3.13 LAB: Extracting Passwords (files and lists)
The Linux operating system is a very popular server OS. Anetwork administrator has to protect the login/password filesstored on the servers. In Linux there are two important files:
/etc/passwd
And it contains rows that look like this:
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinuser1:x:15:51:User One:/home/user1:nologinuser2:x:15:51:User One:/home/user1:nologinuser3:x:15:51:User One:/home/user1:nologin
This file contains login information. It's a list of theserver's accounts that has userID, groupID, home directory, shelland more info.
And the second file /etc/shadow, contains rows that look likethis:
root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::bin:*:14195:0:99999:7:::daemon:*:14195:0:99999:7:::adm:*:14195:0:99999:7:::ftp:*:14195:0:99999:7:::user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7:::user1:%[email protected]:15045:0:99999:7:::
This file contains the actual password in encrypted format foreach of the user's accounts stored in /etc/passwd. Notice theencrypted text after the login and : colon. That is the encryptedpassword.
Typically, if a hacker obtains access to these files, they coulduse some sort of cracking software to decrypt the passwords.Basically, they take a Brute Force approach and use commonpasswords to find a match.
Write a program that first reads in the name oftwo input files; input1pass.txt and input1shadow.txt. These fileswill contain encrypted and non-encrypted passwords to simulate aBrute Force approach. Next the program will accept input of twostrings representing a potential user name, and password. The filesshould be read using the file.readlines( ) method.
Your program should output the attempted login and password witha message that it was a successful or unsuccessful brute forceattempt.
Ex: If the input is:
input1pass.txtinput1shadow.txtbobpicklepa$$w0rd
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologinuser2:x:16:52:User One:/home/user1:nologinuser3:x:17:53:User One:/home/user1:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7:::user1:LLmm928393x:15046:0:99999:7:::user1:&^334294kksri.:15047:0:99999:7:::
the output is:
Brute Force Attempt:Login: user1Password: XXPP192920rUnsuccessful brute force attemptBrute Force Attempt:Login: user2Password: LLmm928393xUnsuccessful brute force attemptBrute Force Attempt:Login: user3Password: &^334294kksri.Unsuccessful brute force attempt
Ex: If the input is:
input2pass.txtinput2shadow.txtdemo123password
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologinuser2:x:16:52:User One:/home/user1:nologinuser3:x:17:53:User One:/home/user1:nologindemo123:x:18:54:Demo User:/home/demo123:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7:::user1:LLmm928393x:15046:0:99999:7:::user1:&^334294kksri.:15047:0:99999:7:::demo123:password:15048:0:99999:7:::
the output is:
Brute Force Attempt:Login: user1Password: XXPP192920rUnsuccessful brute force attemptBrute Force Attempt:Login: user2Password: LLmm928393xUnsuccessful brute force attemptBrute Force Attempt:Login: user3Password: &^334294kksri.Unsuccessful brute force attemptBrute Force Attempt:Login: demo123Password: passwordSuccessful brute force attempt
Notes:
- There is a newline at the end of the output.
- input1pass.txt is available to download.
- input1shadow.txt is available to download
- 'Hint' - check out the Python zip ( ) for mapping the login inone file to the other.
279088.991434
LAB ACTIVITY
3.13.1: LAB: Extracting Passwords (files and lists)
0 / 10
Downloadable files
input1pass.txt
input1shadow.txt
Download
