Exercise: Cryptographic Failures

In this exercise, we see why crypting data, without secure storage of the key is not sufficient.

• Install Firefox (or create a new profile for those tests).
• Configure it to save passwords
• Visite one or more web sites with passwords (for instance the ones we have seen last week).
• Download LaZagne (github repository)
• Read the passwords of firefox (and some others also).

We have hacked a web site and received the following file corresponding to usernames and passwords of users:

Username	Hashed Pwd	Password
bie1	8da4d36229d9b0eb24a9e7c875151a66e5a9eb19	toto72
doj1	1f71e0f4ac9b47cd93bf269e4017abaab9d3bd63	bonjour
due1	59d9a6df06b9f610f7db8e036896ed03662d168f	Hallo
arb1	8cb2237d0679ca88db6464eac60da96345513964	12345
frc1	e8dd41e392fc88d355adc5ce95805975c7baffd6	Kj56I-0
hnr1	ba1630afffe80fe0e5fcf353cc9dc245ef2683a9	gju98
knr1	8be3c943b1609fffbfc51aad666d0a04adf83c9d	Password
ert1	db8ac1c259eb89d4a131b253bacfca5f319d54f2	HelloWorld
sdf2	7e6dfeb48afce444b8be7b274b7e0869bd7c9c86	MorgenZäme
yxc3	5a7f6ec9cdb4dc7035dc03c36e8d48f463cf339c	GoodMorning
ztr1	fb4d8deebe0cd2ae130336c889897f72234586eb	Thisismypassword
lkj1	06da63dbb1896fb91bfac21d3ede356aa69e0db6	Bonjourlemonde
opi2	1f71e0f4ac9b47cd93bf269e4017abaab9d3bd63	bonjour
mnb3	048302433b4d42b6fc68f92ffca414a9a976dd46	MotDePasse
rut1	1bba086040e9071efd98e303ea4758b1d91f05b5	Password2015
edc2	789ba01887bc4bf6495465a2e007c641259d013f	bonjour2015
rfv3	b518312d4755b54f8155e0f7c26b12eca1474287	MotDePasse2015
tgb1	daa1f31819ed4928fd00e986e6bda6dab6b177dc	MyPassword

The usernames (as you already know), are always the three letters and one digit in front of the string. Then it is a hash that is not salted. The hash has been generated by the function SHA1. For unsalted passwords, you can use rainbow tables like : crackstation.net to access most of the passwords.
Some hackers have also their own rainbow tables. But most of them don't, since the most interesting passwords are salted.

We have hacked another web site and received the following file corresponding to usernames and passwords of users:

Username	Hashed Pwd	Password
bie1	f952bf8a0c5a4c3c630c2f11b7cd2f1ce6d31ac1	toto
doj1	c8215163f78d5ca3f53d31cf9eecc2a94b692c0c	Hello18
due1	b3b6fec7270d61c5233e94584a44c05072a16582	Hallo
arb1	5ebdf7b8a05bd7c8d29fab38a24107e67038c7bf	qwertz
frc1	8f45d408209a0fd5114d589db35e6e11b8d6436c	asdfgh
hnr1	7f661d99c5334f889468f3d3c3e675eea5510fac	gju98
knr1	cef984bc0c44d1bf3f6d1bf0e34eb0d3457ce189	Pass
opi2	771eede0589a442dc47b94fec18f7871dac1fd56	bonjour
mnb3	ce3d1bdd4462743e1e3c1098d92d41ab103484e3	Passe
rut1	1a05afa03a80e7667e8dcbbac6c1654b2624c5af	2015
edg2	f88dd27d89cded768dd53637c6d03b6dbb1ea86c	abrkdj
rfg3	2ebca136044a4bb0d0a20a59784b65d43e4a2ff4	eirud13
tgg1	ec9076e7f4e1248719557c35473014f6862586a1	fjfj09

In this example, we have salted the hashes with the username and a semicolon.

function hashPassword($username,$password){
  return sha1($username.';'.$password);
}

Modify the program done for exercise Authentication to bruteforce the first password.
You can brute force the password with a length of 4 or 5 using a small Python script. It will not work for password of length 7, you will need something like C (or install a precompiled software).

Download and install the tool HashCat, for advanced password "recovery". Use hashcat to discover the passwords of the users we hacked. There are also GPU optimized versions of this software. So, if you have a strong graphic card, you should download one of them.
You may need a list of passwords (acquired from many attacks) at the bottom of this page crackstation.net.
Remark if you use one of those passwords, you should change soon ;-).