Question

In: Computer Science

3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server...

3.13 LAB: Extracting Passwords (files and lists)

The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:

/etc/passwd

And it contains rows that look like this:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
user1:x:15:51:User One:/home/user1:nologin
user2:x:15:51:User One:/home/user1:nologin
user3:x:15:51:User One:/home/user1:nologin

This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.

And the second file /etc/shadow, contains rows that look like this:

root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::
bin:*:14195:0:99999:7:::
daemon:*:14195:0:99999:7:::
adm:*:14195:0:99999:7:::
ftp:*:14195:0:99999:7:::
user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7:::
user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7:::
user1:%[email protected]:15045:0:99999:7:::

This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.

Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.

Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.

Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.

Ex: If the input is:

input1pass.txt
input1shadow.txt
bobpickle
pa$$w0rd

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin
user2:x:16:52:User One:/home/user1:nologin
user3:x:17:53:User One:/home/user1:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7:::
user1:LLmm928393x:15046:0:99999:7:::
user1:&^334294kksri.:15047:0:99999:7:::

the output is:

Brute Force Attempt:
Login:  user1
Password:  XXPP192920r
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user2
Password:  LLmm928393x
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user3
Password:  &^334294kksri.
Unsuccessful brute force attempt

Ex: If the input is:

input2pass.txt
input2shadow.txt
demo123
password

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin
user2:x:16:52:User One:/home/user1:nologin
user3:x:17:53:User One:/home/user1:nologin
demo123:x:18:54:Demo User:/home/demo123:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7:::
user1:LLmm928393x:15046:0:99999:7:::
user1:&^334294kksri.:15047:0:99999:7:::
demo123:password:15048:0:99999:7:::

the output is:

Brute Force Attempt:
Login:  user1
Password:  XXPP192920r
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user2
Password:  LLmm928393x
Unsuccessful brute force attempt

Brute Force Attempt:
Login:  user3
Password:  &^334294kksri.
Unsuccessful brute force attempt

Brute Force Attempt:
Login: demo123
Password: password
Successful brute force attempt

Notes:

  • There is a newline at the end of the output.
  • input1pass.txt is available to download.
  • input1shadow.txt is available to download
  • 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.

279088.991434

LAB ACTIVITY

3.13.1: LAB: Extracting Passwords (files and lists)

0 / 10

Downloadable files

input1pass.txt

input1shadow.txt

Download

Solutions

Expert Solution

Solution:

In question they asked to use the zip() this method is use to compare the list and group based on the matching word

//import re package to do comapre the password complexity

import re

//Method toread the password file and store each line using while loop its as array
def Read_PasswordFile(filename):
password_array = []
with open(filename) as f:
for line in f:

//fetch only the username from the file using split function
password_array.append(line.split(":")[0])

//return usernamelist
return password_array

//Method toread the shadow file and store each line using while loop its as array
def Read_ShadowFile(filename):
shadow_array = []
with open(filename) as f:
#shadow_array is the list that contains the read lines.   
for line in f:
shadow_array.append(line)

//return array
return shadow_array

//call the respective method by passing the file name

userLogin=Read_PasswordFile('input1pass.txt')
Password=Read_ShadowFile('input1Shadow.txt')

//Using inbuild python zip method map the user and password files array,it will return the tuples

//like this(user1,user1:XXPP192920r:15045:0:99999:7:::)

x = zip(userLogin, Password)

//convert tuples to list for manupulation
mappedLoginList=list(x)

//using lambda separate the user and password details index 0-->holds userb=name,index1 holds password details
users=map(lambda x: x[0], mappedLoginList)
login=map(lambda x: x[1], mappedLoginList)

//Convert maps to list
usersList=list(users)
loginList=list(login)
//regex pattern to check password conatin lower,upper,number and special character
pattern ="^[a-zA-Z0-9@#$%^&+=.]+$"
//this pattern is used o check if password conatin only string
pattern2="^[a-zA-Z]*$"
//this pattern to check if the string conatin only number
pattern3="^[0-9]*$"

//Iterate the list using for loop to check the bruteforce attack

for i in range(0,len(usersList)):

//simple print statement to display output
print("Brute Force Attempt:")
print("Login:",usersList[i])
loginPassword=loginList[i].split(":")[1]
print("Password:",loginPassword)

//if statement to check the passwordcomplexity
  
if(not(re.match(pattern2, loginPassword))and not(re.match(pattern3, loginPassword)) and (re.match(pattern, loginPassword))):
print("Unsuccessful brute force attempt")
else:
print("Successful brute force attempt")
print("\n")


Related Solutions

lab of operating system: you should do this on linux server its mandatory please show your...
lab of operating system: you should do this on linux server its mandatory please show your work by taking screenshot and show all the commands performed and show the result. PROBLEM 1: Create a file and name it f1 • Cerate a directory and name it d1 • Move f1 to d1 • Create a directory and name it d2 • Move d1 to d2 • Check if d1 is inside d2 • Check if f1 is inside d1 •...
application that uses linux operating system amd justify the linux operating system. provide a suitable application...
application that uses linux operating system amd justify the linux operating system. provide a suitable application that uses linux os and justify the usage of linux os in the considered application.
Study PC operating system such as windows and linux etc and mobile operating system such as...
Study PC operating system such as windows and linux etc and mobile operating system such as Android and iOS, find out whether there are functions and features that are provided in PC OS but not in mobile OS, and if there is any, analyze why these functions and features are not provided by these mobile OS. In your opinion for the future development will PC operating system and mobile operating system be the same or different? Give the details.
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and...
Differences Between Linux and Windows Operating Systems Two key differences between a Linux operating system and a Windows operating system are the concepts of “mounting” and “drive” letters. Provide an example for each. Why is it important to plan disk partitioning before installing Linux? Discuss the advantages of disk partitioning. Also discuss what logical volume management (LVM) is and why or why you might use it.
1. Discuss the various log files found on a Linux system. Based on their own experiences,...
1. Discuss the various log files found on a Linux system. Based on their own experiences, how often do they feel they would check these files, and how vigilant do they think they would be about the process? Have them outline some of the reasons why an administrator might tend to ignore these files. 2. Discuss there experiences with the creation of user and group accounts in other OSs such as Windows 10 or Windows Server 2019. What do they...
What is a three-tiered client-server architecture? (operating system)
What is a three-tiered client-server architecture? (operating system)
We are interested in the implementation of a Unix/Linux system utility for the concatenation of a list of n text files.
Write in C We are interested in the implementation of a Unix/Linux system utility for the concatenation of a list of n text files. In order to do that we are going to consider the following syntax below where the concatenation of n text files are written in the output file all.txt or on the console if the output text file is not specified.       $./mycat file_1.txt file_2.txt   . . .   file_n.txt > all.txt
Pertaining to the Linux operating system, which is a variant of Unix, DISCUSS Topics that will...
Pertaining to the Linux operating system, which is a variant of Unix, DISCUSS Topics that will include things such as history, Linux kernel, and design principles.
System Administration Linux/Unix This lab is for you to research and implement old school DNS for...
System Administration Linux/Unix This lab is for you to research and implement old school DNS for your virtualized environment Currently, if you tried to ping your server01 by IP address (192.168.10.11), you would receive a response. If you tried to ping using its hostname "server01", it would result in "ping: hostname: Temporary failure in name resolution" 1) Research how and where to implement 2) Create the following entries: 192.168.10.1 router 192.168.10.11 SRV1 192.168.10.12 SRV2 192.168.10.13 client 3) Ensure these hostnames...
When working in a Linux operating system, drives such as HDD, Optical and floppy drives are...
When working in a Linux operating system, drives such as HDD, Optical and floppy drives are identified and labeled as? What are similarities and differences between a Linux OS and a Windows OS? Identify how Linux OS's assign serial ports? How are they labeled?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT