Question
In: Computer Science
3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server...
3.13 LAB: Extracting Passwords (files and lists)
The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:
/etc/passwd
And it contains rows that look like this:
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin
This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.
And the second file /etc/shadow, contains rows that look like this:
root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%[email protected]:15045:0:99999:7:::
This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.
Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.
Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.
Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.
Ex: If the input is:
input1pass.txt input1shadow.txt bobpickle pa$$w0rd
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt
Ex: If the input is:
input2pass.txt input2shadow.txt demo123 password
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Brute Force Attempt: Login: demo123 Password: password Successful brute force attempt
Notes:
- There is a newline at the end of the output.
- input1pass.txt is available to download.
- input1shadow.txt is available to download
- 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.
279088.991434
LAB ACTIVITY
3.13.1: LAB: Extracting Passwords (files and lists)
0 / 10
Downloadable files
input1pass.txt
input1shadow.txt
Download
Solutions
Expert Solution
Solution:
In question they asked to use the zip() this method is use to compare the list and group based on the matching word
//import re package to do comapre the password complexity
import re
//Method toread the password file and store each line using
while loop its as array
def Read_PasswordFile(filename):
password_array = []
with open(filename) as f:
for line in f:
//fetch only the username from the file using split
function
password_array.append(line.split(":")[0])
//return usernamelist
return password_array
//Method toread the shadow file and store each line using while
loop its as array
def Read_ShadowFile(filename):
shadow_array = []
with open(filename) as f:
#shadow_array is the list that contains the read lines.
for line in f:
shadow_array.append(line)
//return array
return shadow_array
//call the respective method by passing the file name
userLogin=Read_PasswordFile('input1pass.txt')
Password=Read_ShadowFile('input1Shadow.txt')
//Using inbuild python zip method map the user and password files array,it will return the tuples
//like this(user1,user1:XXPP192920r:15045:0:99999:7:::)
x = zip(userLogin, Password)
//convert tuples to list for manupulation
mappedLoginList=list(x)
//using lambda separate the user and password details index
0-->holds userb=name,index1 holds password details
users=map(lambda x: x[0], mappedLoginList)
login=map(lambda x: x[1], mappedLoginList)
//Convert maps to list
usersList=list(users)
loginList=list(login)
//regex pattern to check password conatin lower,upper,number and
special character
pattern ="^[a-zA-Z0-9@#$%^&+=.]+$"
//this pattern is used o check if password conatin only
string
pattern2="^[a-zA-Z]*$"
//this pattern to check if the string conatin only number
pattern3="^[0-9]*$"
//Iterate the list using for loop to check the bruteforce attack
for i in range(0,len(usersList)):
//simple print statement to display output
print("Brute Force Attempt:")
print("Login:",usersList[i])
loginPassword=loginList[i].split(":")[1]
print("Password:",loginPassword)
//if statement to check the passwordcomplexity
if(not(re.match(pattern2, loginPassword))and not(re.match(pattern3,
loginPassword)) and (re.match(pattern, loginPassword))):
print("Unsuccessful brute force attempt")
else:
print("Successful brute force attempt")
print("\n")
venereology answered 4 months agoRelated Solutions
lab of operating system: you should do this on linux server its mandatory please show your...
application that uses linux operating system amd justify the linux operating system. provide a suitable application...
Study PC operating system such as windows and linux etc and mobile operating system such as...
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and...
1. Discuss the various log files found on a Linux system. Based on their own experiences,...
We are interested in the implementation of a Unix/Linux system utility for the concatenation of a list of n text files.
Pertaining to the Linux operating system, which is a variant of Unix, DISCUSS Topics that will...
System Administration Linux/Unix This lab is for you to research and implement old school DNS for...
When working in a Linux operating system, drives such as HDD, Optical and floppy drives are...
1. When a file is created on Linux Operating System, What are the default permissions of...
- What is Information Technology Standards ? Please give a real world example
- Hamilton stated in The Federalist No. 1 that he believed “the vigor of government is essential...
- What is Information Technology Standards? Please give a real world example?
- Question 4 a) An aluminum wire 7.5m long is connected in parallel with a copper wire...
- Use the method of successive approximations to determine the pH and concentrations of H2A, HA–, and...
- 1. What is IT governance and what is a real world example?
- The APA ethics code expresses ethical standards for external factors including resolving ethical issues, human relations,...