In this lab, you will be using bruteforce password cracking to attempt to determine the password of various users on the system. This attack is only possible with access to the password hashes of those users, which are normally protected, but in some instances, exploits or poor system security have allowed that information to be disclosed, and made these types of attacks possible. Another popular use case, is when you run this type of attack against your own machine, to determine the strength of the passwords of your users. This can become important when you have 10s or 100s or more users on a machine, in the case of a system like CSUNIX.
cp /etc/master.passwd ~/passwd_file john --wordlist=four_wordlist.txt --users=des --session=des ~/passwd_file john --wordlist=four_wordlist.txt --users=md5 --session=md5 ~/passwd_file john --wordlist=four_wordlist.txt --users=blf --session=blf ~/passwd_file
Read man passwd.conf and man pwhash
Experiment with the 'pwhash' command.
Remember when we set blowfish in the passwd.conf that we had
to also set a number, the number of 'rounds', this is a number
between 4 and 31 that determins how many times the blowfish
algorithm is used, but the number isn't just how many times
it is used, but the logrithm of how many times, so 8 is 10 times
more than 7, and 9 is 100 times more than 7. Note the difference
in how long it takes to generate hashes for the following commands:
date;pwhash -b 4 'somepassword';date date;pwhash -b 7 'somepassword';date date;pwhash -b 8 'somepassword';date date;pwhash -b 12 'somepassword';date date;pwhash -b 15 'somepassword';date
Why do we hash passwords, rather than encrypt them?:
What is the speed difference in cracked DES vs MD5 vs Blowfish hashed passwords?:
Why shouldn't passwords be stored just as the unsalted md5 or sha1 hash of the password?:
Why does having a 'salt' in a password make rainbow tables mostly impractical?:
Why wouldn't you use the maximum (31) number of rounds for blowfish on your passwords?:
Last updated: 2008-02-27
Updated by: Allan Jude
Written by: Allan Jude (2008)