-Kavish
list_5 = []
list_6 = []
list_7 = []
list_8 = []
list_unknown_length = []
with open('crackstation.txt','r') as temp:
list_pass = temp.readlines()
temp.close()
for i in list_pass:
if len(i) == 5 :
list_5.append(i)
elif len(i) == 6:
list_6.append(i)
elif len(i) == 7:
list_7.append(i)
elif len(i) == 8:
list_8.append(i)
else:
list_unknown_length.append(i)
with open('crack_5.txt','w') as f:
for item in list_5:
f.writelines(item)
with open('crack_6.txt','w') as f:
for item in list_6:
f.writelines(item)
with open('crack_7.txt','w') as f:
for item in list_7:
f.writelines(item)
with open('crack_8.txt','w') as f:
for item in list_8:
f.writelines(item)
with open('crack_unknown_length.txt','w') as f:
for item in list_unknown_length:
f.writelines(item)
- Davinder
automatically upload pot files to this git repo, to your branch, from your server, and checks if level is complete. run this in parallel to John or Hashcat.
the following files should be in current directory: level<level_no>.json, john<level_no>.pot or hashcat<level_no>pot
e.g. for level 5:
wget https://github.com/dsmudhar/CS4400/raw/master/level5.json -O level5.json
wget https://github.com/dsmudhar/CS4400/raw/master/the_automator.sh -O the_automator.sh
chmod +x ./the_automator.sh
./the_automator.sh 5 pot_username
- Kavish
awk'$1~/^[0-9a-zA-Z]+$/' <filename>|grep -o -w '\w\{5,5\}'> <filename>
- Kavish
list_final = []
list_temp_apend = []
list_temp_deleted = []
list_hash = []
with open('level7.pot','r') as temp:
list_pot = temp.readlines()
temp.close()
list_hash = [i.split()[0] for i in list_pot]
list_pass = [i.split()[1] for i in list_pot]
for i,j in zip(list_hash,list_pass):
if len(j) != 8 and '/' not in j and '\' not in j :
list_hash.append(i)
list_temp_apend.append(j)
else:
list_temp_deleted.append(j)
for l,m in zip(list_hash,list_temp):
list_final.append(l + ":" + m )
with open('des_broken_f','w') as f:
for item in list_final:
f.writelines(item)
- Davinder
type="sha1"
jsonfile="levelX.json"
grep $type < $jsonfile | sed -E "s/^ *\"(.*)\",?/\1/g" > hashes-${type}.txt
- Udita
filename="fourfour.wordlist"
file_id="1RM93c8xWyWL1rIQWRbxjT2uAKU5D70BD"
query=`curl -c ./cookie.txt -s -L "https://drive.google.com/uc?export=download&id=${file_id}" \
| perl -nE'say/uc-download-link.*? href="(.*?)\">/' \
| sed -e 's/amp;//g' | sed -n 2p`
url="https://drive.google.com$query"
curl -b ./cookie.txt -L -o ${filename} $url
- Udita
Follow steps for setting up google cloud or RH here We will be using google cloud for this assignment
Create new VM instance with the following specs
1) Upgrade account and choose europe-west-1b as the region
2) Click customise under "Machine Type"
-No.of GPUs as "1" (only allows 1 P100 for some reason under the free credits)
-GPU type as "NVIDIA Tesla P100"
3) Click on create and SSH into VM instance
- Davinder
# install NVIDIA - Tesla P100 drivers
# wget http://us.download.nvidia.com/tesla/410.72/NVIDIA-Linux-x86_64-410.72.run
# sudo ./NVIDIA-Linux-x86_64-410.72.run
sudo apt-get install build-essential libssl-dev git zlib1g-dev \
yasm libgmp-dev libpcap-dev pkg-config libbz2-dev \
nvidia-opencl-dev \
libopenmpi-dev openmpi-bin
cd ~
git clone git://github.com/magnumripper/JohnTheRipper -b bleeding-jumbo john
cd john/src
./configure --enable-mpi && make -s clean && make -sj4
1) ./john --format=PBKDF2-HMAC-SHA256-opencl --wordlist=rockyou.txt <hashes> (Udita)
2) .. (Davinder)
3) Python script to decrypt level (Joanna, Kavish)
k threshold ~2%
| Hash | Count |
|---|---|
| PBKDF2 | 109/109 |
| sha1 | 77/77 |
| sha512 | 0/86 |
| argon2 | 0/71 |
4+4 wordlist attack - Udita
1) ./john --format=PBKDF2-HMAC-SHA256-opencl --wordlist=fourfour.wordlist <hashes> (Udita)
k threshold ~ 40%
| Hash | Count |
|---|---|
| PBKDF2 | 34/34 |
| sha1 | 37/37 |
| sha512 | 0/34 |
| argon2 | 0/45 |
Passwords length 5 with atleast -1 digit in one of the last 3 places -1 vowel - Udita
1) ./john --format=PBKDF2-HMAC-SHA256-opencl --mask=?l?l?l?l?d -min-len=5 -max-len=5 --pot=level3.hashes <hashes> (Udita)
-Kavish
1) ./john --format=PBKDF2-HMAC-SHA256-opencl --wordlist=rockyou.txt <hashes> (Kavish)
- Davinder
format="hash-format"
hashes="hash-file"
declare -a masks=( \
?1?1?1?2?d ?1?1?2?1?d ?1?2?1?1?d ?2?1?1?1?d \
?1?1?2?2?d ?1?2?2?1?d ?2?2?1?1?d ?2?1?2?1?d ?1?2?1?2?d ?2?1?1?2?d \
?1?2?2?2?d ?2?1?2?2?d ?2?2?1?2?d ?2?2?2?1?d \
?2?2?2?2?d \
?1?1?1?d?2 ?1?1?2?d?1 ?1?2?1?d?1 ?2?1?1?d?1 \
?1?1?2?d?2 ?1?2?2?d?1 ?2?2?1?d?1 ?2?1?2?d?1 ?1?2?1?d?2 ?2?1?1?d?2 \
?1?2?2?d?2 ?2?1?2?d?2 ?2?2?1?d?2 ?2?2?2?d?1 \
?2?2?2?d?2 \
?1?1?d?1?2 ?1?1?d?2?1 ?1?2?d?1?1 ?2?1?d?1?1 \
?1?1?d?2?2 ?1?2?d?2?1 ?2?2?d?1?1 ?2?1?d?2?1 ?1?2?d?1?2 ?2?1?d?1?2 \
?1?2?d?2?2 ?2?1?d?2?2 ?2?2?d?1?2 ?2?2?d?2?1 \
?2?2?d?2?2 \
)
for i in ${masks[@]}
do
./john/run/john --format=$format -1=[bcdfghjklmnpqrstvwxyz] -2=[aeiou] --mask=$i -min-len=5 -max-len=5 $hashes
done
- Udita - Kavish
Optimise for cracking sha512 : Creating custom wordlists
Generate wordlist using python code and split into the following lists
1) 5 letter words with exactly 2 vowels, 1 digit and the digit at the last place
2) 5 letter words with exactly 2 vowels, 1 digit and the digit at the second last place
3) 5 letter words with exactly 2 vowels, 1 digit and the digit at the third last place
k threshold 56%
| Hash | Count |
|---|---|
| PBKDF2 | 31/31 |
| sha1 | 41/41 |
| sha512 | 8/40 |
| argon2 | 0/30 |
Passwords list crawled from scss and tcd.ie website
k threshold ~46%
| Hash | Count |
|---|---|
| PBKDF2 | 42/42 |
| sha1 | 34/34 |
Passwords list consists of submitty usernames
Cracked usernames listed on cs7ns1 git Team.md https://github.com/sftcd/cs7ns1/blob/master/assignments/practical5/TeamSelection.md
k threshold ~32%
Easter egg : Another rockyou?
Dictionary attack using rockyou list split into lengths 5,6,7,8
k threshold ~32%
| Hash | Count |
|---|---|
| PBKDF2 | 51/51 |
| sha1 | 21/48 |
Easter egg : keyboard patterns
Dictionary attack using various lists found online or shared by other teams can be found here
| Hash | Count |
|---|---|
| PBKDF2 | 40/48 |
| sha1 | 39/40 |
Easter egg : bleedin' rockyou
Dictionary attack using rockyou.txt split into lists with length 5,6,7,8 words can be found here
1)./john --format=sha1crypt-opencl --wordlist=cracknew7.txt --dev=0,1 --fork=2 <hashes> (Kavish)
| Hash | Count |
|---|---|
| PBKDF2 | 40/48 |
| sha1 | 39/40 |
Easter egg : crackstation.txt
15GB wordlist split into lists with length with length 5,6,7,8 And futher split into wordlist containing just numbers, just lowercase alphabets and so on using the bash scripts below
cat crackstation.txt | grep -oE ".{7,7}" > crackstation7.txt
cat crackstation7.txt | grep -oE "^[a-z]{7,7}$" > cracknew7.txt
cat crackstation7.txt | grep -oE "^[a-zA-Z]{7,7}$" > cracknew7.txt
cat crackstation7.txt | grep -oE "^[a-zA-Z0-9]{7,7}$" > cracknew7.txt .. so on
Running instances on Rosetta Hub, Google cloud VM using 4 Tesla v100 machines and 4 nodes on each instance. v100 instances unavailble since Nov 10.
./john --format=sha1crypt-opencl --wordlist=cracknew7.txt --dev=0,1,2,3 --fork=4 level9.hashes
| Hash | Count |
|---|---|
| PBKDF2 | 35/36 |
| sha1 | 30/31 |
| sha512 | 05/41 |