6.1 + 6.2 Password Cracking - JadenGil/Jaden-Tech-Journal GitHub Wiki

PRE REQS LAB 6.0

Chosen password from rockyou.txt - 123randomly321

MD5SUM:

image

SHA256:

image

Google search of MD5:

image

Google search of SHA256:

image

LAB 6.2

Seclists install

image

Deliverable 1

image

Deliverable 2

The hashing algorithm being used in /etc/shadow is called SHA512. I knew this because it looked similar to the SHA256 command with the dollar signs and using that I was able to research other SHA hashing algorithms which pointed me towards SHA512

Deliverable 3

Examine user Galadriel's shadow entry.

  • What is the salt?
  • What is the hashed salt+password?

Provide a screenshot that shows each explicitly labeled. Note, you may see a different format between password hashes. Some explicitly indicate the number of "rounds".

image

Deliverable 4

image

Deliverable 5:

image

Deliverable 6:

image

Deliverable 7:

user | password | service -- | -- | -- samwise | SamwiseGamgee19 | httpd samwise.gamgee | SamwiseGamgee19 | ssh bilbo | Rivendell107 | httpd peregrin.took | 28Peregrin | ssh frodo.baggins | Strider2020 | ssh gandalf.grey | gandalfrockyou | ssh bormir | galadrielarwean111 | ssh galadriel | BoRomir2000Z | shh

Deliverable 8:

Grabbing Password Hashes

To grab password hashes, we can access the /etc/shadow file in Unix-based systems. This file stores user account information, including hashed passwords. However, some lines in this file may not have a hash, indicating accounts with disabled or expired passwords.

To grab only those shadow accounts that have a hash, you can use a command like:

awk -F: 'length($2) > 0' /etc/shadow > shadow_with_hashes.txt

This command filters out lines in the shadow file where the second field (password hash) has a length greater than 0, indicating the presence of a hash.

Format of the Shadow File

The shadow file (/etc/shadow) follows a specific format:

username:password:lastchg:min:max:warn:expire:inactive:flag

  • username: Name of the user account.

  • password: Encrypted password hash.

  • lastchg: Date of the last password change (days since Jan 1, 1970).

  • min: Minimum number of days between password changes.

  • max: Maximum number of days the password is valid.

  • warn: Number of days before password expiration to issue a warning.

  • expire: Date when the account will be disabled (days since Jan 1, 1970).

  • inactive: Number of days after password expiration before the account is disabled.

  • flag: Additional account flags.

Using unshadow

unshadow is a Unix utility that combines the /etc/passwd and /etc/shadow files to create a single file with username and password hash pairs, which is suitable for password cracking.

unshadow /etc/passwd /etc/shadow > unshadowed.txt

Cracking with John the Ripper

John the Ripper is a powerful password-cracking tool that supports various encryption algorithms. It can be used to crack password hashes efficiently.

john --format=FORMAT hash_file

Replace FORMAT with the appropriate hash algorithm identifier, such as md5, sha256, or bcrypt.

Cracking with Hashcat

Hashcat is another popular password-cracking tool known for its speed and versatility. It supports numerous hashing algorithms and attack modes.

hashcat -m FORMAT hash_file wordlist

Replace FORMAT with the corresponding hash mode identifier.

By understanding the algorithm within the shadow file (e.g., $6$ denoting SHA-512), you can choose the appropriate flags and settings when using tools like John the Ripper or Hashcat to crack passwords effectively.

Deliverable 9:

The lab makes use of standard tools and utilities such as awk, unshadow, John the Ripper, and Hashcat for password analysis and cracking. These tools are commonly employed in the field of cybersecurity and penetration testing.

The lab demonstrates an understanding of password hashes and their formats. It covers the extraction of password hashes from the /etc/shadow file, as well as the identification of hashing algorithms used (e.g., MD5, SHA256, SHA512).

It's positive to see emphasis on responsible and ethical use of password cracking techniques. Understanding the importance of legal and authorized usage is crucial in the field of cybersecurity.

The lab report is well-documented, with clear deliverables and explanations provided for each task. It includes screenshots and commands used, which aids in reproducibility and understanding.

The lab tasks simulate real-world scenarios, such as examining user shadow entries and cracking passwords from hashed data. These exercises help students or participants understand the practical implications of password security.

The inclusion of screenshots and links suggests that this lab report may be part of a collaborative effort or shared within a larger community interested in cybersecurity education.

While the report covers the basics well, there could be opportunities to explore more advanced topics such as salting, password policy enforcement, and the importance of using strong, unique passwords.

⚠️ **GitHub.com Fallback** ⚠️