Authentication

We discuss methods to access a system, their strenghts and weaknesses. We show how an attacker would compromise or bypass authentication methods and present defensive mechanisms.

Slides for this session:

• handout

• handout_4on1_notes

• handout_8on1

Tasks

Download the session task archive.

1. Connect using SSH to ctf@141.85.224.104:20000. The account password is aw3som3_passw0rd. The flag is in /home/ctf/flag.

2. Connect using SSH to ctf@141.85.224.104:20001. The account password is no-matter-what-1. The flag is split in different places and each piece was created recently.

3. The password is, essentially, a string which needs to be checked against the user input. As you would expect, this usually goes as follows:

   for i = 1,length(password)
       if password[i] != input[i]
           return FAIL
   return SUCCESS
   

   Therefore, the more iterations the for-loop does, the closer the input is to the truth. Exploits based on information about the physical implementation of the authentication system (such as execution time / power consumption / resources allocated, for different inputs) are called side-channel attacks.

   Open the session task archive and access the sidechannel/ subfolder. Check the source code file sidechannel.py. The sidechannel program authenticates users if they enter the correct passphrase, which has the following structure

   <article> <adjective> <noun>
   

   The composing words are randomly chosen from the dictionaries in the dict/ directory. The check is done in plaintext and the program also reports its execution time (in microseconds). Design and implement a side-channel attack to guess the passphrase. Start from the break_sidechannel.py script.

4. Open the session task archive and access the password-breaking/ subfolder. The passwords.hash file contains a list of SHA-256 password hashes, with varying strengths and weaknesses and we have to determine the associated plaintexts. Use the Python skeleton scripts in cracking-scripts/ to crack the passwords. The run-all script runs them together. The dummy_breaking.py script is to be used as template.

   Follow the steps:

   1. Fill the dictionary_breaking.py script for a dictionary attack. Use the dictionary in dict/words to crack 10 passwords.

   2. Consider the following common substitutions:

      a -> @
      e -> 3
      i -> !
      o -> 0
      s -> $
      

      Fill the hybrid_breaking.py script to re-run the dictionary attack, while making all the above substitutions simultaneously. An additional 10 passwords will be broken this way.

   3. Extend your previous work in the extended_breaking.py script to add punctuation marks at the end of the password and the hybrid password, either . or ... or ! or ?. You will find 10 additional solutions: 5 solutions for adding punctuatation marks at the end of the password and 5 solutions for adding punctuation marks at the end of the hybrid password.

   4. Some entries in the database have a larger size than the others, because they also store a salt string, either prefixed

      salt.encode('hex') + hash(salt + actual_password)
      

      or suffixed

      hash(actual_password + salt) + salt.encode('hex')
      

      The convention is that if the database entry has the salt prefixed, then the salt was appended at the beginning of the password before salting. Similarly, a salt that is stored suffixed was appended after the password before hashing.

      Hashes that are above 32 bytes (i.e. 64 hex digits) use a salt. These hashes have 74 hex digits, meaning that 10 hex digits either at the beginning or the end form the salt. Fill the salt_breaking.py script to run a salted dictionary attack, which will identify 5 suffixed and 5 prefixed passwords.

   5. Combine the salting and hybrid attack approach in the extended_salt_breaking.py script and determine 10 additional passwords.

   6. Fill the brute_force_breaking.py script to generate all the possible 4-character passwords and compares their hashes to the ones in the database. The charset to consider is composed of all the symbols on a standard US keyboard. There are 10 passwords to be cracked this way.

   7. Finally, run the remaining hashes through a lookup table such as CrackStation.net.

   8. (bonus) After all the above, you will be left with one uncracked hash. This account belongs to David, who used a lowercase space-separated passphrase. His Facebook profile is littered with the latest internet memes and it appears that he is a member in the Tolkien Society. Finally, he frequently uses the username boromir90. Can you guess his passphrase?

   9. (bonus) The 5chars-passwords.hash files contains 8 hashes for 5-character passwords using all printable characters. Create a copy of the brute_force_breaking.py script to crack these passwords as well.

Solutions

Download the solutions archive.