains an updated version of the “hashcat” password cracker, which we will use in Step 5.

"report.txt" contains a list of questions that you will fill out as we complete this lab. Edit this file now to place your name at the top. This is the only file you will need to submit electronically.

The remaining files in this lab belong to a password cracking utility called "rainbow crack" that we will play around with in Step 3. Step 2. Brute force

A program called "" is installed on all of the systems in the lab. John is a password cracking utility that employs a brute-force technique to find passwords in a password file. It supports several different hash types, including the most common hashing algorithms used by both Linux and Windows.

A naive brute-force approach would try the password "a" and then the password "b" and so forth until it had tried all possible letters. It would then try "aa" through "zz" and so forth. It might also try adding numbers and symbols to various places in the password. Or it might loop through all the ASCII characters in order.

To defend against brute force attacks, it is a good policy to either:

1. Lock out an account after a password has been guessed incorrectly a certain number of times. Of course, this makes it possible for an attacker to get someone locked out – a sort of “Denial of Service” attack.

2. Introduce a delay after a password has been typed incorrectly. The delay will slow down the brute force program and make it less likely that the cracker can successfully obtain the password in a reasonable amount of time.

Of course, neither of those policies helps if the cracker can access the password file directly – as we are doing in this lab.

The approach used by John the Ripper is a little more sophisticated than the naive approach. It takes advantage of known statistical properties of common passwords to try guessing the most likely password strings first. Then it tries less likely strings. For example, the most common letter in the English language is "e". So passwords that contain one or more "e" characters are much more common than passwords that contain only "z" and "x" characters. John takes advantage of rules like this to find passwords more quickly.

Let's run john on the "fakeshadow" password file. Type: john --format=md5crypt- --nolog fakeshadow and hit enter. John will find some of the simplest (and weakest) passwords right away. Let John run for about one minute and then hit CTRL-C.

Note: John stores its progress in a file in your home directory. So if you stop it and continue it again, it will resume where it left off – it won't “rediscover” the ones it's already gotten. If you need to start over for some reason, remove the file named “john.pot” (which is probably in the “.john” folder of your home directory): rm ~/.john/john.pot

Now edit the "report.txt" file and answer the first two questions. Step 3. Using Rainbow Tables

While a brute force approach works well for finding very weak passwords, it can take hours or even days for it to find slightly stronger ones, especially on old computers like the ones in our lab.

One way to avoid this is to use pre-computed tables that map each password hash back to the passwords that generate it. Creating the tables can take a very, very long time. But once they are created, they can be used over and over on different password files to find passwords quickly. Essentially, finding the password requires only a simple table lookup. This speeds up the algorithm at the cost of memory (the cracker needs to store a very large hash table in RAM).

These tables are called "rainbow tables" and are particularly suitable for cracking Windows passwords. The reason for this is that one of the password systems Windows uses has a huge weakness: it works by encrypting a fixed string (the same string for every account) using the user's password as an encryption key. Because the ciphertext is always the same, a rainbow attack with a large enough table can usually find 99.9% of the passwords in just a few seconds. Furthermore, Windows passwords do not use "salt" (Linux systems do). A "salt" is a randomly selected value that is added to a password before it is hashed into the password file. The password file stores both the password and the salt so that future logins can complete successfully. The advantage of using a salt, however, is that it completely prevents rainbow table attacks.

I have created an "unsalted" version of our password file in your Lab2 folder (it is called "hash.txt"). Lets use "" to break the passwords in the file. First type "date" and hit enter (so that you have a record of your starting time). Then type (note – that’s a lowercase “ell”, not a one or a capital “i”, before the “hash.txt”):

./rcrack rainbow_tables/*.rt -l hash.txt and hit enter. When it finishes, hit "date" again to get a record of your ending time. Edit the "report.txt" file and answer questions C and D about rainbow crack. You will probably need to scroll up to see the results of the search.

Step 4. Word Lists

Notice that rainbow crack found a three character password that John the ripper missed. That is because John's search algorithm looks at alphanumeric passwords first. It takes a long time for it to get to passwords that contain just symbols. We can make John be a little more clever by telling it to use a word list instead of the brute force approach. A word list is a list of common passwords. Instead of generating random strings of a particular size, John will examine try each of the passwords in the list. John can also use "rules" to modify some of these passwords as it tries them (replacing "e" with "3" and so forth), but that is outside the scope of this lab.

Check the time using "date" and then type: john --wordlist=wordlist.txt --format=md5crypt-opencl --nolog fakeshadow and hit enter. When John finishes, check the time again. Then answer the questions E and F in the "report.txt" file. Step 5. Hashcat

John the ripper and rainbow crack use only the CPU. Our systems in the lab are fairly powerful, but if we want to crack passwords even faster we need to leverage a much more powerful computational device – the graphical processing unit (GPU) in your graphics card. The graphics card essentially has hundreds of very simple cores. Each of these cores can do the same task (but on a different possible password) simultaneously.

Note: This was true when I first wrote this lab, but the new version of John the Ripper we are using actually supports OpenCL programming on the GPU. Since this speeds things up enormously, we used it in steps 1 and 3.

The graphics cards on our lab systems can be programmed using a proprietary language from NVidia called “CUDA” or an open graphics platform called “OpenCL”. A program called “hashcat” can leverage this to try hundreds of millions of password hashes each second.

Type: hashcat-6.1.1/hashcat.bin -m 0 -a 0 -O hash.txt wordlist.txt

Answer questions G and H in “report.txt”.

Step 6. Rules and Pattern Matching

Since rainbow tables work only against unsalted passwords, the most successful technique we’ve looked at so far is using a wordlist. To be effective, a wordlist must contain enough passwords that one of them is likely to match the actual password list. Since users seldom use plain dictionary words, the rate of success is usually quite low with a standard “English dictionary”. A better alternative is to use a list of previously cracked passwords. Several of these are available online from sites like https://wiki.skullsecurity.org/index.php?title=Passwords.

However, unless the wordlist is enormous, it is unlikely to contain most of the passwords you want to crack. This is undesirable for two reasons:

1. A sufficiently large dictionary takes up quite a bit of disk space.

2. Reading words from the file is very slow (disk accesses can be as much as 1000x slower than memory accesses) and can become a bottleneck on the password cracking algorithm.

To solve this, we can instead use a smaller dictionary, but instead of simply trying each word in the dictionary, we can use them as a template for generating new passwords. We do this by applying a series of transformation rules. For example, the base word “hello” might become: hello h3llo hell0 h3llo hello123 123hello h&llo

Since the generated passwords are stored directly in RAM, not on the disk, they take up no additional disk space and they can be tested very quickly.

Tools like John the Ripper support the use of regular expressions for describing these transformations, but it turns out that a fully expressive regular expression generator is slow and not really necessary for the most successful transformations. Instead, both john and hashcat support a special rule syntax that forms a subset of the regular languages. There is a good summary of the most common operators in the rule language on the hashcat site: https://hashcat.net/wiki/doku.php?id=rule_based_attack

The most important operators are $x (which appends “x” to the end of each word) and sXY (which substitutes “Y” for “X” everywhere in the password).

Let’s give this a try. Make a file named “pwd.rules” that contains the following:

$2 $0 $1 $7 $1 $7 se3 sa@ so0 :

Each row of this file contains one rule. The first rule says to add “2017” to the end of each dictionary word. The second rule says to add just “17” to the end. The third rule says to substitute a “3” for every “e” in the word. The fourth rule says to substitute an “@” for each “a” in the word. The fifth rule says to substitute a “0” for each “o” in the word. The last rule is just a “colon” (which means to ALSO try the dictionary word by itself without modifications).

Now run hashcat on your file like this: hashcat-6.1.1/hashcat.bin -m 0 hash.txt wordlist.txt --rules=pwd.rules

This tells hashcat to perform a “rule-based wordlist attack” on your hash file. It will take all the words in the wordlist and apply each rule in pwd.rules to them.

Now answer question J in your report.txt file.

Step 7. Hydra

All of these password cracking tools are great – if you already have a list of hashed passwords. On most Linux systems, however, only the root user has access to those hashes. And if you already have root – you don’t usually need to crack the password (although it can sometimes enable you to get into -other- systems, since users tend to reuse passwords across multiple sites). These kind of attacks are called “offline” attacks, because they can be performed without making any kind of network connection. If you can get a copy of the hashed passwords, you can run offline cracking techniques on your own personal system without any risk of detection.

It would be nice if we could apply the same kind of password cracking techniques we’ve used with hashcat and John the Ripper to online techniques. This would allow us to, for instance, brute force passwords for an SSH connection or a web form.

There are several tools for doing that, but the most popular tool is “Hydra” (others are ncrack and medusa). THC-Hydra is a command line utility that connects to a remote service and tries to log in repeatedly using different strings. Those strings can be read from a wordlist generated by a helper program (such as John the Ripper) or can use hydra’s built in brute force utility.

I have set up a target system on a virtual machine in the lab that can only be accessed from the computer science network. The system has IP address 192.168.50.220. It has several accounts with weak SSH passwords named test1, test2, and so forth (up to test9). See if you can use hydra to break in. If you type “hydra” and hit enter, a help message will appear that tells you which options hydra supports. Be sure you are using the SSH protocol, not FTP.

Hint: It will help if you create a file containing a list of usernames (test1, test2, and so forth).

Answer question K in your report.txt file.

Submitting

Make sure your name is in the "report.txt" file and then upload it through the course web site as usual. You do NOT need to (and should not) make a tarball first.