Question
In: Computer Science
3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server...
3.13 LAB: Extracting Passwords (files and lists)
The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:
/etc/passwd
And it contains rows that look like this:
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin
This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.
And the second file /etc/shadow, contains rows that look like this:
root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%[email protected]:15045:0:99999:7:::
This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.
Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.
Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.
Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.
Ex: If the input is:
input1pass.txt input1shadow.txt bobpickle pa$$w0rd
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt
Ex: If the input is:
input2pass.txt input2shadow.txt demo123 password
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Brute Force Attempt: Login: demo123 Password: password Successful brute force attempt
Notes:
- There is a newline at the end of the output.
- input1pass.txt is available to download.
- input1shadow.txt is available to download
- 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.
279088.991434
LAB ACTIVITY
3.13.1: LAB: Extracting Passwords (files and lists)
0 / 10
Downloadable files
input1pass.txt
input1shadow.txt
Download
Solutions
Expert Solution
Solution:
In question they asked to use the zip() this method is use to compare the list and group based on the matching word
//import re package to do comapre the password complexity
import re
//Method toread the password file and store each line using
while loop its as array
def Read_PasswordFile(filename):
password_array = []
with open(filename) as f:
for line in f:
//fetch only the username from the file using split
function
password_array.append(line.split(":")[0])
//return usernamelist
return password_array
//Method toread the shadow file and store each line using while
loop its as array
def Read_ShadowFile(filename):
shadow_array = []
with open(filename) as f:
#shadow_array is the list that contains the read lines.
for line in f:
shadow_array.append(line)
//return array
return shadow_array
//call the respective method by passing the file name
userLogin=Read_PasswordFile('input1pass.txt')
Password=Read_ShadowFile('input1Shadow.txt')
//Using inbuild python zip method map the user and password files array,it will return the tuples
//like this(user1,user1:XXPP192920r:15045:0:99999:7:::)
x = zip(userLogin, Password)
//convert tuples to list for manupulation
mappedLoginList=list(x)
//using lambda separate the user and password details index
0-->holds userb=name,index1 holds password details
users=map(lambda x: x[0], mappedLoginList)
login=map(lambda x: x[1], mappedLoginList)
//Convert maps to list
usersList=list(users)
loginList=list(login)
//regex pattern to check password conatin lower,upper,number and
special character
pattern ="^[a-zA-Z0-9@#$%^&+=.]+$"
//this pattern is used o check if password conatin only
string
pattern2="^[a-zA-Z]*$"
//this pattern to check if the string conatin only number
pattern3="^[0-9]*$"
//Iterate the list using for loop to check the bruteforce attack
for i in range(0,len(usersList)):
//simple print statement to display output
print("Brute Force Attempt:")
print("Login:",usersList[i])
loginPassword=loginList[i].split(":")[1]
print("Password:",loginPassword)
//if statement to check the passwordcomplexity
if(not(re.match(pattern2, loginPassword))and not(re.match(pattern3,
loginPassword)) and (re.match(pattern, loginPassword))):
print("Unsuccessful brute force attempt")
else:
print("Successful brute force attempt")
print("\n")
venereology answered 1 year agoRelated Solutions
lab of operating system: you should do this on linux server its mandatory please show your...
application that uses linux operating system amd justify the linux operating system. provide a suitable application...
What are some Linux Server operating system failover technologies? What about premium ones that you can...
Configuring Mail services in Linux In this lab we will examine how to configure mail server...
Study PC operating system such as windows and linux etc and mobile operating system such as...
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and...
Lab – Linux Fundamentals Instructions: Using Kali Linux, the Windows Linux Sub-System, or another Debian based...
1. Discuss the various log files found on a Linux system. Based on their own experiences,...
What is a three-tiered client-server architecture? (operating system)
Lab 1-Refreshing Linux basics Objective: (Complete using Netlab) Please try each command in Linux system, and...
- 4) Cost per equivalent unit of direct materials and conversion (4 marks) The cost per equivalent...
- We usually write numbers in decimal form (or base 10), meaning numbers are composed using 10...
- Consider a saturated solution of the salt MX3, which M is a metal cation with a...
- Energyshot is a new energy drink that is about to be introduced into the global market....
- Problem 1: During the month, EKM Enterprise purchased $100,000 in raw material on account, used $150,000...
- An electron is accelerated inside a parallel plate capacitor. The electron leaves the negative plate with...
- There is a region with a constant magnetic field 6.31T . The magnetic field is directed...