Alice has only a limited knowledge of security. He is unaware of security risks and has probably chosen an easy password (one that many users generally select).įor alice, you know some of her personal information: her phone number is 6955345671, her license plate is ZKA4221, and she likes the Rolling Stones. To do this, you have some information about the personal life of bob and alice:įor the bob user, you know that he is now starting to learn how to use computers.
Your goal is to discover the passwords of these two users. Since the system used different salt while hashing each password, we cannot infer any information regarding the similarity of the passwords of bob and alice. From the shadow file, can you see for sure if alice and bob have chosen different passwords? Explain your answer. We get this data on each line, between the second dollar sign ( $) and the third. Which salt was used for bob and which for alice? From this result, we know that SHA-512 was used. This means that the id of the function used is between the first and second dollar sign ( $) and that value is in both cases the value 6. We can see in both lines of our shadow file, that between the first and second colon ( :) the hashed value is following the format described above. The following values of id are supported:
Rest of the password string is interpreted. Id identifies the encryption method used instead of DES and this then determines how the Optionally terminated by "$", then the result has the form: If salt is a character string starting with the characters "$id$" followed by a string alice:$6$.s6xaWmE$7nWEW4wejMoVV.40Cg6w9XJ.:17470:0:99999:7:::īob:$6$aACNZdTj$3NIDLAAde5cfvNtacI9JUGQUgrBciUWAUWNY1:17470:0:99999:7::: Tasks Based on the information you will obtain from the above link, which hash function did the system use to generate the salted hashed passwords?įrom the documentation, we get the following information: The glibc2 version of this function supports additional encryption algorithms. You can find relevant information about the implementation in Ubuntu at (how to call this function, what the arguments are etc.) Assume that you have managed to access a secret shadow file of an Ubuntu Linux system (see the shadow file contents below). The passwords are stored in a digital fingerprint using salt (salted hash) in the Linux system through the crypt function.
27 November 2021 in Bash / GNU/Linux tagged bash / crypt / GNU/Linux / hashcat / john / john the ripper / john-the-ripper / python / salt / SHA-512 / shadow / ubuntu / wordlist by Tux
0 kommentar(er)
