Part 1: Online Password Attack
In this section, you will launch attacks over the network against login services, in an attempt to brute-force a username/password.
This attack uses all unique passwords from the 32 million RockYou password breach. If the file /usr/share/wordlists/rockyou.txt is not present on the VM, unzip the password list.
gunzip /usr/share/wordlists/rockyou.txt.gz
You are going to use a tool called Hydra (already installed in the Kali Linux) to use this password list and launch an online password attack against a website that is managed by Dr. Eargle. Dr. Eargle authorizes you to launch the attack only as specified in the instructions below:
- Let’s say that you wanted to crack the password for this route: https://is.theorizeit.org/auth/
- Imagine that you knew, or guessed, that one of the usernames was istheory.
Show that you’re able to login to the website successfully. Answer these questions:
- Q. Why is this attack considered an online attack?
- As an attacker, we can gain access to the system and we are going to be trying our passwords on a web application.
- Q. List three countermeasures that organizations could implement against online attacks?
- Strong password
- Lockout
- Captcha
- Throttling
- White list and Black list IP
- Q. Explain if online attacks are good choices for an exhaustive brute-force attack.
- It does not fit in this situation, because brute-force attack matches all possible letters you can use. It then makes the network slower and accounts locked.
Side Note: In Greek and Roman mythology, Hyrda is a mythical sea monster with many heads. When a head is cut off, it is replaced by another. By default, the tool Hyrda runs with 16 concurrent heads (tasks), each of which makes a battery of attacks (password guesses) before dying off and being replaced by another head (task).
Part 2: Offline Attack Using Hashcat
While in the previous section attacks were launched over the network, in this section, you will start with a password hash stored on your computer, and you will launch attacks against it locally. No authentication service such as a web server sits in front of your attempts, potentially throttling the speed at which you can make guesses. Instead, you can make guesses as fast as your computer and the particular hash algorithm will allow.
First, a dictionary attack will be performed against a password-protected Word document. We will use a tool called Hashcat (already installed in the Kali Linux).
- Run the following command to get the password-protected Word document:
wget https://raw.githubusercontent.com/deargle/security-assignments/master/labs/files/hashcat.doc - Now run the following command to get a Python script that extracts the hash of a password-protected Word document. (The hash of the password is stored within the metadata of the document file itself.) john in that script’s name refers to JtR, John the Ripper
wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/office2john.py - Next, run the following command from the directory to where you downloaded office2john.py and hashcat.doc:
python office2john.py hashcat.doc
- We need to convert the output to a format that hashcat can recognize. To do so, copy from the first $ until but not including :::
For example, if the output is
hashcat.doc:$oldoffice$1*04477077758555626246182730342136*b1b72ff351e41a7c68f6b45:::hashcat.doc
you need to extract
$oldoffice$1*04477077758555626246182730342136*b1b72ff351e41a7c68f6b45
Save the extracted hash into a file in your home directory. Name the file whatever you like.
Note: make sure the entire hash is on one line within the text file. Don’t add extra spaces at the end. If you get a “line-length exception” in the next step, make sure there’s not a typo at the beginning of the hash.
- Run the following command to launch a dictionary attack to crack the hashed password (Remove the <>, use whatever name you want for the output file):
hashcat –force -a 0 -m 9700 -o <outputFileName.txt> <HashInputFileName.txt> /usr/share/wordlists/rockyou.txt
hashcat –force -a 0 -m 9700 -o results.txt output.txt /usr/share/wordlists/rockyou.txt
Answer these questions:
- Q. What is the password for hashcat.doc? (open the output file and look at the end of the hash)
- Download the word file on your computer and verify you can see the content.
- Q. How is this offline password attack different from the online hydra attack you attempted earlier?
- Offline password attacks use our own hardware whereas an online hydra attack uses other’s password. In addition, it is trying to crack a hash in our own time.
- Online attacks are limited by the speed of the network, offline attacks are limited by the specs of the computer. We also rely on the live target to tell us if the password is correct or not.
- Q. List three countermeasures that organizations could implement against such offline attacks?
- Slower hash
- Salt
- Longer password
Part 3: Cracking LinkedIn Hashes Using Hashcat
In this section, you’ll see how many hashes you can recover from the 2016 LinkedIn password breach. The LinkedIn hacker, a Russian, was sentenced in US court to seven years in jail on September 29, 2020. This breach of 177,500,189 unsalted SHA1 password hashes represents the data of all LinkedIn users as of 2012. Among these passwords, only 61,829,207 are unique.
- Download a copy of 500,000 of these passwords:
wget https://raw.githubusercontent.com/deargle/security-assignments/master/labs/files/LinkedIn_HalfMillionHashes.txt - Run the following command to perform a “straight” dictionary attack using the rockyou.txt wordlist again
hashcat –force -m 100 –remove –outfile=LinkedIn_cracked.txt LinkedIn_HalfMillionHashes.txt /usr/share/wordlists/rockyou.txt
Q. What’s the purpose of -m 100 option in the above command? (Hint: man hashcat)
-m 100: It specifies the hash type we use, in this case SHA1
Note: The above command may take a couple of minutes to run. To see the status of a running job in Hashcat, press the s key (it might take up to 15 seconds for Hashcat to report its status).
Note: Notice the –remove flag. This will remove cracked hashes from the input file. So, if you run these commands more than once without changing anything, it won’t crack anything after the first time.
Note: You can always open another terminal session and count the number of lines in your outfile to see how many you’ve cracked so far, in total:
wc -l LinkedIn_cracked.txt
Or count the number of passwords left (it started with half a million):
wc -l LinkedIn_HalfMillionHashes.txt
To see hashes cracked in real-time, in another terminal shell, type the command (Use Ctrl+C to exit the tail command):
tail -f LinkedIn_cracked.txt
Note: If you accidentally delete your cracked outfile, you will need to delete your hashcat “potfile” too before you try to recreate the outfile. You have to do this because otherwise, hashcat won’t write any already-cracked hashes found in the potfile to the outfile. The hashcat.potfile is stored in a hidden direction in the home directory of whomever you run the command as.
To do this run rm ~/.hashcat/hashcat.potfile
Don’t forget to also start with a fresh 500k hashlist, because the –remove flag would have removed rows from that file as the hashes were cracked and inserted into the potfile.
Q. How many passwords were you able to recover using the Hashcat command above?
- Now run another attack that uses a rules-based method. Rules apply common patterns to password dictionaries to crack even more hashes. You can read about rules in Hashcat here: https://hashcat.net/wiki/doku.php?id=rule_based_attack.
The “best64.rule” is one of the most effective sets of Hashcat rules.
hashcat –force -m 100 –remove –outfile=LinkedIn_cracked.txt LinkedIn_HalfMillionHashes.txt -r /usr/share/hashcat/rules/best64.rule /usr/share/wordlists/rockyou.txt
Q. What does the -r option do in this command?
-r: It specifies the rules file in order to make more possible different pattern passwords.
Q. How many total passwords were you able to recover after using this rules-based attack in combination with the earlier straight attack?
Optional: Experiment with other rules found in /usr/share/hashcast/rules
- Run another attack that uses a hybrid method that uses a dictionary attack combined with a “mask,” which is a pattern that is appended to each password in the password dictionary:
hashcat –force -m 100 –remove –outfile=LinkedIn_cracked.txt LinkedIn_HalfMillionHashes.txt -i -a 6 /usr/share/wordlists/rockyou.txt ?d?d
The ?d?d at the end means to append two digits between 0–9 each at the end of each password in the rockyou.txt password dictionary.
Note: -i (short for –increment) iterates through the given mask until the full length is reached. So in the above command, both masks of ?d and ?d?d will be used.
Q. What does option -a 6 mean in the above command?
-a: it specifies the attack mode that takes a number as a parameter. The 6 parameter specifies that the attack needs a wordlist and a mask.
Q. How many total passwords were you able to recover after using this hybrid attack combined with the earlier straight and rule-based attacks?
Optional: Try using a different character set for your mask. Note that each mask below is for one character. If you wanted to test four digits at the end of each password, the mask would be: ?d?d?d?d
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !”#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 – 0xff
- Another common password pattern is to prepend digits at the beginning of passwords. Try this mask, by running the following command:
hashcat –force -m 100 –remove –outfile=LinkedIn_cracked.txt LinkedIn_HalfMillionHashes.txt -i -a 7 ?d?d /usr/share/wordlists/rockyou.txt
Note: Notice -a 7 option in the above command
Q. How many total passwords were you able to recover after using this hybrid attack combined with the earlier straight and rule-based attacks?
Part 4. Create a Targeted Wordlist Using CeWL
CeWL (Custom Word List Generator) is a command-line tool that creates custom wordlists from a target website. This can be useful for cracking a password of an organization or individual that also has a website or social media profile. Because people often use information about themselves or their organization when creating passwords, custom wordlists can be very effective.
Imagine that you exfiltrated the following MD5 hash from a database on neurosecurity.byu.edu
cf4aff530715824c055892438a1ab6b2
You want to create a custom dictionary using the words on this website to see if you can crack the hash.
- Create a custom dictionary using CeWL for the website neurosecurity.byu.edu:
cewl -v -d 2 -m 5 -w custom_dict.txt https://neurosecurity.byu.edu
Where:
- -v runs CeWL in verbose mode.
- -d is the depth to “spider” or crawl the website
- -m is the minimum word length
- -w custom_dict.txt is the name of your new custom wordlist or dictionary.
- Check how many entries are in the custom_dict.txt file:
wc -l custom_dict.txt
- Permute the words in the custom_dict.txt wordlist using the “best64” rule, and append the output to custom_dict.txt:
hashcat custom_dict.txt -r /usr/share/hashcat/rules/best64.rule –stdout >> custom_dict.txt - Check how many entries are in the custom_dict.txt file now:
wc -l custom_dict.txt
- Run Hashcat using custom_dict.txt against the MD5 hash:
hashcat –force -a 0 -m 0 cf4aff530715824c055892438a1ab6b2 custom_dict.txt
Where -m 0 signifies md5 mode, and -a specifies “straight attack mode” (do not permutate the wordlist, because we already did)
The password will be reported towards the top of the output in the format hash:password. If you miss the output, you can view it in your potfile once you have cracked it by running
hashcat –show cf4aff530715824c055892438a1ab6b2
ytirucesoruen
- Confirm that you found the correct password:
echo -n <the plaintext password> | md5sum
We include the -n flag because otherwise, the echo command will append a newline character, which will throw off the hash.- Q. What is the plaintext of the hash?
We can conclude the ytirucesoruen is the correct password.