Monash University – FIT2093 Week 9 Lab (Optional Worksheet) Access Control and Password Management Optional Worksheet (for
self-study)
1 Overview
The objective of this lab optional worksheet is to further explore set UID and the techniques that an attackers can use to crack the password by a tool called ¡°John the Ripper¡± to crack the passwords stored in a file in UNIX. Students will recover passwords using different techniques.
Copyright By PowCoder代写 加微信 powcoder
2 Lab Environment
Virtual Machine. Cloud Ubuntu VM.
User Accounts Information. crack-these.txt is in the /srv/fit2093files/fit2093lab/ folder.
3 Lab Task: Access Control: SUID Permission
In operating systems, there are many privileged operations that can only be conducted by privileged users. Examples of privileged operations include configuring network interface card, backing up all the user files, shutting down the computers, etc. Without capabilities, these operations can only be carried out by superusers, who often have many more privileges than what are needed for the intended tasks. Therefore, letting superusers to conduct these privileged operations is a violation of the Least-Privilege Principle.
Privileged operations are very necessary in operating systems. All Set-UID programs invole privileged opera- tions that cannot be performed by normal users. To allow normal users to run these programs, Set-UID programs turn normal users into powerful users (e.g. root) temporarily, even though that the involved privileged operations do not need all the power. This is dangerous: if the program is compromised, adversaries might get the root privilege.
We will use an example to show the Set-UID permission. First, let us login as the user sierra created in the lab by using su sierra, and run the following command:
The program should run successfully. Look at the file attribute of the program, run ll /bin/passwd.
You will find out that passwd is actually a Set-UID program with the owner being root, i.e., when you execute passwd, your effective user id becomes root, and the running process is very powerful.
If there are vulnerabilities in passwd, the entire system can be compromised. The question is whether we can remove these privileges from passwd.
Let us turn /bin/passwd into a non-Set-UID program. This can be done via the following command (using superuser privilege):
sudo chmod u-s /bin/passwd
Note: Binary files like passwd may locate in different places in different distribution of Linux, use ¡®which passwd¡¯ to locate your passwd program.
Now, run passwd, and see whether you can change the password. Interestingly, the command will not work. This is because passwd needs to open the file /etc/shadow, which is a privileged operation that can only be conducted by root (before capabilities are implemented). That is why passwd has to be a Set-UID program.
Monash University – FIT2093 Week 9 Lab (Optional Worksheet) 4 Lab Task: Cracking Passwords
We will be using the password cracking program John the Ripper for this task. The basic functionality of John the Ripper is to repeatedly try different passwords and hash them until it finds one which matches the hash of the password we are trying to crack. We will use three techniques to crack passwords in this lab, dictionary attack, hybrid attack and combination attack.
1. Dictionary Attack: Since the number of passwords could be infinite, brute force attack (testing all possible passwords) will not be a feasible solution unless the password was very short. Instead, we will be more clever by trying a list of more likely passwords first. This is called a dictionary attack. John the Ripper comes with a small dictionary of some typical passwords located in /usr/share/john/password.lst. Take a look at it!. The crack-these.txt file (in the /srv/fit2093files/fit2093lab/ folder) contains account information for 50 users. Now copy the crack-these.txt file to your home directory and run the following commands to perform the dictionary attack
% cp /srv/fit2093files/fit2093lab/crack-these.txt ~
% john -w:/usr/share/john/password.lst ~/crack-these.txt
John has created a list of solved passwords in a file john.pot, run cat ~/.john/john.pot to see it. How many of the 50 passwords it was able to crack, what are they, and the time it took?
2. Hybrid Attack: A hybrid attack checks for variations of a word or a combination of dictionary words. For example, we could make it append numbers to the end of all the words in the dictionary, such that if the word cat was in the original dictionary, then it would also try the words cat0, cat1, . . . , cat9, cat00, cat01, etc.
To run this attack execute following commands
% john -w:/usr/share/john/password.lst -rules ~/crack-these.txt
How many more passwords did the hybrid attack crack? Is there any relationship between what it cracked this time, and those from last time?
3. Combination Attack: John the Ripper executes dictionary, hybrid, and brute force attacks in combination. Launch a combination attack by executing:
% john ~/crack-these.txt
How many more passwords did the combination attack crack? how long did it take?
You can add more passwords in password.lst file or download a larger file from Internet, and try again above attacks.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com