Question
In: Computer Science
3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server...
3.13 LAB: Extracting Passwords (files and lists)
The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:
/etc/passwd
And it contains rows that look like this:
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin
This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.
And the second file /etc/shadow, contains rows that look like this:
root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%[email protected]:15045:0:99999:7:::
This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.
Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.
Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.
Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.
Ex: If the input is:
input1pass.txt input1shadow.txt bobpickle pa$$w0rd
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt
Ex: If the input is:
input2pass.txt input2shadow.txt demo123 password
and the contents of input1pass.txt are:
user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin
and the contents of the input1shadow.txt are:
user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7:::
the output is:
Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Brute Force Attempt: Login: demo123 Password: password Successful brute force attempt
Notes:
- There is a newline at the end of the output.
- input1pass.txt is available to download.
- input1shadow.txt is available to download
- 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.
279088.991434
LAB ACTIVITY
3.13.1: LAB: Extracting Passwords (files and lists)
0 / 10
Downloadable files
input1pass.txt
input1shadow.txt
Download
Solutions
Expert Solution
Solution:
In question they asked to use the zip() this method is use to compare the list and group based on the matching word
//import re package to do comapre the password complexity
import re
//Method toread the password file and store each line using
while loop its as array
def Read_PasswordFile(filename):
password_array = []
with open(filename) as f:
for line in f:
//fetch only the username from the file using split
function
password_array.append(line.split(":")[0])
//return usernamelist
return password_array
//Method toread the shadow file and store each line using while
loop its as array
def Read_ShadowFile(filename):
shadow_array = []
with open(filename) as f:
#shadow_array is the list that contains the read lines.
for line in f:
shadow_array.append(line)
//return array
return shadow_array
//call the respective method by passing the file name
userLogin=Read_PasswordFile('input1pass.txt')
Password=Read_ShadowFile('input1Shadow.txt')
//Using inbuild python zip method map the user and password files array,it will return the tuples
//like this(user1,user1:XXPP192920r:15045:0:99999:7:::)
x = zip(userLogin, Password)
//convert tuples to list for manupulation
mappedLoginList=list(x)
//using lambda separate the user and password details index
0-->holds userb=name,index1 holds password details
users=map(lambda x: x[0], mappedLoginList)
login=map(lambda x: x[1], mappedLoginList)
//Convert maps to list
usersList=list(users)
loginList=list(login)
//regex pattern to check password conatin lower,upper,number and
special character
pattern ="^[a-zA-Z0-9@#$%^&+=.]+$"
//this pattern is used o check if password conatin only
string
pattern2="^[a-zA-Z]*$"
//this pattern to check if the string conatin only number
pattern3="^[0-9]*$"
//Iterate the list using for loop to check the bruteforce attack
for i in range(0,len(usersList)):
//simple print statement to display output
print("Brute Force Attempt:")
print("Login:",usersList[i])
loginPassword=loginList[i].split(":")[1]
print("Password:",loginPassword)
//if statement to check the passwordcomplexity
if(not(re.match(pattern2, loginPassword))and not(re.match(pattern3,
loginPassword)) and (re.match(pattern, loginPassword))):
print("Unsuccessful brute force attempt")
else:
print("Successful brute force attempt")
print("\n")
venereology answered 1 year agoRelated Solutions
lab of operating system: you should do this on linux server its mandatory please show your...
application that uses linux operating system amd justify the linux operating system. provide a suitable application...
What are some Linux Server operating system failover technologies? What about premium ones that you can...
Configuring Mail services in Linux In this lab we will examine how to configure mail server...
Study PC operating system such as windows and linux etc and mobile operating system such as...
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and...
Lab – Linux Fundamentals Instructions: Using Kali Linux, the Windows Linux Sub-System, or another Debian based...
1. Discuss the various log files found on a Linux system. Based on their own experiences,...
What is a three-tiered client-server architecture? (operating system)
Lab 1-Refreshing Linux basics Objective: (Complete using Netlab) Please try each command in Linux system, and...
- Write a C++ program to read in various types of test questions (multiple choice and True/False)...
- Write a C program that accepts a port number as a command line argument, and starts...
- Given that labor is a resource that needs to be used efficiently, what responsibility do you...
- When you develop a research project, you need to have a reliable and valid method of...
- Suppose you have a list containing exactly three integer numbers. Each number could be positive, negative,...
- Explain the relation between muscles, ATP energy, and the calcium ion
- Vertical Analysis of Income Statement The following comparative income statement (in thousands of dollars) for the...