CSCIx250-F15 Assignment 2

Assignment 2: Password Cracking

Narrative:
You are part of a CIA cyber-spy team. You are trying to gain access to an adversary's remote system. Fortunately, one of your team members was able to gain access to the passwords file on the system. As a team member, your task is to recover all passwords, so that you can gain access to the users' files on that system.

Assignment Goals:
In this assignment, you are required to perform a dictionary attack on multiple password files. The assignment will be conducted in 4 different steps, with increasing levels of difficulty.

Description:
You will be presented with a series of password files that contain a list of user names and related passwords stored in a hashed form.

Parameters: The hash function for this assignment is MD5, and the length of the secret key used in Step 3 and Step 4 is 2 bytes.

Step 1: passwords are chosen among common English dictionary words, and are simply hashed.

psw = random_element(dictionary_words);
h = HASH(password);

Step 2: similar to Step 1; but passwords are salted and hashed (note: the salt is different for each system user).

psw = random_element(dictionary_words);
salt = generate_user_salt(user);
h = HASH(salt+psw);

Step 3: similar to Step 2; passwords are salted and a keyed hash is computed for each password using a secret system-level key (the key is the same for all users on the system).

key = generate_system_key();
psw = random_element(dictionary_words);
salt = generate_user_salt(user);
h = HASH(key+salt+psw);

Step 4: similar to Step 3; in this step passwords are still chosen among common English dictionary words, but some of the characters (e.g., vowels) are sometimes replaced with digits or special characters

key = generate_system_key();
psw = random_element(dictionary_words);
perturbed_psw = random_char_replacement(psw);
salt = generate_user_salt(user);
h = HASH(key+salt+perturbed_psw);

Hints:
1) Most linux distributions already come by default with a list of English dictionary words. If not installed by default, it can be easily installed via a package (see manual instructions for apt-get command).
2) You should start working on this assignment immediately, even before the password files are leaked!

Grading:
This Assignment is worth 10 points; plus some bonus points if you solve the hardest challenge and do it fast!

For each correctly solved step you will receive the following points:

Step1: 2 points
Step2: 3 points
Step3: 5 points
Step4: 2 bonus points + time-based bonus points

TIME-BASED BONUS POINTS: The first 3 students to submit the correct answer for all 4 steps will receive the bonus points
1st correct submission: 3 bonus points
2nd correct submission: 2 bonus points
3rd correct submission: 1 bonus point

Format of Password File:
This is an example password file:

bob:GRzHp:b9c3a727a558a126dde6a14a04e3b392

alice:fYqZd:7ed7c1de6305c3ef0417dcab86bab6f2

anne:fmDU9:78873d55cfcf80a6de63a7a9a78bc726

joe:DWVpO:aea346164c6b63156e01cc8c6b52675d

steve:TscPd:fbca34a993892f753f64fac49009a3c6

jean:uX8b7:bc4c3c52b1887e0fc2f9d6f949a93beb

root:2aTsR:f03319b713957db500eb6149f460cb52

albert:JAj86:e3815c7660fe8e1b716f3583cb31539d

dave:qHTs7:fa6e1f1de393b2b7f0b75197a49870fe

gale:0S7Qz:d4c4a40c38e07961a5f93de64c25c168

Each line is formatted as follows:

USERNAME:SALT:PSWHASH

Notice that in Step1 the salt field will be empty.

Solution File Format:
This is an example solution file:

bob:Myxogasteres

alice:transorbital

anne:erosible

joe:unportmanteaued

steve:Coccidioides

jean:reflecting

root:gradient

albert:accipitrary

dave:pathopsychology

gale:monkshood

VERY IMPORTANT: the solution file MUST NOT contain any empty lines, or spaces at the beginning or end of each line. Follow the format above closely!

Retrieve your password files:

1) Visit the following link and enter your UGA user name to retrieve your first password file: FILE

2) Every time you solve a step you can come back to that same link, where you need to enter the MD5 hash of the solution file to retrieve the password file related to the next step (see also solution submission instructions below).

Solution Submission:
Once you have output the solution to a text file, you need to do the following:

1) Name the solution file using the following format, and submit it via nike, under a directory called "Assignment2"

YOUUSERNAME_stepX_solution.txt, where YOURUSERNAME is your UGA user name, and the X in StepX needs to be changed into the correct step number. For example, I would submit a file named perdisci_step2_solution.txt.

2) Every time you finish a step, compute the MD5 hash of the solution file and submit via the following web form to get access to the next step's leaked password file:FORM

4) Once you have solved all steps, or the time available for the assignment expires, you will need to submit the source code you wrote to solve the assignment. Create a .ZIP file with all necessary source code files, and submit it via nike.

5) [Optional] At every step, measure how much time it takes for you to crack each password. Compute the average password cracking time for each step. Have fun!