CSCI 530 Lab 4

AuthenticationWeek Assigned: 9/25Week Due: 10/2

Overview

In this lab, students will create user accounts with various passwords on a Linux Virtual Machine. Students will then make a copy of the password file, and copy it to the host system, which is a Windows XP system. Students will use a tool called “John the Ripper” to crack the passwords stored in this file. Students will gain experience with all three techniques that John the Ripper uses: dictionary attack, hybrid attack, and combination attack.

Instructions

  1. Starting up the Linux Virtual Machine
  2. Open up VMWare by going to Start  VMWare  VMWare Workstation
  3. Click on the Fedora Core 2 line under the “Favorites” Panel on the Left-hand side.
  4. Under Commands, select “Start this Virtual Machine.”
  5. Wait the lengthy process until the Linux virtual machine starts up. It will have completely started up when you get a prompt for a user name. If at any time, you need the cursor back at the main system, press the CTRL and ALT keys at the same time.
  6. Once the Linux virtual machine has started up, enter root as the username and password as the password.
  7. Installing VMTools
  8. We need VM tools installed so that you are able to copy the password file out of the virtual machine and onto the Windows system.
  9. Start up the Linux Virtual Machine.
  10. At the login prompt, enter root as the username and password for the password
  11. Press CTRL-ALT to gain the cursor back to the host machine.
  12. Go to the menu and go to VM  Install VM Tools…
    Press Install
  13. Click on the linux screen to get back to the Linux virtual machine.
  14. Enter the command cd mnt to get to the mnt directory
  15. Enter the command mountcdrom
  16. Enter the command cd cdrom, then enter ls. If you see two files starting with VMWare, then everything is proceeding as normal. Otherwise, ask your Lab Assistant for assistance.
  17. Enter the command cp VMwareTools-5.0.0-13124.tar.gz /
  18. Enter the command cd /
  19. Enter the command tar xzf VMwareTools-5.0.0-13124.tar.gz
    This will create a directory called vmware-tools-distrib in the root directory
  20. Go to this directory by entering cd vmware-tools-distrib
  21. Enter the command ./vmware-install.pl to install vmtools
  22. You will be asked for a lot of input regarding directories for install and paths. Everything is default, so at every prompt, just hit Enter.
  23. Once you are back at the normal command prompt, enter the command cd /mnt, then enter the command ls. If you see a directory called hgfs, then you can proceed with the lab.
  24. Creating the user accounts
  25. At the command prompt, enter useradd user1
  26. At the next command prompt, enter passwd user1
  27. You will be prompted for a password. Enter hello as the password. You will be given a message saying the password is a weak password, but you will be allowed to use it. Reenter the password when prompted.
  28. Repeat these steps for the following usernames

Username / Password
user2 / 123
user3 / Flower
user4 / Dragon
user5 / Hellodragon
user6 / 123Hello
user7 / H3110123!
  1. Getting the password file
  2. Enter the command cd /mnt/hgfs/Shared
    You will be moved to the directory Shared, which is the same directory as C:\Shared
  3. The usernames and passwords are kept in a file called shadow, which is kept in the directory /etc. Enter the command
    cp /etc/shadow .

this will copy the /etc/shadow file to the C:\Shared directory

  1. Loading John the Ripper
  2. We will be using John the ripper to break the passwords. If John the Ripper is not already on the system, download it from
  3. Extract John the Ripper to the main C: directory. This will make life easier since John the Ripper is a command line tool.
  4. Go to the C:\Shared directory, and copy the shadow file to the run directory of John the Ripper, which should be C:\
  5. Go to StartRun, and enter cmd. Press enter.
  6. Go to the main directory by entering cd c:\
  7. Go to the directory with John the Ripper by entering
    cd john171w\john1701\run\
  8. Enter the command dir to see all the files in this directory.
  9. Executing a dictionary attack.
  10. A dictionary attack uses a word database, and tries it repeatedly. John the Ripper has this capability. Enter dir and see that there is a file called password.lst, which, when opened with notepad, you see that it is a list of potential passwords.
  11. Enter the following command to launch a dictionary attack:
    john-386.exe –w:password.lst shadow
  12. Note the passwords it was able to crack and the time it took.
  13. Delete the cracked password list by entering the command
    del john.pot
  14. Executing a “hybrid” attack
  15. A hybrid attack checks for variations of a word or a combination of dictionary words.
  16. Enter the following command to launch a hybrid attack:
    john-386.exe –w:password.lst –rules shadow
  17. Note the passwords it was able to crack and the time it took..
  18. Delete the cracked password list.
  19. Executing a combination attack
  20. John the Ripper’s default usage executes a dictionary, hybrid, and bruteforce attack.
  21. Enter the following command to launch a combination attack:
    john-386.exe shadow
  22. This could take forever, so if it is taking too long, you can hit CTRL-C to stop the run.
  23. Note the time it took and the passwords it was able to crack.
  24. Cleaning up
  25. YOU MUST DO THESE STEPS, OTHERWISE YOU WILL NOT RECEIVE CREDIT FOR THIS LAB
  26. Go to the directory C:\Shared on the host system (Windows system).
  27. Delete all files in this directory.
  28. To shutdown the Linux Virtual Machine, enter the command halt at the command prompt.

Assignment

Write down the time it took and the passwords it was able to crack in each case. Then e-mail that to your Lab T.A., along with the answers to the following questions:

  1. What are some of the limitations to breaking passwords in this way?
  2. The password file is /etc/passwd for linux. Where are passwords stored for Windows Systems (Clients, not servers)?