Introduction to System Security

Northwestern CS, Winter Quarter 2023

Password Cracking Tutorial

Introduction — UNIX Passwords

UNIX passwords are stored using what is called a hashing algorithm. When a user first enters his password, it is run through a one-way algorithm that converts it to a new string. Then, when he subsequently tries to log in, the system hashes what he types and checks it against the stored hashed password.

The hashing algorithm used should be one-way, meaning the actual password cannot be obtained from the hashed one. Additionally, it should avoid collisions, where two different strings hash to the same result.

The algorithm used for this was DES, which is actually an older encryption algorithm dating to 1979. This was found to be relatively weak, and more modern systems moved to a true hashing algorithm, MD5. However, though it is still very widely used for system passwords, it has been found to have flaws and should not be used for any kind of custom authentication system. Stronger alternatives, such as SHA2, are now common in secure systems.

Cracking UNIX Passwords

So how do we recover passwords if the algorithm cannot be reversed? The answer is to use brute force, where every possible password is hashed and compared to the hashed password. If they match, the password has been found.

A smarter approach is to use a dictionary attack, where words from the English language or other languages are tried first. Many users will have simple words as their passwords, and this attack is much faster - an 8 character random password can have 44^8 possibilities (with symbols and numbers), where there are only about 30,000 commonly used English words.

Additionally, many cracking programs, such as John the Ripper, which we'll be using, try permutations of english words in order to increase success rate, such as adding numbers to the end of a word or reversing the letters.

Depending on the quality of the password, this can be quite fast, on the order of seconds or minutes. A well-made password, with random characters, numbers, and symbols, can take much longer, but is still feasible given enough processing power.

Storing UNIX Passwords — Salt and Shadowing

Initially, the idea was that the algorithm for passwords cannot be reversed, so there was no need to hide the hashed passwords. Thus, the /etc/passwd file had all of the usernames and passwords of everyone in the system. Clearly, this is not actually secure.

The passwd file has lines in the following format:

<username>:<hashed password>:<userid>:<groupid>:<information>:<home directory>:<default shell>

Passwords in UNIX do have salt, which is a 12 to 32-bit string appended to the password and hashed with it. This salt is stored in clear text with the password hash. When a user sets a password, this salt is generated, appended to the password, and the result is hashed. The salt, in clear text, is also stored in the passwd file so that it can be applied to what the user later enters to login.

Then what is the point, if our cracking program can simply read and use the salt? The purpose is to ensure two users who set the same password do not then have the same hash, as well as to slow down password cracking.

Salting does not slow down the cracking of a given password significantly, but it does make it much less efficient to crack many passwords by requiring that each one take the salt into account while being tested.

A more effective solution to prevent cracking that has since become common is to shadow the password file. Shadowing is essentially allowing the passwd file to remain world-readable, but moving the passwords to /etc/shadow, in the same format as before, and making /etc/shadow readable only by root.

Thus, only those with root privileges can read the encrypted passwords in the first place. This requires that programs to log users in or change the password must have root privileges to do their job, but prevents a given user from reading other user's passwords.

Analysis of a Packet Capture (use password.pcap)

As students of network security, we have seen time and time again how weak passwords often pave the easiest path to a user's machine; as the common saying goes, there is no patch for human stupidity. By capturing this login traffic, the attacker can perform an offline brute-force password crack to recover the password and login of that user. This is valuable because it gives the attacker full access to that user's information stored on the website (e.g. a bank account).

The passwords you will be cracking for this lab are provided in a pcap file (download it by clicking the link next to the title). The file was created using the tcpdump utility and contains all network traffic that passed through netsec-demos at the time of listening. During the test, 10 http requests were made from from netsec-demos to hamsa that contained authentication data for 10 different users. They were sniffed with the following command:

sudo tcpdump -i eth1 -s 0 -w password.pcap

Once you have retrieved the tcp packet dump from the link above, you will need to examine its contents using Wireshark. Download Wireshark for Windows/MacOS/Linux. Install Wireshark on your local machine to extract the packet data.

Wireshark's filter textbox can be used to limit the packets shown to those of interest. Since we know that we are only concerned with HTTP traffic, this might be a good place to start. Wireshark is a powerful tool on which an entire tutorial could be written, but the Wireshark Wiki is a great place to start. To give you some hints for this portion of the exploit, the user will browse some websites before attempting to login to the server in question. Your goal is to filter through the packets and find the ones where user credentials are sent. Another hint, his credentials are sent in the clear, but not in plain text. Try looking for something that is base64 encoded. Basically in Wireshark in the Packet Details Window, under Hypertext Transfer Protocol, under Authorization, if there are credentials sent you will see it in the format"username:$1$salt$passwordhash"

Once you've found the passwords, you can simply copy and paste the data line by line into a file to feed into John the Ripper. Don't worry about any of the formatting- John will recognize it as is.

Trying Out Password Cracking

This part of the lab will be done in your student container. If you haven't already, clone the repo and start your container.

git clone https://github.com/cs354/CS-354.git
bash student_environment.bash

John the Ripper is a fast, multi-platform password cracker. We will be cracking 10 passwords. Run the following

$ john
John the Ripper password cracker, ver: 1.7.9-jumbo-7 [linux-x86-xop]
Copyright (c) 1996-2012 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
<SNIPPED>

You will also need a dictionary. The package above comes with one (password.lst) that will be sufficient for this lab.

To start, save your hashes from above in the format "username:$1:$salt:$passwordhash" (simply copying them from wireshark should be sufficient). $1 indicates MD5 as the hash type. MD5 is one of the more common hashing schemes for UNIX passwords, though it is also particularly insecure. We will assume your file is called passwd.crack.

Now we have john, a dictionary of lowercase words, and a list of hashed passwords to crack. John works by applying certain transformation rules to a set of original words. For example, default rules on the supplied word "password" will try "password123", "PASSWORD", "p4ssw0rd" and thousands of other combinations. In order to select wordlists and transformation rules, you'll need to learn some usage and syntax.

$ john --show passwd.crack

John remembers the passwords it cracks from run to run. Show them with this command.

$ john passwd.crack -single

Copy the basic wordlist from /etc/john to your working directory

$ cp /etc/john/password.lst .

This will do a "single crack". It is the most basic cracking scheme john has. It will crack something like "admin:admin".

$ john --wordlist=password.lst ./passwd.crack

This will use your wordlist with some additional default rules.

$ john --wordlist=password.lst -rules ./passwd.crack

This tells john to use the rules specified either in the default config file (/etc/john/john.conf) under the section labeled [List.Rules:Wordlist]

$ cat john.conf | grep -A 10  List.Rules:Wordlist
[List.Rules:Wordlist]
# Try words as they are
:
# Lowercase every pure alphanumeric word
-c >3 !?X l Q
# Capitalize every pure alphanumeric word
-c (?a >2 !?X c Q
# Lowercase and pluralize pure alphabetic words
<* >2 !?A l p
# Lowercase pure alphabetic words and append '1'
<* >2 !?A l $1

Some of the rules available are pretty complicated and you aren't expected to understand them. More important is to understand what the existing rules will not catch and write rules to catch them. We will focus on the following rule:

!?A >[1-6] l i\0[a-z]

* !?A : do not run on words with capital letters
* >[1-6] : for each 1 to 6, if the word is greater than that length do the following (note, John will not accept two digit numbers for either of the bounds)
* l : convert to lowercase (?)
* i : insert at the following index the following character
* \0 : references result of range [1-6]
* [a-z] : for each range [a-z]

Effectively this will insert all letters a-z from position 1-6 in the word, hash it, and compare it against the hashes you're cracking.

Here's a simpler example

i4[a-z]

Insert the letters a-z at position 4. To get a better understanding you'll want to check the docs.

Tip - Running a remote container without ssh session

To run john for long periods of time, you will likely not be able to maintain an SSH connection for the entire duration.

For this reason, you may want to run the container in the background. This can be done by:

$ tmux
# You are now in a tmux terminal
$ ./student_environment.bash # or any other container script
# You are now in a container, in a tmux session
# Run whatever command you want in the container, then press ctrl+b, then let go, then press 'd'
# You have detached from the tmux session and can close ssh.
# To later reconnect to the session, simply run
$ tmux attach

Classwork

Use john to crack all passwords.

Password cracking requires numerous computing power. We will run out of CPU resource on the vicious server if everyone tries to crack passwords at the same time. To mitigate the issue,

1. Use this shorter_passlist for the lab. This password list should be able to give you all the passwords assuming you have the correct rules.

2. Install John the Ripper on your local machine to crack the password if possible.

3. Cracking user 5's password is optional. You can get bonus points if you crack it, but please don't do it on vicious. Do it on your local machine.

Note the default John the Ripper rules will not crack the following passwords:

* passw0ord # inserted number at index 6
* passworrd # inserted letter at index 7 (or 8)
* easypass # two words

You will need to write rules to catch passwords of this form.

Write your rules under [List.Rules:Wordlist] in /etc/john/john.conf. This should get you started:

[List.Rules:Wordlist]
...
!?A >[1-9] l i\0[a-z]

You can then use your rules with the following command.

$ john --wordlist=password.lst --rules ./passwd.crack

This first run should find passwords for user1, user2, and user3 (:

Hint #1: easypass isn't in your wordlist because it is a combination of two words. Once you've cracked all of your simple passwords, write a script to transform your wordlist such that it now contains all permutations such as easypass and passeasy. John won't do this for you (because in the common case 2n length words are too long). Then run john with the new wordlist and the default rules.

Hint #2: Here's a breakdown of the best ways to find each. Note they are not in order of difficulty.

1,2,3 -- Instructions above

7,8 -- Simple insertion/deletion/modification of one character

4,6 -- Hint#1 should give you these directly

9,10 -- Hint#3 + rules

5 -- Brute force

Hint #3: Password are all have 4-12 characters and can only contain alphanumerics or the symbols(!&).

For the classwork, you had two adjustments to make: combinations of words and insertions. What about passwords that combine both of these strategies?

* easy+pass # two words, + inserted at index 4

This exercise requires running the previous rules on the new wordlist. You'll notice this takes a lot longer than the previous steps. This is how a good password can be hard to crack.

Please submit a PDF file with the rules you used and the passwords you cracked on canvas.