Informe LAB 1-Criptografia
17
UNIVERSIDAD PILOTO DE COLOMBIA ESPECIALIZACIÓN EN SEGURIDAD INFORMÁTICA COHORTE 5 CRIPTOGRAFÍA 02/08/2011 DIANA CAROLINA ECHEVERRIA ROJA HÉCTOR LEÓNIDAS DUARTE Desarrollo del laboratorio 1 de la materia de criptografía, el cual está enfocado al análisis de la fortaleza de las claves de usuario en un sistema linux Laboratorios 1
-
Upload
hectorduarte4 -
Category
Documents
-
view
115 -
download
0
Transcript of Informe LAB 1-Criptografia
U N I V E R S I D A D P I L O T O D E
C O L O M B I A
E S P E C I A L I Z A C I Ó N E N
S E G U R I D A D
I N F O R M Á T I C A
C O H O R T E 5
C R I P T O G R A F Í A
0 2 / 0 8 / 2 0 1 1
DIANACAROLINAECHEVERRIAROJAHÉCTORLEÓNIDASDUARTEDesarrollo del laboratorio 1 de la materia de
criptografía, el cual está enfocado al análisis de la
fortaleza de las claves de usuario en un sistema linux
Laboratorios1
UNIVERSIDAD PILOTO DE COLOMBIA
SEGURIDAD EN APLICACIONES
Informe laboratorio
Laboratorio 1 - Conclusiones.
Siguiendo las instrucciones del laboratorio 1 paso 1, se verificó la versión instalada, para este laboratorio se empleo la versión 5 de BackTrack, luego se procedió a crear cinco usuarios:
User1: hduarte Pw: hduarte User2: usuario1 Pw: 123 User2: usuario2 Pw: 123456 User3: usuario3 Pw: 123456789 User4: usuario4 Pw: ¡”#$%& User5: root Pw: toor Luego se procedió unficar el archivo de los usuarios y las claves mediante el comando cat: # cat /etc/passwd > passwd.1 # cat /etc/shadow>> passwd.1 Despues de unicar esta información en un archivo, passwd.1, se utilizó el comando ./John para ver el texto en claro de las claves usadas por los usuarios: # ./John passwd.1
De la utilización del comando anterior se obtiene la siguiente información: Loaded 7 password hashes whit 7 different salter (generic crypt (3) [?/32]) hduarte (hduarte) toor (root) 123456789 (usuario3) 123 (usuario1) 123456 (usuario2) Adicionalmente, la herramienta continúo realizando el proceso de des encriptación proceso que fue preguntado al docente y recomendó hacer kill, ya que se había cumplido el objetivo del laboratorio. Luego de este proceso se realizo la evaluación de los resultados, utilizando la instrucción less #less John.pot Teniendo en cuenta que se incluyeron claves con caracteres especiales, el proceso es mas demorado, se evidencia que utilizando caracteres especiales hace mas difícil la desencriptación de estos. Ajunto texto con los procedimientos realizados.
INSTRUCCIONES EMPELADAS CON JOHN THE RIPPER
John the Ripper password cracker. You can use an optimized version of john (optimized for your architecture), or just use the default symbolic link "./john". To modify the default executable you must replace the symbolic link. john john.conf john-x86-any john-x86-mmx john-x86-sse2 root@bt:/pentest/passwords/john# ls -l total 2664 -rw-r--r-- 1 root root 341064 2011-05-06 22:49 all.chr -rw-r--r-- 1 root root 232158 2011-05-06 22:49 alnum.chr -rw-r--r-- 1 root root 131549 2011-05-06 22:49 alpha.chr -rwxr-xr-x 1 root root 9620 2011-05-06 22:49 calc_stat -rw-r--r-- 1 root root 40391 2011-05-06 22:49 digits.chr drwxr-xr-x 2 root root 4096 2011-05-10 10:58 doc -rw-r--r-- 1 root root 1871 2011-05-06 22:49 genincstats.rb -rwxr-xr-x 1 root root 22012 2011-05-06 22:49 genmkvpwd lrwxrwxrwx 1 root root 13 2011-07-30 06:21 john -> john-x86-sse2 -rw-r--r-- 1 root root 38165 2011-05-06 22:49 john.conf
-rwxr-xr-x 1 root root 456088 2011-05-06 22:49 john-x86-any -rwxr-xr-x 1 root root 481368 2011-05-06 22:49 john-x86-mmx -rwxr-xr-x 1 root root 519032 2011-05-06 22:49 john-x86-sse2 -rw-r--r-- 1 root root 215982 2011-05-06 22:49 lanman.chr -rw-r--r-- 1 root root 453 2011-05-06 22:49 ldif2pw.pl -rwxr-xr-x 1 root root 785 2011-05-06 22:49 mailer -rwxr-xr-x 1 root root 9628 2011-05-06 22:49 mkvcalcproba -rw-r--r-- 1 root root 9727 2011-05-06 22:49 netntlm.pl -rw-r--r-- 1 root root 5177 2011-05-06 22:49 netscreen.py -rw-r--r-- 1 root root 22965 2011-05-06 22:49 password.lst lrwxrwxrwx 1 root root 10 2011-07-30 06:21 README -> doc/README -rw-r--r-- 1 root root 230 2011-05-06 22:49 README-backtrack -rw-r--r-- 1 root root 759 2011-05-06 22:49 README-jumbo -rw-r--r-- 1 root root 2807 2011-05-06 22:49 sap_prepare.pl -rw-r--r-- 1 root root 527 2011-05-06 22:49 sha-dump.pl -rw-r--r-- 1 root root 499 2011-05-06 22:49 sha-test.pl -rw-r--r-- 1 root root 107571 2011-05-06 22:49 stats -rwxr-xr-x 1 root root 9676 2011-05-06 22:49 tgtsnarf lrwxrwxrwx 1 root root 4 2011-07-30 06:21 unafs -> john lrwxrwxrwx 1 root root 4 2011-07-30 06:21 undrop -> john lrwxrwxrwx 1 root root 4 2011-07-30 06:21 unique -> john lrwxrwxrwx 1 root root 4 2011-07-30 06:21 unshadow -> john root@bt:/pentest/passwords/john# vi password.lst [1]+ Stopped vi password.lst root@bt:/pentest/passwords/john# useradd -m hduarte root@bt:/pentest/passwords/john# passwd hduarte Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# useradd -m usuario1 root@bt:/pentest/passwords/john# passwd usuario1 Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match passwd: Authentication token manipulation error passwd: password unchanged root@bt:/pentest/passwords/john# passwd usuario1 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# passwd usuario1 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# useradd -m usuario2 root@bt:/pentest/passwords/john# passwd usuario2
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# useradd -m usuario3 root@bt:/pentest/passwords/john# passwd usuario3 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# useradd -m usuario4 root@bt:/pentest/passwords/john# passwd usuario4 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# useradd -m usuario5 root@bt:/pentest/passwords/john# passwd usuario5 Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match passwd: Authentication token manipulation error passwd: password unchanged root@bt:/pentest/passwords/john# passwd usuario5 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@bt:/pentest/passwords/john# cat /etc/passwd > passwd.1 root@bt:/pentest/passwords/john# cat /etc/shadow >> passwd.1 root@bt:/pentest/passwords/john# .john passwd.1 No command '.john' found, did you mean: Command 'john' from package 'john' (main) .john: command not found root@bt:/pentest/passwords/john# ./john passwd.1 Loaded 7 password hashes with 7 different salts (generic crypt(3) [?/32]) hduarte (hduarte) toor (root) 123456789 (usuario3) 123 (usuario1) 123456 (usuario2) guesses: 5 time: 0:00:09:03 0.93% (2) (ETA: Sun Jul 31 01:19:46 2011) c/s: 32.61 trying: beanie - camille guesses: 5 time: 0:00:13:36 5.30% (2) (ETA: Sat Jul 30 13:23:15 2011) c/s: 32.89 trying: magics - bobs guesses: 5 time: 0:00:14:06 5.57% (2) (ETA: Sat Jul 30 13:19:47 2011) c/s: 32.87 trying: crackers - majordomos guesses: 5 time: 0:00:14:51 6.04% (2) (ETA: Sat Jul 30 13:12:30 2011) c/s: 32.82 trying: xfileses - pookies guesses: 5 time: 0:00:29:47 15.88% (2) (ETA: Sat Jul 30 12:14:12 2011) c/s: 32.58 trying: DALLAS - HONDA
guesses: 5 time: 0:00:40:12 22.12% (2) (ETA: Sat Jul 30 12:08:23 2011) c/s: 32.61 trying: elsie3 - gretzky3 guesses: 5 time: 0:00:40:21 22.25% (2) (ETA: Sat Jul 30 12:07:59 2011) c/s: 32.61 trying: jimmy3 - lotus3 guesses: 5 time: 0:00:51:10 28.74% (2) (ETA: Sat Jul 30 12:04:40 2011) c/s: 32.41 trying: overkill4 - snowski4
INSTRUCCIONES PARA SSH E HYDRA root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 172.0.0.1 ssh2 Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:23:01 Error: Unknown service root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 172.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:23:13 Error: File for passwords not found! root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ssh2 Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:24:22 Error: Unknown service root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:24:26 Error: File for passwords not found! root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:24:37 Error: File for passwords not found! root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ss^C root@bt:~# find / -name hydra /usr/local/bin/hydra root@bt:~# cd /usr/local/bin/ root@bt:/usr/local/bin# ls -l total 123296 -rwxr-xr-x 1 root root 101 2011-04-30 05:04 2to3 -rwxr-xr-x 1 root root 1125603 2011-04-30 04:21 affcat -rwxr-xr-x 1 root root 1213090 2011-04-30 04:21 affcompare -rwxr-xr-x 1 root root 1144676 2011-04-30 04:21 affconvert -rwxr-xr-x 1 root root 1283866 2011-04-30 04:21 affcopy -rwxr-xr-x 1 root root 1101749 2011-04-30 04:21 affcrypto -rwxr-xr-x 1 root root 1270198 2011-04-30 04:21 affdiskprint -rwxr-xr-x 1 root root 1162409 2011-04-30 04:21 affinfo -rwxr-xr-x 1 root root 1054501 2011-04-30 04:21 affix -rwxr-xr-x 1 root root 1089349 2011-04-30 04:21 affrecover -rwxr-xr-x 1 root root 1090846 2011-04-30 04:21 affsegment -rwxr-xr-x 1 root root 1151402 2011-04-30 04:21 affsign -rwxr-xr-x 1 root root 1054685 2011-04-30 04:21 affstats -rwxr-xr-x 1 root root 10093 2011-04-30 04:21 affuse
-rwxr-xr-x 1 root root 1192443 2011-04-30 04:21 affverify -rwxr-xr-x 1 root root 1121516 2011-04-30 04:21 affxml -rwxr-xr-x 1 root root 255308 2011-05-10 13:43 aircrack-ng -rwxr-xr-x 1 root root 99011 2011-05-10 13:43 airdecap-ng -rwxr-xr-x 1 root root 83223 2011-05-10 13:43 airdecloak-ng -rwxr-xr-x 1 root root 15397 2011-05-10 11:02 airgraph-ng -rwxr-xr-x 1 root root 128371 2011-05-10 13:43 airolib-ng -rwxr-xr-x 1 root root 50820 2011-05-08 22:11 alive6 -rwxr-xr-x 1 root root 89124 2011-05-01 07:18 amap -rwxr-xr-x 1 root root 17980 2011-05-01 07:18 amapcrap lrwxrwxrwx 1 root root 28 2011-07-30 06:30 armitage -> /opt/framework3/app/armitage -rwxr-xr-x 1 root root 22407 2011-05-10 13:43 besside-ng-crawler -rwxr-xr-x 1 root root 1059757 2011-04-30 05:14 blkcalc -rwxr-xr-x 1 root root 1059507 2011-04-30 05:14 blkcat -rwxr-xr-x 1 root root 1061194 2011-04-30 05:14 blkls -rwxr-xr-x 1 root root 1062406 2011-04-30 05:14 blkstat -rwxr-xr-x 1 root root 3110 2011-05-06 22:50 bombardment -rwxr-xr-x 1 root root 172064 2011-04-30 04:25 btscanner -rwxr-xr-x 1 root root 39113 2011-05-10 13:43 buddy-ng -rwxr-xr-x 1 root root 6380174 2011-04-30 04:27 bulk_extractor -rwxr-xr-x 1 root root 83398 2011-05-03 00:48 capinfos -rwxr-xr-x 1 root root 85245 2011-04-30 05:20 cjpeg -rwxr-xr-x 1 root root 249606 2011-05-08 09:14 cowpatty -rwxr-xr-x 1 root root 361678 2011-04-30 04:29 dc3dd -rwxr-xr-x 1 root root 42608 2011-05-08 22:11 denial6 -rwxr-xr-x 1 root root 38508 2011-05-08 22:11 detect-new-ip6 -rwxr-xr-x 1 root root 27025 2011-05-03 00:48 dftest -rwxr-xr-x 1 root root 98115 2011-04-30 05:20 djpeg -rwxr-xr-x 1 root root 79477 2011-05-01 07:53 dmitry -rwxr-xr-x 1 root root 181892 2011-05-08 22:11 dnsdict6 -rwxr-xr-x 1 root root 59985 2011-05-01 07:36 dnstracer -rwxr-xr-x 1 root root 38520 2011-05-08 22:11 dos-new-ip6 -rwxr-xr-x 1 root root 150568 2011-05-03 00:48 dumpcap -rwxr-xr-x 1 root root 3539 2011-05-10 11:02 dump-join -rwxr-xr-x 1 root root 17297 2011-04-30 04:52 dupemap -rwxr-xr-x 1 root root 106885 2011-05-03 00:48 editcap -rwxr-xr-x 1 root root 46712 2011-05-08 22:11 exploit6 -rwxr-xr-x 1 root root 38500 2011-05-08 22:11 fake_advertise6 -rwxr-xr-x 1 root root 38496 2011-05-08 22:11 fake_mipv6 -rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_mld26 -rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_mld6 -rwxr-xr-x 1 root root 38504 2011-05-08 22:11 fake_mldrouter6 -rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_router6 -rwxr-xr-x 1 root root 160447 2011-04-30 04:37 fatback -rwxr-xr-x 1 root root 83675 2011-05-06 22:08 fcrackzip -rwxr-xr-x 1 root root 1061713 2011-04-30 05:14 ffind
-r-x--x--x 1 root root 55166 2011-05-05 02:45 fiked -rwxr-xr-x 1 root root 283 2011-04-30 04:49 fl-build-report -rwxr-xr-x 1 root root 287 2011-04-30 04:49 fl-credential-ctl -rwxr-xr-x 1 root root 283 2011-04-30 04:49 fl-install-demo -rwxr-xr-x 1 root root 281 2011-04-30 04:49 fl-monitor-ctl -rwxr-xr-x 1 root root 38516 2011-05-08 22:11 flood_advertise6 -rwxr-xr-x 1 root root 38516 2011-05-08 22:11 flood_router6 -rwxr-xr-x 1 root root 271 2011-04-30 04:49 fl-record -rwxr-xr-x 1 root root 277 2011-04-30 04:49 fl-run-bench -rwxr-xr-x 1 root root 275 2011-04-30 04:49 fl-run-test -rwxr-xr-x 1 root root 1062707 2011-04-30 05:14 fls -rwxr-xr-x 1 root root 66748 2011-04-30 04:38 foremost -rwxr-xr-x 1 root root 1045855 2011-04-30 05:14 fsstat -rwxr-xr-x 1 root root 52732 2011-05-08 22:11 fuzz_ip6 -rwxr-xr-x 1 root root 28263 2011-05-02 20:35 gdb.py -r-xr-xr-x 1 root root 3470 2011-05-01 11:26 genlist -rwxr-xr-x 1 root root 197160 2011-05-08 09:14 genpmk -r-xr-xr-x 1 root root 39182 2011-05-10 11:11 giskismet -rwxr-xr-x 1 root root 59566 2011-05-04 05:03 gpshell -rwxr-xr-x 1 root root 20483 2011-05-06 05:26 gsmtprc -rwxr-xr-x 1 root root 190409 2011-04-30 04:54 hashdeep -rwxr-xr-x 1 root root 93656 2011-04-30 04:49 hexedit -rwxr-xr-x 1 root root 97733 2011-04-30 05:14 hfind -rwxr-xr-x 1 root root 964992 2011-05-10 11:11 honeyd -rwxr-xr-x 1 root root 35404 2011-05-10 11:11 honeydctl -rwxr-xr-x 1 root root 216113 2011-05-10 11:11 honeydstats -rwxr-xr-x 1 root root 201845 2011-05-10 11:11 hsniff -rwxr-xr-x 1 root root 213612 2011-05-02 01:37 hydra -rwxr-xr-x 1 root root 1061429 2011-04-30 05:14 icat -rwxr-xr-x 1 root root 2751 2011-05-03 00:48 idl2wrs -rwxr-xr-x 1 root root 99 2011-04-30 05:04 idle -rwxr-xr-x 1 root root 1053998 2011-04-30 05:14 ifind -rwxr-xr-x 1 root root 215376 2011-05-01 08:42 ike-scan -rwxr-xr-x 1 root root 1060581 2011-04-30 05:14 ils -rwxr-xr-x 1 root root 88102 2011-04-30 05:14 img_cat -rwxr-xr-x 1 root root 79685 2011-04-30 05:14 img_stat -rwxr-xr-x 1 root root 75372 2011-05-08 22:11 implementation6 -rwxr-xr-x 1 root root 38500 2011-05-08 22:11 implementation6d -rwxr-xr-x 1 root root 1053606 2011-04-30 05:14 istat -rwxr-xr-x 1 root root 101752 2011-05-10 13:43 ivstools -rwxr-xr-x 1 root root 1053366 2011-04-30 05:14 jcat -rwxr-xr-x 1 root root 1053149 2011-04-30 05:14 jls -rwxr-xr-x 1 root root 93368 2011-04-30 05:20 jpegtran -rwxr-xr-x 1 root root 11404 2011-05-10 03:35 keepnote -r-xr-xr-x 1 root root 267 2011-05-03 02:34 kismet -r-xr-xr-x 1 root root 8829947 2011-05-03 02:34 kismet_client -r-xr-xr-x 1 root root 5560722 2011-05-03 02:34 kismet_drone
-r-xr-xr-x 1 root root 11341181 2011-05-03 02:34 kismet_server -rwxr-xr-x 1 root root 23830 2011-05-10 13:43 kstats -rwxr-xr-x 1 root root 941 2011-04-30 04:24 launchbeef.sh drwxr-xr-x 2 root root 4096 2011-05-10 11:02 lib -rwxr-xr-x 1 root root 274682 2011-05-10 02:08 lspst -rwxr-xr-x 1 root root 35296 2011-05-01 08:59 macchanger -rwxr-xr-x 1 root root 24426 2011-04-30 05:14 mactime -rwxr-xr-x 1 root root 26982 2011-04-30 04:52 magicrescue -rwxr-xr-x 1 root root 765 2011-04-30 04:52 magicsort -rwxr-xr-x 1 root root 45807 2011-05-10 13:43 makeivs-ng -rwxr-xr-x 1 root root 109170 2011-04-30 04:54 md5deep -rwxr-xr-x 1 root root 161317 2011-05-08 01:25 medusa -rwxr-xr-x 1 root root 31399 2011-05-03 00:48 mergecap -rwxr-xr-x 1 root root 23349 2011-05-02 04:26 miniterm.py -rwxr-xr-x 1 root root 52550 2011-04-30 04:56 missidentify -rwxr-xr-x 1 root root 207287 2011-04-30 05:14 mmcat -rwxr-xr-x 1 root root 212550 2011-04-30 05:14 mmls -rwxr-xr-x 1 root root 207102 2011-04-30 05:14 mmstat lrwxrwxrwx 1 root root 26 2011-07-30 06:30 msfcli -> /opt/framework3/app/msfcli lrwxrwxrwx 1 root root 30 2011-07-30 06:30 msfconsole -> /opt/framework3/app/msfconsole lrwxrwxrwx 1 root root 24 2011-07-30 06:30 msfd -> /opt/framework3/app/msfd lrwxrwxrwx 1 root root 30 2011-07-30 06:30 msfelfscan -> /opt/framework3/app/msfelfscan lrwxrwxrwx 1 root root 29 2011-07-30 06:30 msfencode -> /opt/framework3/app/msfencode lrwxrwxrwx 1 root root 26 2011-07-30 06:30 msfgui -> /opt/framework3/app/msfgui lrwxrwxrwx 1 root root 26 2011-07-30 06:30 msfirb -> /opt/framework3/app/msfirb lrwxrwxrwx 1 root root 31 2011-07-30 06:30 msfmachscan -> /opt/framework3/app/msfmachscan lrwxrwxrwx 1 root root 30 2011-07-30 06:30 msfpayload -> /opt/framework3/app/msfpayload lrwxrwxrwx 1 root root 29 2011-07-30 06:30 msfpescan -> /opt/framework3/app/msfpescan lrwxrwxrwx 1 root root 26 2011-07-30 06:30 msfrpc -> /opt/framework3/app/msfrpc lrwxrwxrwx 1 root root 27 2011-07-30 06:30 msfrpcd -> /opt/framework3/app/msfrpcd lrwxrwxrwx 1 root root 29 2011-07-30 06:30 msfupdate -> /opt/framework3/app/msfupdate -rwxr-xr-x 1 root root 62989 2011-05-01 09:06 nbtscan -rwxr-xr-x 1 root root 150939 2011-05-01 09:44 ncat -rwxr-xr-x 1 root root 161772 2011-05-06 22:49 ncrack -rwxr-xr-x 1 root root 48415 2011-04-30 19:26 ndiff
-rwxr-xr-x 1 root root 17297 2011-05-04 22:11 netmask -rwxr-xr-x 1 root root 829455 2011-05-01 09:44 nmap lrwxrwxrwx 1 root root 6 2011-07-30 06:30 nmapfe -> zenmap -rwxr-xr-x 1 root root 453272 2011-05-01 09:44 nping -r-xr-xr-x 1 root root 34283 2011-05-01 11:26 outputpbnj -rwxr-xr-x 1 root root 124030 2011-05-10 13:43 packetforge-ng -rwxr-xr-x 1 root root 42608 2011-05-08 22:11 parasite6 -rwxr-xr-x 1 root root 67854 2011-05-06 13:06 pcapdump -rwxr-xr-x 1 root root 73581 2011-05-01 08:42 psk-crack -rwxr-xr-x 1 root root 360593 2011-05-10 02:08 pst2ldif -rwxr-xr-x 1 root root 9632 2011-05-02 01:37 pw-inspector -rwxr-xr-x 1 root root 84 2011-04-30 05:04 pydoc -rwxr-xr-x 1 root root 4379272 2011-04-30 05:04 python2.7 -rwxr-xr-x 1 root root 1624 2011-04-30 05:04 python2.7-config -rwxr-xr-x 1 root root 45782 2011-05-10 11:11 radclient -rwxr-xr-x 1 root root 119987 2011-05-10 11:11 radconf2xml -rwxr-xr-x 1 root root 56326 2011-05-10 11:10 radeapclient -rwxr-xr-x 1 root root 128 2011-05-10 11:11 radlast -rwxr-xr-x 1 root root 30660 2011-05-10 11:11 radsniff -rwxr-xr-x 1 root root 4711 2011-05-10 11:11 radsqlrelay -rwxr-xr-x 1 root root 837 2011-05-10 11:11 radtest -rwxr-xr-x 1 root root 136212 2011-05-10 11:11 radwho -rwxr-xr-x 1 root root 1054 2011-05-10 11:11 radzap -rwxr-xr-x 1 root root 26177 2011-05-03 00:48 randpkt -rwxr-xr-x 1 root root 251898 2011-05-03 00:48 rawshark -rwxr-xr-x 1 root root 11856 2011-04-30 05:20 rdjpgcom -rwxr-xr-x 1 root root 347984 2011-05-10 02:08 readpst -rwxr-xr-x 1 root root 20922 2011-04-30 05:05 recoverjpeg -rwxr-xr-x 1 root root 80922 2011-04-30 05:05 recovermov -rwxr-xr-x 1 root root 38496 2011-05-08 22:11 redir6 -rwxr-xr-x 1 root root 152242 2011-04-30 05:05 reglookup -rwxr-xr-x 1 root root 153480 2011-04-30 05:05 reglookup-recover -rwxr-xr-x 1 root root 1531 2011-04-30 05:05 reglookup-timeline -rwxr-xr-x 1 root root 826 2011-04-30 05:05 remove-duplicates -rwxr-xr-x 1 root root 38496 2011-05-08 22:11 rsmurf6 lrwxrwxrwx 1 root root 47 2011-07-30 06:30 ruby-1.9.2-head -> /usr/local/rvm/wrappers/default/ruby-1.9.2-head lrwxrwxrwx 1 root root 16 2011-07-30 06:30 ruby.bk -> /usr/bin/ruby1.8 -rwxr-xr-x 1 root root 68183 2011-04-30 05:11 safecopy -rwxr-xr-x 1 root root 140306 2011-04-30 05:11 scalpel -r-xr-xr-x 1 root root 65064 2011-05-01 11:26 scanpbnj -rwxr-xr-x 1 root root 1469 2011-05-02 00:34 scapy -rwxr-xr-x 1 root root 38504 2011-05-08 22:11 sendpees6 -rwxr-xr-x 1 root root 113039 2011-04-30 04:54 sha1deep -rwxr-xr-x 1 root root 118137 2011-04-30 04:54 sha256deep -rwxr-xr-x 1 root root 363565 2011-05-06 22:50 siege -rwxr-xr-x 1 root root 5956 2011-05-06 22:50 siege2csv.pl
-rwxr-xr-x 1 root root 13102 2011-05-06 22:50 siege.config -rwxr-xr-x 1 root root 85976 2011-04-30 05:14 sigfind -rwxr-xr-x 1 root root 176659 2011-04-30 05:13 sipsak -rwxr-xr-x 1 root root 23151 2011-05-10 11:10 smbencrypt -rwxr-xr-x 1 root root 18547 2011-04-30 05:04 smtpd.py -rwxr-xr-x 1 root root 137632 2011-05-06 05:26 smtprc -rwxr-xr-x 1 root root 10089 2011-05-06 04:53 smtpscan -rwxr-xr-x 1 root root 38496 2011-05-08 22:11 smurf6 -rwxr-xr-x 1 root root 50339 2011-04-30 05:14 sorter -rwxr-xr-x 1 root root 974 2011-04-30 05:05 sort-pictures -rwxr-xr-x 1 root root 21194 2011-04-30 05:14 srch_strings -rwxr-xr-x 1 root root 520792 2011-05-06 13:06 ssidsniff -rwxr-xr-x 1 root root 5751141 2011-05-06 03:49 sslsniff -rwxr-xr-x 1 root root 549081 2011-04-30 05:20 stegbreak -rwxr-xr-x 1 root root 140226 2011-04-30 05:20 stegcompare -rwxr-xr-x 1 root root 172383 2011-04-30 05:20 stegdeimage -rwxr-xr-x 1 root root 1667355 2011-04-30 05:20 stegdetect -rwxr-xr-x 1 root root 9792 2011-05-02 20:35 strace.py -rwxr-xr-x 1 root root 73888 2011-05-01 11:27 tcptraceroute -rwxr-xr-x 1 root root 15938 2011-05-02 03:30 teredo-mire -rwxr-xr-x 1 root root 67094 2011-05-03 00:48 text2pcap -rwxr-xr-x 1 root root 38496 2011-05-08 22:11 thcping6 -rwxr-xr-x 1 root root 30840 2011-04-30 05:23 thc-pptp-bruter -rwxr-xr-x 1 root root 117614 2011-04-30 04:54 tigerdeep -rwxr-xr-x 1 root root 38504 2011-05-08 22:11 toobig6 -rwxr-xr-x 1 root root 42612 2011-05-08 22:11 trace6 -rwxr-xr-x 1 root root 45088 2011-05-01 10:54 traceroute -rwxr-xr-x 1 root root 782093 2011-05-03 00:48 tshark -rwxr-xr-x 1 root root 1206144 2011-04-30 05:14 tsk_comparedir -rwxr-xr-x 1 root root 1183318 2011-04-30 05:14 tsk_gettimes -rwxr-xr-x 1 root root 2531582 2011-04-30 05:14 tsk_loaddb -rwxr-xr-x 1 root root 1178349 2011-04-30 05:14 tsk_recover -rwxr-xr-x 1 root root 21398 2011-05-01 09:44 uninstall_zenmap -rwxr-xr-x 1 root root 1494 2011-05-02 00:34 UTscapy -rwxr-xr-x 1 root root 22933625 2011-05-08 01:26 videojak -rwxr-x--- 1 root root 51607 2011-05-08 06:21 voipctl -rwxr-x--- 1 root root 127959 2011-05-08 06:21 voipong -rwxr-xr-x 1 root root 130239 2011-04-30 04:54 whirlpooldeep -rwxr-xr-x 1 root root 5616244 2011-05-03 00:48 wireshark -rwxr-xr-x 1 root root 12070 2011-04-30 05:20 wrjpgcom -rwxr-xr-x 1 root root 59340 2011-05-02 01:37 xhydra lrwxrwxrwx 1 root root 6 2011-07-30 06:30 xnmap -> zenmap -rwxr-xr-x 1 root root 977581 2011-05-09 11:58 yersinia -rwxr-xr-x 1 root root 6815 2011-05-01 09:44 zenmap -rwxr-xr-x 1 root root 18096 2011-05-06 22:08 zipinfo root@bt:/usr/local/bin# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:36:38 Error: File for passwords not found! root@bt:/usr/local/bin# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh2 Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:36:46 Error: Unknown service root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh2 Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:03 Error: Unknown service root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:16 Error: File for passwords not found! root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:33 Error: File for passwords not found! root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f 127.0.0.1 ssh2 Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:53 Error: Unknown service root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P /pentest/passwords/john/password.lst 127.0.0.1 ssh Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:38:42
[DATA] 32 tasks, 1 servers, 3171 login tries (l:1/p:3171), ~99 tries per task [DATA] attacking service ssh on port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 [22][ssh] host: 127.0.0.1 login: hduarte password: hduarte Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 [STATUS] attack finished for 127.0.0.1 (valid pair found) Error: could not connect to target port 22 Error: could not connect to target port 22 Error: could not connect to target port 22 Hydra (http://www.thc.org/thc-hydra) finished at 2011-07-30 11:38:52 root@bt:/usr/local/bin#
PARTE 2
ROMPIENDO CLAVES EN WINDOWS Siguiendo las instrucciones dadas en la guía “ROMPIENDO CLAVES DE WINDOWS CON BACKTRACK.docx” se obtuvieron los siguientes resultados: Parte 2 – A: En esta parte se inicio con un live Cd de BackTrack5 una maquina que tiene como sistema operativo nativo Windows XP, con el objetivo de capturar el archivo que contiene las claves. Archivo capturado: Nombre Archivo: pass-hash.txt Administrador:500:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac768c47c729904::: Invitado:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Asistente de ayuda:1000:227f6aaf9dc1afde2b5ce962334bef6f:78af5a261cda9ef022c500d9fe5d7fad::: SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:90f202892d590f99ec1c81209bfac247::: DORIS:1003:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac768c47c729904::: IUSR_JAHV-4290B798C4:1004:eb3e47debd1dfc69324e6037bf1ea7af:3143d884add2a9d72a1730395fc3317e::: IWAM_JAHV-4290B798C4:1005:57d5ed45d95b17aab9da8d265ee6ec58:a99d253a471a6fc3db449f105eb0adec::: hector:1006:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac768c47c729904::: ASPNET:1007:9ef4e5f35fd658386d9db28c0865c293:4135eea34882d86d152436a997de61f0::: Procedimientos realizados desde BackTrack5 root@root:~# df Filesystem 1K-blocks Used Available Use% Mounted on aufs 899744 10580 889164 2% / none 890500 244 890256 1% /dev /dev/sr0 1929380 1929380 0 100% /cdrom /dev/loop0 1862528 1862528 0 100% /rofs none 899744 0 899744 0% /dev/shm tmpfs 899744 8 899736 1% /tmp
none 899744 64 899680 1% /var/run none 899744 0 899744 0% /var/lock none 899744 0 899744 0% /lib/init/rw /dev/sda1 102398276 14752376 87645900 15% /media/disk root@root:~# bkhive /media/disk/WINDOWS/system32/config/system syskey.txt bkhive 1.1.1 by Objectif Securite http://www.objectif-securite.ch original author: [email protected] Root Key : $$$PROTO.HIV Default ControlSet: 001 Bootkey: 3bd793b752863593b511df3f55504dcb root@root:~# samdump2 /media/disk/WINDOWS/system32/config/ syskey.txt samdump2 1.1.1 by Objectif Securite http://www.objectif-securite.ch original author: [email protected] Error opening sam hive or not valid file("/media/disk/WINDOWS/system32/config/") root@root:~# root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt > pass?hash.txt samdump2 1.1.1 by Objectif Securite http://www.objectif-securite.ch original author: [email protected] Root Key : SAM root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt > pass-hash.txt samdump2 1.1.1 by Objectif Securite http://www.objectif-securite.ch original author: [email protected] Root Key : SAM root@root:~# dir Desktop pass-hash.txt pass?hash.txt syskey.txt root@root:~# OPERANDO CON JOHN THE RIPER John the Ripper password cracker. You can use an optimized version of john (optimized for your architecture), or just use the default symbolic link "./john". To modify the default executable you must replace the symbolic link.
john john.conf john-x86-any john-x86-mmx john-x86-sse2 root@root:/pentest/passwords/john# john pass_hash.txt -w:dic.txt stat: pass_hash.txt: No such file or directory root@root:/pentest/passwords/john# ls all.chr genmkvpwd ldif2pw.pl README tgtsnarf alnum.chr john mailer README-backtrack unafs alpha.chr john.conf mkvcalcproba README-jumbo undrop calc_stat john-x86-any netntlm.pl sap_prepare.pl unique digits.chr john-x86-mmx netscreen.py sha-dump.pl unshadow doc john-x86-sse2 pass-hash.txt sha-test.pl genincstats.rb lanman.chr password.lst stats root@root:/pentest/passwords/john# john pass_hash.txt -i stat: pass_hash.txt: No such file or directory root@root:/pentest/passwords/john# john pass-hash.txt -w:dic.txt Loaded 10 password hashes with no different salts (LM DES [128/128 BS SSE2]) fopen: dic.txt: No such file or directory root@root:/pentest/passwords/john# john pass-hash.txt -i Loaded 10 password hashes with no different salts (LM DES [128/128 BS SSE2]) (Invitado) A (Administrador)
Y como resultado se obtiene que la clave del administrador es A
