thers a number of short programs (further specifications can be found in the bruteforce assignment pdf).
Each program reads from stdin and writes to stdout. In addition, configuration info is read from a file that is specified via a commandline parameter.
1. combi.cpp this program combines a number of words that are offered via stdin. Special characters can be included between them.
2. subst.cpp this program replaces 1 or more letters with numbers / special characters in the lines that are offered via stdin.
3. filter.cpp Because only passwords of length 16 or more are acceptable, a filter program is created that filters out all words that are smaller.
If everything works well, the following pipe structure will be able to 'crack' the password list. This is also the way in which your programs should be used. combi
And with these three short assignments the final assignment can be completed which is to crack all hashes in the hashes.txt file. more detail can be read in the pdf file
Introduction to the assignment We are attempting to gain access to a secure network. We have already succeeded in finding some hashes that may be associated with the passwords that we need. And a brutal force attack with a large password list has yielded nothing. In an 'internal memo'1 that is addressed to new system administrators in the company we read: ... strong passwords are of great importance for adequate security. These must be unique and may not be reused. … … Passwords that secure infrastructure components must be long (at least 16 characters), preferably made up of several (non-English) words and combined with special characters and / or numbers,… ... passwords may never be recorded, not digitally and not on paper. The department manager keeps a copy in a notebook, which is kept in a safe. This can be consulted in an emergency. … One of the new managers is known to us by name and by name. A social media analysis of this person teaches us: names of family members +: Anderson, Noah, Olivia, Abigail, Sophia, Wanda (= fish), Tiger (= cat) hobbies: dancing (Latin American), chess (fanatic! ) born: Oct. 5 ‘83, Edinburgh, education: Edinburgh College, diploma: 24 jun ‘05, married: 4 feb ‘10, birth of 1st child: 3 sep ‘12, birth of 2nd child: 2 aug ‘14 current address: Kortekade 51b 3062 GM Rotterdam (last) big trip: Tahiti Pearl Beach Resort, Lafayette beach PK7 Arue, 12-28 March '10 On the basis of this information we make a list of words. The hope is that the password, in one way or another, is a combination of words from this list, possibly with adjustments. With adjustments you can think of: • substitution of letters with numbers / symbols. • inserting special characters ('@', '#', '$', etc ...) Of course there is no guarantee of success. But the administrator must be able to remember multiple passwords and will therefore want to use a reminder. for this Assignment You get a number of files: 1. hashes.txt the list of MD5hash values that we want to 'crack'. 2. checkHash.cpp This program is provided with code documentation and is not explained further. 3. md5.cpp an extra 'help' program to check the installation of openssl-dev. 4. woorden.txt an example word list with which you can crack the 1st MD5 hash values. Each line in this file contains 1 word that will become part of a candidate password. 5. subst.txt an (example) of a config file for the subst program. See below. You have to write a number of programs (further specifications can be found below). Each program reads from stdin and writes to stdout. In addition, configuration info is read from a file that is specified via a commandline parameter. 1. combi.cpp this program combines a number of words that are offered via stdin. Special characters can be included between them. 2. subst.cpp this program replaces 1 or more letters with numbers / special characters in the lines that are offered via stdin. 3. filter.cpp Because only passwords of length 16 or more are acceptable, a filter program is created that filters out all words that are smaller. If everything works well, the following pipe structure will be able to 'crack' the password list. This is also the way in which your programs should be used. combi