Authentication
We discuss methods to access a system, their strenghts and weaknesses. We show how an attacker would compromise or bypass authentication methods and present defensive mechanisms.
- Slides for this session:
Tasks
Download the session task archive.
Connect using SSH to ctf@141.85.224.104:20000. The account password is aw3som3_passw0rd. The flag is in
/home/ctf/flag
.Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.
Connect using SSH to ctf@141.85.224.104:20001. The account password is no-matter-what-1. The flag is split in different places and each piece was created recently.
Submit the flag on the CTF platform. You need to create an account on the platform if you don’t already have one.
The password is, essentially, a string which needs to be checked against the user input. As you would expect, this usually goes as follows:
for i = 1,length(password) if password[i] != input[i] return FAIL return SUCCESS
Therefore, the more iterations the for-loop does, the closer the input is to the truth. Exploits based on information about the physical implementation of the authentication system (such as execution time / power consumption / resources allocated, for different inputs) are called side-channel attacks.
Open the session task archive and access the
sidechannel/
subfolder. Check the source code filesidechannel.py
. Thesidechannel
program authenticates users if they enter the correct passphrase, which has the following structure<article> <adjective> <noun>
The composing words are randomly chosen from the dictionaries in the
dict/
directory. The check is done in plaintext and the program also reports its execution time (in microseconds). Design and implement a side-channel attack to guess the passphrase. Start from thebreak_sidechannel.py
script.
Open the session task archive and access the
password-breaking/
subfolder. Thepasswords.hash
file contains a list of SHA-256 password hashes, with varying strengths and weaknesses and we have to determine the associated plaintexts. Use the Python skeleton scripts incracking-scripts/
to crack the passwords. Therun-all
script runs them together. Thedummy_breaking.py
script is to be used as template.Follow the steps:
Fill the
dictionary_breaking.py
script for a dictionary attack. Use the dictionary indict/words
to crack 10 passwords.Consider the following common substitutions:
a -> @ e -> 3 i -> ! o -> 0 s -> $
Fill the
hybrid_breaking.py
script to re-run the dictionary attack, while making all the above substitutions simultaneously. An additional 10 passwords will be broken this way.Extend your previous work in the
extended_breaking.py
script to add punctuation marks at the end of the password and the hybrid password, either.
or...
or!
or?
. You will find 10 additional solutions: 5 solutions for adding punctuatation marks at the end of the password and 5 solutions for adding punctuation marks at the end of the hybrid password.Some entries in the database have a larger size than the others, because they also store a salt string, either prefixed
salt.encode('hex') + hash(salt + actual_password)
or suffixed
hash(actual_password + salt) + salt.encode('hex')
The convention is that if the database entry has the salt prefixed, then the salt was appended at the beginning of the password before salting. Similarly, a salt that is stored suffixed was appended after the password before hashing.
Hashes that are above 32 bytes (i.e. 64 hex digits) use a salt. These hashes have 74 hex digits, meaning that 10 hex digits either at the beginning or the end form the salt. Fill the
salt_breaking.py
script to run a salted dictionary attack, which will identify 5 suffixed and 5 prefixed passwords.Combine the salting and hybrid attack approach in the
extended_salt_breaking.py
script and determine 10 additional passwords.Fill the
brute_force_breaking.py
script to generate all the possible 4-character passwords and compares their hashes to the ones in the database. The charset to consider is composed of all the symbols on a standard US keyboard. There are 10 passwords to be cracked this way.Finally, run the remaining hashes through a lookup table such as CrackStation.net.
(bonus) After all the above, you will be left with one uncracked hash. This account belongs to David, who used a lowercase space-separated passphrase. His Facebook profile is littered with the latest internet memes and it appears that he is a member in the Tolkien Society. Finally, he frequently uses the username
boromir90
. Can you guess his passphrase?(bonus) The
5chars-passwords.hash
files contains 8 hashes for 5-character passwords using all printable characters. Create a copy of thebrute_force_breaking.py
script to crack these passwords as well.
Solutions
Download the solutions archive.