3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files: /etc/passwd And it contains rows that look like this: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info. And the second file /etc/shadow, contains rows that look like this: root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%TXlsifhQMinXX@.YUlppxp0177:15045:0:99999:7::: This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password. Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match. Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method. Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt. Ex: If the input is: input1pass.txt input1shadow.txt bobpickle pa$$w0rd and the contents of input1pass.txt are: user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin and the contents of the input1shadow.txt are: user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: the output is: Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Ex: If the input is: input2pass.txt input2shadow.txt demo123 password and the contents of input1pass.txt are: user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin and the contents of the input1shadow.txt are: user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7::: the output is: Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Brute Force Attempt: Login: demo123 Password: password Successful brute force attempt Notes: There is a newline at the end of the output. input1pass.txt is available to download. input1shadow.txt is available to download 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.

3.13 LAB: Extracting Passwords (files and lists) The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files: /etc/passwd And it contains rows that look like this: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info. And the second file /etc/shadow, contains rows that look like this: root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin::14195:0:99999:7::: daemon::14195:0:99999:7::: adm::14195:0:99999:7::: ftp::14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%TXlsifhQMinXX@.YUlppxp0177:15045:0:99999:7::: This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password. Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match. Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method. Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt. Ex: If the input is: input1pass.txt input1shadow.txt bobpickle pa$$w0rd and the contents of input1pass.txt are: user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin and the contents of the input1shadow.txt are: user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: the output is: Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Ex: If the input is: input2pass.txt input2shadow.txt demo123 password and the contents of input1pass.txt are: user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin and the contents of the input1shadow.txt are: user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7::: the output is: Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt Brute Force Attempt: Login: demo123 Password: password Successful brute force attempt Notes: There is a newline at the end of the output. input1pass.txt is available to download. input1shadow.txt is available to download 'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

3.13 LAB: Extracting Passwords (files and lists)

The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files:

/etc/passwd

And it contains rows that look like this:

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin

This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info.

And the second file /etc/shadow, contains rows that look like this:

root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7::: user1:$1$ssTPXdzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: user1:44##$TDQFedzX$.Pxp39484.FInu0lrH1dY30:15045:0:99999:7::: user1:%TXlsifhQMinXX@.YUlppxp0177:15045:0:99999:7:::

This file contains the actual password in encrypted format for each of the user's accounts stored in /etc/passwd. Notice the encrypted text after the login and : colon. That is the encrypted password.

Typically, if a hacker obtains access to these files, they could use some sort of cracking software to decrypt the passwords. Basically, they take a Brute Force approach and use common passwords to find a match.

Write a program that first reads in the name of two input files; input1pass.txt and input1shadow.txt. These files will contain encrypted and non-encrypted passwords to simulate a Brute Force approach. Next the program will accept input of two strings representing a potential user name, and password. The files should be read using the file.readlines( ) method.

Your program should output the attempted login and password with a message that it was a successful or unsuccessful brute force attempt.

Ex: If the input is:

input1pass.txt input1shadow.txt bobpickle pa$$w0rd

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7:::

the output is:

Brute Force Attempt: Login: user1 Password: XXPP192920r Unsuccessful brute force attempt Brute Force Attempt: Login: user2 Password: LLmm928393x Unsuccessful brute force attempt Brute Force Attempt: Login: user3 Password: &^334294kksri. Unsuccessful brute force attempt

Ex: If the input is:

input2pass.txt input2shadow.txt demo123 password

and the contents of input1pass.txt are:

user1:x:15:51:User One:/home/user1:nologin user2:x:16:52:User One:/home/user1:nologin user3:x:17:53:User One:/home/user1:nologin demo123:x:18:54:Demo User:/home/demo123:nologin

and the contents of the input1shadow.txt are:

user1:XXPP192920r:15045:0:99999:7::: user1:LLmm928393x:15046:0:99999:7::: user1:&^334294kksri.:15047:0:99999:7::: demo123:password:15048:0:99999:7:::

the output is:

Notes:

There is a newline at the end of the output.
input1pass.txt is available to download.
input1shadow.txt is available to download
'Hint' - check out the Python zip ( ) for mapping the login in one file to the other.

Expert Solution

Trending now

This is a popular solution!

Step by step

Solved in 2 steps with 2 images

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.