Question

In: Computer Science

3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server...

3.13 LAB: Extracting Passwords (files and lists)

The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:

/etc/passwd

And it contains rows that look like this:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
user1:x:15:51:User One:/home/user1:nologin
user2:x:15:51:User One:/home/user1:nologin
user3:x:15:51:User One:/home/user1:nologin

This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.

And the second file /etc/shadow, contains rows that look like this:

root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::
bin:*:14195:0:99999:7:::
daemon:*:14195:0:99999:7:::
adm:*:14195:0:99999:7:::
ftp:*:14195:0:99999:7:::
user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::
user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7:::
user1:%[email protected]:15045:0:99999:7:::

This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.

Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.

Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.

Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.

Ex: If the input is:

input1pass.txt
input1shadow.txt
bobpickle
pa$$w0rd

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin
user2:x:16:52:User One:/home/user1:nologin
user3:x:17:53:User One:/home/user1:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7:::
user1:LLmm928393x:15046:0:99999:7:::
user1:&^334294kksri.:15047:0:99999:7:::

the output is:

Brute Force Attempt:
Login:  user1
Password:  XXPP192920r
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user2
Password:  LLmm928393x
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user3
Password:  &^334294kksri.
Unsuccessful brute force attempt

Ex: If the input is:

input2pass.txt
input2shadow.txt
demo123
password

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin
user2:x:16:52:User One:/home/user1:nologin
user3:x:17:53:User One:/home/user1:nologin
demo123:x:18:54:Demo User:/home/demo123:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7:::
user1:LLmm928393x:15046:0:99999:7:::
user1:&^334294kksri.:15047:0:99999:7:::
demo123:password:15048:0:99999:7:::

the output is:

Brute Force Attempt:
Login:  user1
Password:  XXPP192920r
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user2
Password:  LLmm928393x
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user3
Password:  &^334294kksri.
Unsuccessful brute force attempt

Brute Force Attempt:
Login: demo123
Password: password
Successful brute force attempt

Notes:

  • There is a newline at the end of the output.
  • input1pass.txt is available to download.
  • input1shadow.txt is available to download
  • 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.

279088.991434

LAB ACTIVITY

3.13.1: LAB: Extracting Passwords (files and lists)

0 / 10

Downloadable files

input1pass.txt

input1shadow.txt

Download

Solutions

Expert Solution

Solution:

In question they asked to use the zip() this method is use to compare the list and group based on the matching word

//import re package to do comapre the password complexity

import re

//Method toread the password file and store each line using while loop its as array
def Read_PasswordFile(filename):
password_array = []
with open(filename) as f:
for line in f:

//fetch only the username from the file using split function
password_array.append(line.split(":")[0])

//return usernamelist
return password_array

//Method toread the shadow file and store each line using while loop its as array
def Read_ShadowFile(filename):
shadow_array = []
with open(filename) as f:
#shadow_array is the list that contains the read lines.   
for line in f:
shadow_array.append(line)

//return array
return shadow_array

//call the respective method by passing the file name

userLogin=Read_PasswordFile('input1pass.txt')
Password=Read_ShadowFile('input1Shadow.txt')

//Using inbuild python zip method map the user and password files array,it will return the tuples

//like this(user1,user1:XXPP192920r:15045:0:99999:7:::)

x = zip(userLogin, Password)

//convert tuples to list for manupulation
mappedLoginList=list(x)

//using lambda separate the user and password details index 0-->holds userb=name,index1 holds password details
users=map(lambda x: x[0], mappedLoginList)
login=map(lambda x: x[1], mappedLoginList)

//Convert maps to list
usersList=list(users)
loginList=list(login)
//regex pattern to check password conatin lower,upper,number and special character
pattern ="^[a-zA-Z0-9@#$%^&+=.]+$"
//this pattern is used o check if password conatin only string
pattern2="^[a-zA-Z]*$"
//this pattern to check if the string conatin only number
pattern3="^[0-9]*$"

//Iterate the list using for loop to check the bruteforce attack

for i in range(0,len(usersList)):

//simple print statement to display output
print("Brute Force Attempt:")
print("Login:",usersList[i])
loginPassword=loginList[i].split(":")[1]
print("Password:",loginPassword)

//if statement to check the passwordcomplexity
  
if(not(re.match(pattern2, loginPassword))and not(re.match(pattern3, loginPassword)) and (re.match(pattern, loginPassword))):
print("Unsuccessful brute force attempt")
else:
print("Successful brute force attempt")
print("\n")


Related Solutions

lab of operating system: you should do this on linux server its mandatory please show your...
lab of operating system: you should do this on linux server its mandatory please show your work by taking screenshot and show all the commands performed and show the result. PROBLEM 1: Create a file and name it f1 • Cerate a directory and name it d1 • Move f1 to d1 • Create a directory and name it d2 • Move d1 to d2 • Check if d1 is inside d2 • Check if f1 is inside d1 •...
application that uses linux operating system amd justify the linux operating system. provide a suitable application...
application that uses linux operating system amd justify the linux operating system. provide a suitable application that uses linux os and justify the usage of linux os in the considered application.
What are some Linux Server operating system failover technologies? What about premium ones that you can...
What are some Linux Server operating system failover technologies? What about premium ones that you can pay for? What are some Windows Server operating system failover technologies? What about premium ones that you can pay for? Discuss the process for failover for both subjects you chose!
Configuring Mail services in Linux In this lab we will examine how to configure mail server...
Configuring Mail services in Linux In this lab we will examine how to configure mail server (Sendmail, Dovecot and Spamassassin) services under Linux. PART 1: Configuring the sendmail Mail Transport Agent (MTA) to provide Mail server services Boot your system into the Fedora Linux server VM used in lab 3 to configure DNS and follow the procedure outlined below to configure your system as a Mail server using the sendmail MTA. Log in as usual and make sure that the...
Study PC operating system such as windows and linux etc and mobile operating system such as...
Study PC operating system such as windows and linux etc and mobile operating system such as Android and iOS, find out whether there are functions and features that are provided in PC OS but not in mobile OS, and if there is any, analyze why these functions and features are not provided by these mobile OS. In your opinion for the future development will PC operating system and mobile operating system be the same or different? Give the details.
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and...
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and a Windows operating system are the concepts of “mounting” and “drive” letters. Provide an example for each. Why is it important to plan disk partitioning before installing Linux? Discuss the advantages of disk partitioning. Also discuss what logical volume management (LVM) is and why or why you might use it.
Lab – Linux Fundamentals Instructions: Using Kali Linux, the Windows Linux Sub-System, or another Debian based...
Lab – Linux Fundamentals Instructions: Using Kali Linux, the Windows Linux Sub-System, or another Debian based Linux distribution, perform the following tasks based on the Linux Fundamentals lecture. For this lab, take screenshots for all major steps completed to illustrate that each task was successfully completed (the same method as would be used for other labs). 9. Display your current directory in the terminal 10. Display your current directories contents including the inode value and permissions for each file and...
1. Discuss the various log files found on a Linux system. Based on their own experiences,...
1. Discuss the various log files found on a Linux system. Based on their own experiences, how often do they feel they would check these files, and how vigilant do they think they would be about the process? Have them outline some of the reasons why an administrator might tend to ignore these files. 2. Discuss there experiences with the creation of user and group accounts in other OSs such as Windows 10 or Windows Server 2019. What do they...
What is a three-tiered client-server architecture? (operating system)
What is a three-tiered client-server architecture? (operating system)
Lab 1-Refreshing Linux basics Objective: (Complete using Netlab) Please try each command in Linux system, and...
Lab 1-Refreshing Linux basics Objective: (Complete using Netlab) Please try each command in Linux system, and get screenshots (you may put multiple commands in one screenshot) which can show how actually each command runs. Also, give a brief description (one or two sentences) for each command. For the commands which have multiple switches/parameters, please try one popular switch/parameter. If after the command, there is “date”, please run date to show the system date and time before you run the command;...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT