Problem Set - III 3/9/11

(Due at the beginning of class on 3/23/11)

CS 4740/6740 Network Security

This problem set will be graded out of165 points. It will count for 10% of your final grade. You will be using the setup that you prepared for your first assignment. If you have questions please email the TA, Triet (), and cc the instructor, Ravi ().

Sniffing, Password Cracking, Secret-key Crypto

In this assignment, we explore network sniffing, password gathering/cracking, and the basics of secret-key crptography. These are some of the simplest and most basic methods (and most common too!) that attackers use to break into modern operating systems and it is essential to understand these mechanisms in order to properly secure a network.

Understanding these techniques and the tools used in these exercises should give you a good idea about why administrative policy and proper service configuration and deployment is so important – particularly the use of encrypted communications and good passwords.

1.Network Sniffing (65 pts)

If you are not familiar with Tcpdump and Ethereal, take time to read on them first. Throughout this assignment you will find that it is often advantageous to capture data in Tcpdump and then import the captured packet data into Ethereal for analysis.

After you have familiarized yourself with Ethereal and Tcpdump, answer the following questions:

  1. Why does a user need to be root on a Linux system in order to run a sniffer? What is the difference between a hubbed network and a switched one in the viewpoint of sniffing? (10 pts)

The interface needs to operate in promiscuous mode, which requires the user to have superuser privileges. Students should explain what promiscuous mode and the difference between hub and switch mean.

  1. In this question, you are going to sniff the password from a FTP session. First, log into your Linux machine and installthe vsftpd:

apt-get install vsftpd

Edit the/etc/vsftpd.confto allow login for local users, then restart it:

/etc/init.d/vsftpd restart

Next, start thetcpdumpto listen oneth1, portftp, and print out the packet in ASCII (review manpage for-i,-Aoptions and expression section). Now, log on to the Windows machine, useWinSCPto connect and download a file from the FTP server (use one of the accounts on the Linux machine to log in, remember to choose FTP for the file protocol). While sniffing network traffic from your Linux system, analyze the data you have captured.

  • What do you notice about the FTP session that might be troubling from a security point of view? There are two things, in particular, that you should note about the insecurity of the FTP traffic. (10 pts)

Use sudo tcpdump -A -i eth1 port ftp to sniff the FTP traffic. FTP authentication is plaintext, meaning that the username/password combo is sent in the clear. Also, no encryption is used for transferring the requested files. In addition, the file transfers are opened on a separate port, which might be easier to hijack since it supports no authentication whatsoever.

  • How would you suggest fixing the relative insecurity of FTP from an administrative point of view? Propose an easily deployable solution. (5 pts)

Deploy SFTP, which is essentially FTP over SSL.

  1. A tool suite calleddsniffis already installed on your Linux system. One feature ofdsniffis its ability to understand different protocols and specifically listen just for the exchange of certain types of username / password authentication strings. Play around with it a little. Start a couple sessions as before, while authenticating from the same systemdsniffis running on, and provide the results of the password-grabbing session. (10 pts)

Run sudo dsniff -i eth1. The output looks like this:

dsniff: listening on eth1

------

03/08/11 19:20:12 tcp 10.0.15.2.1169 -> teamXX-router.local.21 (ftp)

USER username

PASS xxxxxxx

  1. In this question, you learn how to create a password-protected section of your apache-powered website usinghtpasswd to limit access to a new page or directory you create under Apache and try capturing these sessions too. First, install the Apache web server on your Linux machine:

apt-get install apache2

Look at the configuration at /etc/apache2/apache2.conf and try to be familiar with it if your never used Apache before (especially pay attention to the AllowOverride directive when you use .htaccess). Read about htpasswdand configure your website (or a sub-directory on that) to have password protection.

Now, use tcpdump with to listen on interface eth1, port http to see how it responds when you open the website from the Windows machine. Comment on the password-protection's effectiveness, and include your results. Think about what specifically htpasswdis used for and what its limitations are. (15 pts)

If .htaccess is used, the AllowOverride directive for the corresponding directory (or parent directory) should be set to All. Sample configuration for password protection:

AuthUserFile <path_to_password_file>

AuthType Basic

AuthName "Secure Area!"

Require valid-user

Given this, students should note that although htpasswd provides a means to password-protect part of a website, all data sent after the username / password exchange can still be clearly seen in the sniffer (as expected). Students may also note that the password exchange was not cleartext, which is good at least!

  1. Another tool in thedsniffsuite ismailsnarf. Describe what it does and in what scenario it could be troublesome to an administrator. (5 pts)

Mailsnarf outputs email address sniffed from SMTP and POP traffic. Since this is all plaintext it can be quite troublesome and can lead to significant problems with information leakage, etc. Of course, on a switched network, someone who wishes to read all the email must be positioned correctly to sniff the traffic…

  1. The answer to the above problem demonstrates what might be seen as a major problem with modern mail protocols. Think about how SMTP could theoretically be modified to be more secure and prevent this sort of problem. Propose a replacement protocol in brief. (10 pts)

Students should be creative here, and all submissions should be evaluated based on their technical merit. At the most basic level, SMTP authentication over SSL/TLS can be done and secure replacements for POP and IMAP (ex: POPS, IMAPS) can be deployed to provide an extra level of protection at the local delivery level. However, this doesn’t completely secure the entire process of sending a mail if the mail administrators at the remote site aren’t implementing the same precautions. A new protocol could be implemented, perhaps using certificates issued by a specified CA to authenticate mail servers during SMTP handshaking. Hopefully the students will apply some of the concepts learned in the theoretical portions of the class to make this interesting.

2.Man-in-the-middle Attack (20 pts)

As an example of man-in-the-middle attack, you will useettercapfor an ARP poisoning to sniff the username and password in the communication between two parties.

Review the man page onettercapand become familiar with the command line options. In particular, review the ARP poisoning options.

From the first assignment (Setup & Scanning), you should have identified two machines on network that are on the 10.0.0.64/26 address space. We shall refer to the IP address of the Linux machine asLINand the Windows machine asWIN.

For the purposes of this lab, assume you somehow knew that a user on theLINbox regularly logs into a website on theWINbox. Your goal is to sniff the username and password which are transferred in plain text.

  1. Open three SSH terminal windows to your Linux router. In your first SSH terminal, send an ICMP echo request to both the LINandWINmachines in order to add their MAC addresses to your ARP cache. Record their MAC addresses and the MAC address ofeth0on your Linux router for your report.Hint: seeping,arp, andifconfig. (5 pts)
  2. In your first SSH terminal, you will be monitoring ARP requests and replies. Use the command:

tcpdump -n -i eth0 arp

Depending on the network traffic, you might see a few ARP requests for other machines.

In the second terminal window, you will be monitoring HTTP packets between theLINandWINmachines. Use the command:

tcpdump -n -i eth0 port 80 and host LIN

Notice that since the local area network is switched, you will not see any data on this scan until you start the ARP poisoning.

In the third SSH terminal, run ettercap with the following command line:

ettercap -T -M arp:oneway /LIN/ /WIN/

This will askettercapto redirect packets fromLINtoWINthrough your router first. It will then replay those packets on to the correct MAC address so that neither host notices thatettercapis stealing these packets.

Go back to the first SSH terminal, carefully review the ARP data. You should see periodic, unsolicited ARP replies forLINwith your MAC address instead of the MAC address you previously recorded. You should also see at least one ARP reply with the correct MAC address. Save a snippet of the output showing both. (5 pts)

  1. In the second SSH terminal, carefully review the output. You should see the HTTP packet data from theLINbox to the WINbox, starting with the SYN request. Record a snippet of 10 or so lines for your report.

In the third SSH terminal,ettercapshould have sniffed the HTTP password being used to login into theWINbox. Record one of the password lines for your report. (5 pts)

  1. Shutdownettercapby pressing 'q'. In the first SSH terminal, record a snippet of thetcpdumpoutput showing the ARP replies with the correct MAC address forLIN.

Since ettercap disables Linux IP forwarding (routing) while it is running, you need to enable it manually every time after using ettercap or you won't be able to route to your Windows server. This is done by simply running:

sysctl net/ipv4/ip_forward=1

(5 pts)

Students should show the ARP poisoning in the report and the obtained username and password.

3.Password Cracking (60 pts)

In this section, you will recover passwords using two different techniques: dictionary attack and precomputation attack. Recovering a password, known aspassword cracking, can be a devastating attack, especially since most users will reuse the same password on different systems. You will learn to use tools that allow you to crack passwords on both your Windows and Linux machines.

Accessing the Password Hashes

In modern systems, you need elevated access, such as root or Administrator, to access the password hashes. You already have the appropriate access. First you will dump the Window's LM Hash passwords, then you will copy the Linux passwords.

  1. In order to dump the Windows's LM password hashes,downloadpwdump6fromstrawman, review the documentation and runpwdumpto extract your Windows system's user password hashes. Be sure to use your system's hostname instead of localhost. Grab the output and copy (usingWinScp) to your Linux machine.
  2. Log into your Linux router, install John the Ripper:

apt-get install john

Use theunshadowcommand (which comes with the above toolkit) tocombine your/etc/passwordand/etc/shadowfiles. Most of the account information is stored in/etc/password, but in modern Unix systems the password hashes are stored in the protected file/etc/shadow. Your command line should look something like:

unshadow /etc/passwd /etc/shadow > router-passwd.txt

  1. Next, prune out the unnecessary lines from both of the password files you just generated. Remove all accounts except those of your team's users and the Administrator/root users.
  2. Obtain two additional sample password files fromstrawman. Be sure to download and save both the Linux password file, and the Windows SAM dump. These files should be saved in a directory of your choice on your Linux router, along with the two password files you created earlier.

Dictionary Attack

Usejohnto execute a dictionary attack against all four password files. In order to do this, you may use your Linux system's built-in spellcheck dictionary, located at/usr/share/dict/words, or you may download a larger dictionary from some other source. Just be sure to observe the dictionary format requirements.

Thisdocumentationmay be helpful. Please refer to/usr/share/doc/john-<version>/for documentation specific to your version, or simply typejohnat the command line and press enter for a short description of command line options.

If you successfully crack any passwords in the provided password files, record these passwords for your report. If you successfully crack any passwords from the files you generated, record them and have your users change their password to something more secure.

Precomputation Attack

With a good dictionary and some simple permutations, a dictionary attack can crack many typical user passwords. Unfortunately, this method of has its limits. Even relatively short random passwords can thwart it. When dictionary attacks fail, crackers will generally resort to a brute-force attacks, where all possible passwords are tried. This can take a great deal of time. Against good hashing mechanisms, it is usually infeasible.

Weaker hashing mechanisms can be quickly brute-forced using pregeneratedrainbow tables. Rainbow tables are one implementation oftime-memory tradeoffused to greatly speed up password cracking. They are particularly effective when password hashes are not salted.

For the next few steps, you will be usingRainbowCrackto attack WindowsLM hashes. Review theonline documentationfor RainbowCrack, and learn how to generate a rainbow table based on a desired character set and password length.

Download the Linux version fromstrawman and unzip it in/usr/local/src. Run make -f makefile.linux to build the toolkit. You will usertgento generate a rainbow table for all 1 to 6 character LM passwords using thealpha-numericcharacter set. You will likely need to copy the sample character set configuration file from/usr/local/src/rainbowcrack-<version>-src/src/charset.txtto your current directory.

  1. Generating these tables will use a significant amount of disk space. Usedf -hto determine which partition has enough room for your tables before you begin. In addition, you should use the following table parameters to keep your table size reasonable:

rainbow_chain_length=2100,rainbow_chain_count=2000000

Also note, that this may take as long as an hour or two to complete.rtgenwill print periodic status updates as it runs.

  1. Once the tables are generated, usertsortto sort your tables. You may want to make a backup copy of your sorted tables.
  2. Usercrackalong with your rainbow tables to attack both your Windows password files. Once again, record any successfully cracked passwords and change your team's passwords if they were cracked.

Questions

  1. Include a copy of the four password files, a list of all passwords that you cracked, where each row should have the username, the password hash, and the cleartext password. (30 pts)

Commands:

john --wordlist=/usr/share/dict/words --rules <password_file>

john --show <password_file>

rtgen lm alpha-numeric 1 6 0 2100 2000000 test

rtsort lm_alpha-numeric#1-6_0_2100x2000000_test.rt

rcrack *.rt -f <password_file>

Passwords should be discovered for sherlock, nancydrew, marcopolo

  1. Name at least three reasons why LM hashes are easier to crack than salted SHA-1 hashes. (10 pts)

LM hashes are easier to crack than a salted SHA1 hash for the following reasons:

  • LM hashes break up the password into 7 character chunks, allowing each chunk to be cracked seperately.
  • LM hashes are case-insensitive. In other words, passwords are set to uppercase before being hashed.
  • LM hashes are not salted, allowing for fast cracking of large password files, and the creation of rainbow tables.
  • The hashing function in LM hashes is faster than SHA1.
  • LM hashes only allow passwords of 14 characters in length.
  1. How do you disable LM hashes from being stored on your Windows machine? Why are LM hashes still available by default? (10 pts)
  1. Suppose a user selects a random, 8 character password from the set of characters[A-Za-z0-9]. The password is stored as an unsalted SHA-1 hash. If an attacker wished to precompute all possible 8 character password hashes of this character set and store the pairs in a simple list, how many megabytes of disk space would this require at a minimum? (Assume that the passwords are stored as 8-bit ASCII characters)(10 pts)

Each password/hash pair would be 28 bytes in length, since SHA1 is a 20 byte hash. The character set allows 62 different possibilities per character, meaning there are would be 62^8 different password/hash pairs. This would require (62^8)*28 bytes = 5830309826 megabytes = 5560 terabytes, if a a megabyte is 2^20 bytes and a terabyte is 2^40 bytes.