Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
update
- Loading branch information
fernandofilipe13
committed
Nov 5, 2021
1 parent
4df533f
commit 1acf4063cf6be86a19c40ca8dbca43e8847d5355
Showing
6 changed files
with
155 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -5,3 +5,4 @@ | ||
| /html/ | ||
| /submission/5062CEM_2021_22_SepJan_CW1_main_sit_0123456789.html | ||
| /tests/__pycache__/ | ||
| .DS_Store | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| <h1>5062CEM Coursework 1</h1> | ||
| <ul> | ||
| <li>Student ID: (10697667)</li> | ||
| </ul> | ||
| <h2>Task 1: Passwords and Hashes (10%)</h2> | ||
| <pre><code>If the hashes produced are all 2 bytes, how many possible hash values are there? Explain how you calculate this value. | ||
|
|
||
|
|
||
| (With one byte is 2^8 = 256 values. The number 2 is from the binary because a binary number is represented in the base 2 numeral system, because the binary only has two numbers (zeros and ones), and the 8 is because one byte are 8 bits. | ||
| 2 bytes which is 16 bits is 65,536. (2^16) ) | ||
|
|
||
|
|
||
| With minimum password length of 3 and maximum of 6, and possible characters being all upper and lowecase letters and digits (ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789) how many possible passwords are in our "search space"? Explain how you calculate this value. | ||
| </code></pre> | ||
| <p>The alphabet has 26 characters. Upper and Lower case alphabet characters are 52 (26+26 or 26*2), plus 10 numbers (0-9) is 62. | ||
| I know the password has the minimum of 3 characters so I'm going to multiply 3 times 62. Which is: | ||
| 62^3 = 238,328 | ||
| I know the password has the maximum of 6 characters so I'm going to multiply 6 times 62. Which is: | ||
| 62^6 = 56,800,235,584 | ||
| I already know the system will not accept passwords with a lenght smaller then 3 characters, I'm going to subtract the minimum possiblities passwords accepted with the maximum. | ||
| 56,800,235,584 - 238,328 = 56,799,997,256</p> | ||
| <p>The possible passwords are 56,799,997,256</p> | ||
| <pre><code>One of these numbers is larger than the other. What implications does this have for security if this hash function is used in storing passwords? What implications does this have for our rainbow table? | ||
|
|
||
| (The rainbow table will break easily and faster the shortest passwords then the largest) | ||
| </code></pre> | ||
| <h2>Task 2: Implementing the table (30%)</h2> | ||
| <p>Include your <code>generateTable</code> function below. The three back-ticks before and after the code tell Markdown that the text between should be marked-up as code.</p> | ||
| <pre><code class="language-python"> | ||
| def generateTable(chainStarts, hashFunc, guessFunc, chainLength, minLen=3,maxLen=6,charset=defaultCharset): | ||
| """ Create a rainbow table for the given hash function | ||
|
|
||
| Arguments: | ||
| chainStarts -- a list of starting values. The length of this list determines how many chains will be constructed. | ||
| hashFunc -- a hash function to be used in the hashing step. | ||
| guessFunc -- a function that can produce valid inputs to the hash function. The function should accept a value and the keyword arguments `minLen` (minimum guess length) `maxLen` (maximum guess length) and `charset` (a string containing all valid characters to be used in the table). These will be passed directly from the arguments of the same names given to this funciton. | ||
| chainLength -- length of each chain | ||
| minLen -- minimum length of values to be hashed | ||
| maxLen -- maximum length of values to be hashed | ||
| charset -- string containing all valid characters for values being hashed | ||
|
|
||
| """ | ||
| guessesArr =[] | ||
| hashArr =[] | ||
| for i in range(len(chainStarts)): | ||
| for value in range(chainLength): | ||
| if value == 0: | ||
| guess = chainStarts[i] | ||
| hash = hashFunc(guess) | ||
| if not hash in hashArr: | ||
| guessesArr.append(guess) | ||
| hashArr.append(hash) | ||
| guess = guessFunc(hash,0,minLen,maxLen,charset) | ||
| return hashArr | ||
| </code></pre> | ||
| <h2>Task 3: Parameters (10%)</h2> | ||
| <pre><code>Discuss how to select the best parameters for generating a rainbow table. | ||
| </code></pre> | ||
| <p>(Things we need to care when generating a rainbow table is the chain lenght and how many chains will the table have. Also we have to know how many rows and collumns we need for our rainbow table. If we choose a small table with 10 rows, 10 collumns which are 100 hashes and we are working in a fast computer it will be very quickly to generate a table but if we create a big table with 100 rows and 100 collumns which is 10000 hashes will take more time to generate. But here we are thinking in a small number, let's try 1 million rows and 1 millions collumns, I did it, and it took a lot of time. | ||
| To take get a hash from a small table it's super fast but if we're trying to get a hash from a big table it will take a while to retrivie the value.)</p> | ||
| <p>Some hints:</p> | ||
| <ul> | ||
| <li>You can change the number of chains and the length of each chain</li> | ||
| <li>What effect does changing each of these have on:<ul> | ||
| <li>How well the table works, as in how many hashes it can break?</li> | ||
| <li>How long it takes to create?</li> | ||
| <li>How much space it takes up? </li> | ||
| <li>How long it takes to search the chains for hashes? It depends </li> | ||
| </ul> | ||
| </li> | ||
| </ul> | ||
| <h2>Task 4: Reversing Hashes (10%)</h2> | ||
| <pre><code>What are possible passwords that produce the following hashes? | ||
|
|
||
| I couldn't find the right password but I have a chain guess. | ||
| </code></pre> | ||
| <ul> | ||
| <li>BA FF - kvSo</li> | ||
| <li>BE 21 - ZeH3l</li> | ||
| <li>12 34 - LXiKL</li> | ||
| <li>9A 2E - ODlYoo</li> | ||
| </ul> | ||
| <p>(Write your answers next to the hashes above. HINT: you can check your answers by putting them into the pearson hashN function and seeing if they give you the right hash)</p> | ||
| <h2>Task 5: Improving Guess Generation Efficiency (20%)</h2> | ||
| <pre><code>The function that currently produces guesses is not as efficient as it could be. | ||
|
|
||
| Discuss how the time it takes is related to the index argument and propose a solution that makes it independant of this value. | ||
| </code></pre> | ||
| <p>()</p> | ||
| <h2>Challenge: Web service compromise (20%)</h2> | ||
| <p>The docker container <code>cueh/pears_tree:latest</code> uses unsalted 2-byte pearson hashes for checking passwords. See if you can steal the password list and find passwords that result in the hashes.</p> | ||
| <p>To run the container: <code>docker run -it cueh/pears_tree:latest</code>. The container should tell you which IP and port to use. If it's the only running container, it will probably be: <code>http://172.17.0.2:80</code>.</p> | ||
| <p>If you're doing it on a chromebook, use this instead: <code>docker run -p 8000:80 -it cueh/pears_tree:latest</code> and browse to <code>http://penguin.linux.test:8000</code></p> | ||
| <p>You should submit the usernames you found, along with matching | ||
| passwords that will work on the site.</p> | ||
| <pre><code>Write a short description of how you found the hashes and used them to gain access to the site. | ||
|
|
||
| List the hashes you found and passwords that can be used for the found usernames. | ||
| </code></pre> | ||
| <p>(The first thing I did was open the site and I tried to explore everything with the browser tools. I found the cookies called "userID" and "authToken". I tried to change them and I realised the cookies were being checked in the server side. I went to the login page were I found the username input and password, I also found the hidden input which is a CSRF TOKEN. I didn't know what type of token was that and I googled it and I realised it is a server side unique token generated by the server but only when the client is accessing the site. One time generated by the server I read and I assume the server will check the token and I was right because I tried to change the token and I could check the debug result saying <em>invalid token</em>. | ||
| I also tried to do SQL injection but I think the password is already set onto a variable or a list in the server side.</p> | ||
| <p>After that I went to terminal and I started looking for hidden files in the server. I used some methods learned in other lectures. I used <em>gobuster</em> tool and I found the console page and one directory. I already knew about the static page but when I did again the same thing but inside the directory I found the password hidden page. That's how I found the usernames and passwords list.</p> | ||
| <p>root: 5B 1B | ||
| sally: FF 4A | ||
| duncan: 50 CB</p> | ||
| <p>I don't have any guess of the passwords. | ||
| )</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -2,7 +2,7 @@ import markdown | ||
|
|
||
|
|
||
| #Insert your student ID here | ||
| student_id="0123456789" | ||
| student_id="10697667" | ||
|
|
||
|
|
||
|
|
||