Exercise: Cryptographic Failures

Read your passwords

In this exercise, we see why crypting data, without secure storage of the key is not sufficient.
  • Install Firefox.
  • Configure it to save passwords
  • Visite one or more web sites with passwords (for instance the ones we have seen last week).
  • Download LaZagne (github repository)
  • Read the passwords of firefox (and some others also).

List of passwords

Unsalted

We have hacked a web site and received the following file corresponding to usernames and passwords of users:
UsernameHashed PwdPassword
bie18da4d36229d9b0eb24a9e7c875151a66e5a9eb19toto72
doj11f71e0f4ac9b47cd93bf269e4017abaab9d3bd63bonjour
due159d9a6df06b9f610f7db8e036896ed03662d168fHallo
arb18cb2237d0679ca88db6464eac60da9634551396412345
frc1e8dd41e392fc88d355adc5ce95805975c7baffd6Kj56I-0
hnr1ba1630afffe80fe0e5fcf353cc9dc245ef2683a9gju98
knr18be3c943b1609fffbfc51aad666d0a04adf83c9dPassword
ert1db8ac1c259eb89d4a131b253bacfca5f319d54f2HelloWorld
sdf27e6dfeb48afce444b8be7b274b7e0869bd7c9c86MorgenZäme
yxc35a7f6ec9cdb4dc7035dc03c36e8d48f463cf339cGoodMorning
ztr1fb4d8deebe0cd2ae130336c889897f72234586ebThisismypassword
lkj106da63dbb1896fb91bfac21d3ede356aa69e0db6Bonjourlemonde
opi21f71e0f4ac9b47cd93bf269e4017abaab9d3bd63bonjour
mnb3048302433b4d42b6fc68f92ffca414a9a976dd46MotDePasse
rut11bba086040e9071efd98e303ea4758b1d91f05b5Password2015
edc2789ba01887bc4bf6495465a2e007c641259d013fbonjour2015
rfv3b518312d4755b54f8155e0f7c26b12eca1474287MotDePasse2015
tgb1daa1f31819ed4928fd00e986e6bda6dab6b177dcMyPassword
The usernames (as you already know), are always the three letters and one digit in front of the string. Then it is a hash that is not salted. The hash has been generated by the function SHA1. For unsalted passwords, you can use rainbow tables like : crackstation.net to access most of the passwords.
Some hackers have also their own rainbow tables. But most of them don't, since the most interesting passwords are salted.

Salted

We have hacked another web site and received the following file corresponding to usernames and passwords of users:
UsernameHashed PwdPassword
bie1f952bf8a0c5a4c3c630c2f11b7cd2f1ce6d31ac1toto
doj1c8215163f78d5ca3f53d31cf9eecc2a94b692c0cHello18
due1b3b6fec7270d61c5233e94584a44c05072a16582Hallo
arb15ebdf7b8a05bd7c8d29fab38a24107e67038c7bfqwertz
frc18f45d408209a0fd5114d589db35e6e11b8d6436casdfgh
hnr17f661d99c5334f889468f3d3c3e675eea5510facgju98
knr1cef984bc0c44d1bf3f6d1bf0e34eb0d3457ce189Pass
opi2771eede0589a442dc47b94fec18f7871dac1fd56bonjour
mnb3ce3d1bdd4462743e1e3c1098d92d41ab103484e3Passe
rut11a05afa03a80e7667e8dcbbac6c1654b2624c5af2015
edg2f88dd27d89cded768dd53637c6d03b6dbb1ea86cabrkdj
rfg32ebca136044a4bb0d0a20a59784b65d43e4a2ff4eirud13
tgg1ec9076e7f4e1248719557c35473014f6862586a1fjfj09
In this example, we have salted the hashes with the username and a semicolon.
function hashPassword($username,$password){
  return sha1($username.';'.$password);
}
Modify the program done for exercise Authentication to bruteforce the first password.
You can brute force the password with a length of 4 or 5 using a small Python script. It will not work for password of length 7, you will need something like C (or install a precompiled software).

Installation of HashCat

Download and install the tool HashCat, for advanced password "recovery". Use hashcat to discover the passwords of the users we hacked. There are also GPU optimized versions of this software. So, if you have a strong graphic card, you should download one of them.
You may need a list of passwords (acquired from many attacks) at the top of the following page Disclosure Project or at the bottom of this page crackstation.net.
Remark if you use one of those passwords, you should change soon ;-).