Informe LAB 1-Criptografia

Laboratorios
1
DIANA CAROLINA
ECHEVERRIA ROJA
HCTOR LENIDAS DUARTE
UNIVERSIDADPILOTODE
COLOMBIA
Desarrollodellaboratorio1delamateriade
criptografa,elcualestenfocadoalanlisisdela
fortalezadelasclavesdeusuarioenunsistemalinux
ESPECIALIZACINEN
SEGURIDAD
INFORMTICA
COHORTE5
CRIPTOGRAFA
02/08/2011
UNIVERSIDAD PILOTO DE COLOMBIA

SEGURIDAD EN APLICACIONES
Informe laboratorio
Laboratorio 1 - Conclusiones.
Siguiendo las instrucciones del laboratorio 1 paso 1, se verific la versin
instalada, para este laboratorio se empleo la versin 5 de BackTrack, luego se
procedi a crear cinco usuarios:
User1: hduarte
Pw: hduarte
User2: usuario1
Pw: 123
User2: usuario2
Pw: 123456
User3: usuario3
Pw: 123456789
User4: usuario4
Pw: #$%&
User5: root
Pw: toor
Luego se procedi unficar el archivo de los usuarios y las claves mediante el
comando cat:
# cat /etc/passwd > passwd.1
# cat /etc/shadow>> passwd.1
Despues de unicar esta informacin en un archivo, passwd.1, se utiliz el
comando ./John para ver el texto en claro de las claves usadas por los usuarios:
# ./John passwd.1
De la utilizacin del comando anterior se obtiene la siguiente informacin:

Loaded 7 password hashes whit 7 different salter (generic crypt (3) [?/32])
hduarte
(hduarte)
toor
(root)
123456789
(usuario3)
123
(usuario1)
123456
(usuario2)
Adicionalmente, la herramienta contino realizando el proceso de des encriptacin
proceso que fue preguntado al docente y recomend hacer kill, ya que se haba
cumplido el objetivo del laboratorio.
Luego de este proceso se realizo la evaluacin de los resultados, utilizando la
instruccin less
#less John.pot
Teniendo en cuenta que se incluyeron claves con caracteres especiales, el

proceso es mas demorado, se evidencia que utilizando caracteres especiales hace
mas difcil la desencriptacin de estos.
Ajunto texto con los procedimientos realizados.
INSTRUCCIONES EMPELADAS CON JOHN THE RIPPER
John the Ripper password cracker.
You can use an optimized version of john (optimized for your architecture),
or just use the default symbolic link "./john".
To modify the default executable you must replace the symbolic link.
john john.conf john-x86-any john-x86-mmx john-x86-sse2
root@bt:/pentest/passwords/john# ls -l
total 2664
-rw-r--r-- 1 root root 341064 2011-05-06 22:49 all.chr
-rw-r--r-- 1 root root 232158 2011-05-06 22:49 alnum.chr
-rw-r--r-- 1 root root 131549 2011-05-06 22:49 alpha.chr
-rwxr-xr-x 1 root root 9620 2011-05-06 22:49 calc_stat
-rw-r--r-- 1 root root 40391 2011-05-06 22:49 digits.chr
drwxr-xr-x 2 root root 4096 2011-05-10 10:58 doc
-rw-r--r-- 1 root root 1871 2011-05-06 22:49 genincstats.rb
-rwxr-xr-x 1 root root 22012 2011-05-06 22:49 genmkvpwd
lrwxrwxrwx 1 root root 13 2011-07-30 06:21 john -> john-x86-sse2
-rw-r--r-- 1 root root 38165 2011-05-06 22:49 john.conf
-rwxr-xr-x 1 root root 456088 2011-05-06 22:49 john-x86-any

-rwxr-xr-x 1 root root 481368 2011-05-06 22:49 john-x86-mmx
-rwxr-xr-x 1 root root 519032 2011-05-06 22:49 john-x86-sse2
-rw-r--r-- 1 root root 215982 2011-05-06 22:49 lanman.chr
-rw-r--r-- 1 root root 453 2011-05-06 22:49 ldif2pw.pl
-rwxr-xr-x 1 root root 785 2011-05-06 22:49 mailer
-rwxr-xr-x 1 root root 9628 2011-05-06 22:49 mkvcalcproba
-rw-r--r-- 1 root root 9727 2011-05-06 22:49 netntlm.pl
-rw-r--r-- 1 root root 5177 2011-05-06 22:49 netscreen.py
-rw-r--r-- 1 root root 22965 2011-05-06 22:49 password.lst
lrwxrwxrwx 1 root root 10 2011-07-30 06:21 README -> doc/README
-rw-r--r-- 1 root root 230 2011-05-06 22:49 README-backtrack
-rw-r--r-- 1 root root 759 2011-05-06 22:49 README-jumbo
-rw-r--r-- 1 root root 2807 2011-05-06 22:49 sap_prepare.pl
-rw-r--r-- 1 root root 527 2011-05-06 22:49 sha-dump.pl
-rw-r--r-- 1 root root 499 2011-05-06 22:49 sha-test.pl
-rw-r--r-- 1 root root 107571 2011-05-06 22:49 stats
-rwxr-xr-x 1 root root 9676 2011-05-06 22:49 tgtsnarf
lrwxrwxrwx 1 root root
4 2011-07-30 06:21 unafs -> john
4 2011-07-30 06:21 undrop -> john
4 2011-07-30 06:21 unique -> john
4 2011-07-30 06:21 unshadow -> john
root@bt:/pentest/passwords/john# vi password.lst
[1]+ Stopped
vi password.lst
root@bt:/pentest/passwords/john# useradd -m hduarte
root@bt:/pentest/passwords/john# passwd hduarte
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@bt:/pentest/passwords/john# useradd -m usuario1
root@bt:/pentest/passwords/john# passwd usuario1
Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged

Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
root@bt:/pentest/passwords/john# cat /etc/passwd > passwd.1
root@bt:/pentest/passwords/john# cat /etc/shadow >> passwd.1
root@bt:/pentest/passwords/john# .john passwd.1
No command '.john' found, did you mean:
Command 'john' from package 'john' (main)
.john: command not found
root@bt:/pentest/passwords/john# ./john passwd.1
Loaded 7 password hashes with 7 different salts (generic crypt(3) [?/32])
hduarte
(hduarte)
toor
(root)
123456789
(usuario3)
123
(usuario1)
123456
(usuario2)
guesses: 5 time: 0:00:09:03 0.93% (2) (ETA: Sun Jul 31 01:19:46 2011) c/s:
32.61 trying: beanie - camille
guesses: 5 time: 0:00:13:36 5.30% (2) (ETA: Sat Jul 30 13:23:15 2011) c/s: 32.89
trying: magics - bobs
trying: crackers - majordomos
trying: xfileses - pookies
guesses: 5 time: 0:00:29:47 15.88% (2) (ETA: Sat Jul 30 12:14:12 2011) c/s:
32.58 trying: DALLAS - HONDA
32.61 trying: elsie3 - gretzky3
32.61 trying: jimmy3 - lotus3
32.41 trying: overkill4 - snowski4
INSTRUCCIONES PARA SSH E HYDRA

root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 172.0.0.1 ssh2
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:23:01
Error: Unknown service
root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 172.0.0.1 ssh
for legal purposes.
Error: File for passwords not found!
root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ssh2
for legal purposes.
root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ssh
for legal purposes.
root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1 ssh
for legal purposes.
root@bt:~# hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1 ss^C
root@bt:~# find / -name hydra
/usr/local/bin/hydra
root@bt:~# cd /usr/local/bin/
root@bt:/usr/local/bin# ls -l
total 123296
-rwxr-xr-x 1 root root
101 2011-04-30 05:04 2to3
-rwxr-xr-x 1 root root 1125603 2011-04-30 04:21 affcat
-rwxr-xr-x 1 root root 1213090 2011-04-30 04:21 affcompare
-rwxr-xr-x 1 root root 1144676 2011-04-30 04:21 affconvert
-rwxr-xr-x 1 root root 1283866 2011-04-30 04:21 affcopy
-rwxr-xr-x 1 root root 1101749 2011-04-30 04:21 affcrypto
-rwxr-xr-x 1 root root 1270198 2011-04-30 04:21 affdiskprint
-rwxr-xr-x 1 root root 1162409 2011-04-30 04:21 affinfo
-rwxr-xr-x 1 root root 1054501 2011-04-30 04:21 affix
-rwxr-xr-x 1 root root 1089349 2011-04-30 04:21 affrecover
-rwxr-xr-x 1 root root 1090846 2011-04-30 04:21 affsegment
-rwxr-xr-x 1 root root 1151402 2011-04-30 04:21 affsign
-rwxr-xr-x 1 root root 1054685 2011-04-30 04:21 affstats
-rwxr-xr-x 1 root root 10093 2011-04-30 04:21 affuse
only
only
only
only
only
-rwxr-xr-x 1 root root 1192443 2011-04-30 04:21 affverify

-rwxr-xr-x 1 root root 1121516 2011-04-30 04:21 affxml
-rwxr-xr-x 1 root root 255308 2011-05-10 13:43 aircrack-ng
-rwxr-xr-x 1 root root 99011 2011-05-10 13:43 airdecap-ng
-rwxr-xr-x 1 root root 83223 2011-05-10 13:43 airdecloak-ng
-rwxr-xr-x 1 root root 15397 2011-05-10 11:02 airgraph-ng
-rwxr-xr-x 1 root root 128371 2011-05-10 13:43 airolib-ng
-rwxr-xr-x 1 root root 50820 2011-05-08 22:11 alive6
-rwxr-xr-x 1 root root 89124 2011-05-01 07:18 amap
-rwxr-xr-x 1 root root 17980 2011-05-01 07:18 amapcrap
28 2011-07-30 06:30
/opt/framework3/app/armitage
-rwxr-xr-x 1 root root 22407 2011-05-10 13:43 besside-ng-crawler
-rwxr-xr-x 1 root root 1059757 2011-04-30 05:14 blkcalc
-rwxr-xr-x 1 root root 1059507 2011-04-30 05:14 blkcat
-rwxr-xr-x 1 root root 1061194 2011-04-30 05:14 blkls
-rwxr-xr-x 1 root root 1062406 2011-04-30 05:14 blkstat
-rwxr-xr-x 1 root root 3110 2011-05-06 22:50 bombardment
-rwxr-xr-x 1 root root 172064 2011-04-30 04:25 btscanner
-rwxr-xr-x 1 root root 39113 2011-05-10 13:43 buddy-ng
-rwxr-xr-x 1 root root 6380174 2011-04-30 04:27 bulk_extractor
-rwxr-xr-x 1 root root 83398 2011-05-03 00:48 capinfos
-rwxr-xr-x 1 root root 85245 2011-04-30 05:20 cjpeg
-rwxr-xr-x 1 root root 249606 2011-05-08 09:14 cowpatty
-rwxr-xr-x 1 root root 361678 2011-04-30 04:29 dc3dd
-rwxr-xr-x 1 root root 42608 2011-05-08 22:11 denial6
-rwxr-xr-x 1 root root 38508 2011-05-08 22:11 detect-new-ip6
-rwxr-xr-x 1 root root 27025 2011-05-03 00:48 dftest
-rwxr-xr-x 1 root root 98115 2011-04-30 05:20 djpeg
-rwxr-xr-x 1 root root 79477 2011-05-01 07:53 dmitry
-rwxr-xr-x 1 root root 181892 2011-05-08 22:11 dnsdict6
-rwxr-xr-x 1 root root 59985 2011-05-01 07:36 dnstracer
-rwxr-xr-x 1 root root 38520 2011-05-08 22:11 dos-new-ip6
-rwxr-xr-x 1 root root 150568 2011-05-03 00:48 dumpcap
-rwxr-xr-x 1 root root 3539 2011-05-10 11:02 dump-join
-rwxr-xr-x 1 root root 17297 2011-04-30 04:52 dupemap
-rwxr-xr-x 1 root root 106885 2011-05-03 00:48 editcap
-rwxr-xr-x 1 root root 46712 2011-05-08 22:11 exploit6
-rwxr-xr-x 1 root root 38500 2011-05-08 22:11 fake_advertise6
-rwxr-xr-x 1 root root 38496 2011-05-08 22:11 fake_mipv6
-rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_mld26
-rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_mld6
-rwxr-xr-x 1 root root 38504 2011-05-08 22:11 fake_mldrouter6
-rwxr-xr-x 1 root root 42604 2011-05-08 22:11 fake_router6
-rwxr-xr-x 1 root root 160447 2011-04-30 04:37 fatback
-rwxr-xr-x 1 root root 83675 2011-05-06 22:08 fcrackzip
-rwxr-xr-x 1 root root 1061713 2011-04-30 05:14 ffind
armitage
->
-r-x--x--x 1 root root 55166 2011-05-05 02:45 fiked

283 2011-04-30 04:49 fl-build-report
287 2011-04-30 04:49 fl-credential-ctl
283 2011-04-30 04:49 fl-install-demo
281 2011-04-30 04:49 fl-monitor-ctl
-rwxr-xr-x 1 root root 38516 2011-05-08 22:11 flood_advertise6
-rwxr-xr-x 1 root root 38516 2011-05-08 22:11 flood_router6
271 2011-04-30 04:49 fl-record
277 2011-04-30 04:49 fl-run-bench
275 2011-04-30 04:49 fl-run-test
-rwxr-xr-x 1 root root 1062707 2011-04-30 05:14 fls
-rwxr-xr-x 1 root root 66748 2011-04-30 04:38 foremost
-rwxr-xr-x 1 root root 1045855 2011-04-30 05:14 fsstat
-rwxr-xr-x 1 root root 52732 2011-05-08 22:11 fuzz_ip6
-rwxr-xr-x 1 root root 28263 2011-05-02 20:35 gdb.py
-r-xr-xr-x 1 root root 3470 2011-05-01 11:26 genlist
-rwxr-xr-x 1 root root 197160 2011-05-08 09:14 genpmk
-r-xr-xr-x 1 root root 39182 2011-05-10 11:11 giskismet
-rwxr-xr-x 1 root root 59566 2011-05-04 05:03 gpshell
-rwxr-xr-x 1 root root 20483 2011-05-06 05:26 gsmtprc
-rwxr-xr-x 1 root root 190409 2011-04-30 04:54 hashdeep
-rwxr-xr-x 1 root root 93656 2011-04-30 04:49 hexedit
-rwxr-xr-x 1 root root 97733 2011-04-30 05:14 hfind
-rwxr-xr-x 1 root root 964992 2011-05-10 11:11 honeyd
-rwxr-xr-x 1 root root 35404 2011-05-10 11:11 honeydctl
-rwxr-xr-x 1 root root 216113 2011-05-10 11:11 honeydstats
-rwxr-xr-x 1 root root 201845 2011-05-10 11:11 hsniff
-rwxr-xr-x 1 root root 213612 2011-05-02 01:37 hydra
-rwxr-xr-x 1 root root 1061429 2011-04-30 05:14 icat
-rwxr-xr-x 1 root root 2751 2011-05-03 00:48 idl2wrs
99 2011-04-30 05:04 idle
-rwxr-xr-x 1 root root 1053998 2011-04-30 05:14 ifind
-rwxr-xr-x 1 root root 215376 2011-05-01 08:42 ike-scan
-rwxr-xr-x 1 root root 1060581 2011-04-30 05:14 ils
-rwxr-xr-x 1 root root 88102 2011-04-30 05:14 img_cat
-rwxr-xr-x 1 root root 79685 2011-04-30 05:14 img_stat
-rwxr-xr-x 1 root root 75372 2011-05-08 22:11 implementation6
-rwxr-xr-x 1 root root 38500 2011-05-08 22:11 implementation6d
-rwxr-xr-x 1 root root 1053606 2011-04-30 05:14 istat
-rwxr-xr-x 1 root root 101752 2011-05-10 13:43 ivstools
-rwxr-xr-x 1 root root 1053366 2011-04-30 05:14 jcat
-rwxr-xr-x 1 root root 1053149 2011-04-30 05:14 jls
-rwxr-xr-x 1 root root 93368 2011-04-30 05:20 jpegtran
-rwxr-xr-x 1 root root 11404 2011-05-10 03:35 keepnote
-r-xr-xr-x 1 root root
267 2011-05-03 02:34 kismet
-r-xr-xr-x 1 root root 8829947 2011-05-03 02:34 kismet_client
-r-xr-xr-x 1 root root 5560722 2011-05-03 02:34 kismet_drone
-r-xr-xr-x 1 root root 11341181 2011-05-03 02:34 kismet_server

-rwxr-xr-x 1 root root 23830 2011-05-10 13:43 kstats
941 2011-04-30 04:24 launchbeef.sh
drwxr-xr-x 2 root root 4096 2011-05-10 11:02 lib
-rwxr-xr-x 1 root root 274682 2011-05-10 02:08 lspst
-rwxr-xr-x 1 root root 35296 2011-05-01 08:59 macchanger
-rwxr-xr-x 1 root root 24426 2011-04-30 05:14 mactime
-rwxr-xr-x 1 root root 26982 2011-04-30 04:52 magicrescue
765 2011-04-30 04:52 magicsort
-rwxr-xr-x 1 root root 45807 2011-05-10 13:43 makeivs-ng
-rwxr-xr-x 1 root root 109170 2011-04-30 04:54 md5deep
-rwxr-xr-x 1 root root 161317 2011-05-08 01:25 medusa
-rwxr-xr-x 1 root root 31399 2011-05-03 00:48 mergecap
-rwxr-xr-x 1 root root 23349 2011-05-02 04:26 miniterm.py
-rwxr-xr-x 1 root root 52550 2011-04-30 04:56 missidentify
-rwxr-xr-x 1 root root 207287 2011-04-30 05:14 mmcat
-rwxr-xr-x 1 root root 212550 2011-04-30 05:14 mmls
-rwxr-xr-x 1 root root 207102 2011-04-30 05:14 mmstat
26 2011-07-30 06:30 msfcli ->
/opt/framework3/app/msfcli
30 2011-07-30 06:30 msfconsole ->
/opt/framework3/app/msfconsole
24 2011-07-30 06:30 msfd -> /opt/framework3/app/msfd
30 2011-07-30 06:30 msfelfscan ->
/opt/framework3/app/msfelfscan
29 2011-07-30 06:30 msfencode ->
/opt/framework3/app/msfencode
26 2011-07-30 06:30 msfgui ->
/opt/framework3/app/msfgui
26 2011-07-30 06:30 msfirb ->
/opt/framework3/app/msfirb
31 2011-07-30 06:30 msfmachscan ->
/opt/framework3/app/msfmachscan
30 2011-07-30 06:30 msfpayload ->
/opt/framework3/app/msfpayload
29 2011-07-30 06:30 msfpescan ->
/opt/framework3/app/msfpescan
26 2011-07-30 06:30 msfrpc ->
/opt/framework3/app/msfrpc
27 2011-07-30 06:30 msfrpcd ->
/opt/framework3/app/msfrpcd
29 2011-07-30 06:30 msfupdate ->
/opt/framework3/app/msfupdate
-rwxr-xr-x 1 root root 62989 2011-05-01 09:06 nbtscan
-rwxr-xr-x 1 root root 150939 2011-05-01 09:44 ncat
-rwxr-xr-x 1 root root 161772 2011-05-06 22:49 ncrack
-rwxr-xr-x 1 root root 48415 2011-04-30 19:26 ndiff
-rwxr-xr-x 1 root root 17297 2011-05-04 22:11 netmask

-rwxr-xr-x 1 root root 829455 2011-05-01 09:44 nmap
6 2011-07-30 06:30 nmapfe -> zenmap
-rwxr-xr-x 1 root root 453272 2011-05-01 09:44 nping
-r-xr-xr-x 1 root root 34283 2011-05-01 11:26 outputpbnj
-rwxr-xr-x 1 root root 124030 2011-05-10 13:43 packetforge-ng
-rwxr-xr-x 1 root root 42608 2011-05-08 22:11 parasite6
-rwxr-xr-x 1 root root 67854 2011-05-06 13:06 pcapdump
-rwxr-xr-x 1 root root 73581 2011-05-01 08:42 psk-crack
-rwxr-xr-x 1 root root 360593 2011-05-10 02:08 pst2ldif
-rwxr-xr-x 1 root root 9632 2011-05-02 01:37 pw-inspector
84 2011-04-30 05:04 pydoc
-rwxr-xr-x 1 root root 4379272 2011-04-30 05:04 python2.7
-rwxr-xr-x 1 root root 1624 2011-04-30 05:04 python2.7-config
-rwxr-xr-x 1 root root 45782 2011-05-10 11:11 radclient
-rwxr-xr-x 1 root root 119987 2011-05-10 11:11 radconf2xml
-rwxr-xr-x 1 root root 56326 2011-05-10 11:10 radeapclient
128 2011-05-10 11:11 radlast
-rwxr-xr-x 1 root root 30660 2011-05-10 11:11 radsniff
-rwxr-xr-x 1 root root 4711 2011-05-10 11:11 radsqlrelay
837 2011-05-10 11:11 radtest
-rwxr-xr-x 1 root root 136212 2011-05-10 11:11 radwho
-rwxr-xr-x 1 root root 1054 2011-05-10 11:11 radzap
-rwxr-xr-x 1 root root 26177 2011-05-03 00:48 randpkt
-rwxr-xr-x 1 root root 251898 2011-05-03 00:48 rawshark
-rwxr-xr-x 1 root root 11856 2011-04-30 05:20 rdjpgcom
-rwxr-xr-x 1 root root 347984 2011-05-10 02:08 readpst
-rwxr-xr-x 1 root root 20922 2011-04-30 05:05 recoverjpeg
-rwxr-xr-x 1 root root 80922 2011-04-30 05:05 recovermov
-rwxr-xr-x 1 root root 38496 2011-05-08 22:11 redir6
-rwxr-xr-x 1 root root 152242 2011-04-30 05:05 reglookup
-rwxr-xr-x 1 root root 153480 2011-04-30 05:05 reglookup-recover
-rwxr-xr-x 1 root root 1531 2011-04-30 05:05 reglookup-timeline
826 2011-04-30 05:05 remove-duplicates
-rwxr-xr-x 1 root root 38496 2011-05-08 22:11 rsmurf6
47 2011-07-30 06:30 ruby-1.9.2-head ->
/usr/local/rvm/wrappers/default/ruby-1.9.2-head
16 2011-07-30 06:30 ruby.bk -> /usr/bin/ruby1.8
-rwxr-xr-x 1 root root 68183 2011-04-30 05:11 safecopy
-rwxr-xr-x 1 root root 140306 2011-04-30 05:11 scalpel
-r-xr-xr-x 1 root root 65064 2011-05-01 11:26 scanpbnj
-rwxr-xr-x 1 root root 1469 2011-05-02 00:34 scapy
-rwxr-xr-x 1 root root 38504 2011-05-08 22:11 sendpees6
-rwxr-xr-x 1 root root 113039 2011-04-30 04:54 sha1deep
-rwxr-xr-x 1 root root 118137 2011-04-30 04:54 sha256deep
-rwxr-xr-x 1 root root 363565 2011-05-06 22:50 siege
-rwxr-xr-x 1 root root 5956 2011-05-06 22:50 siege2csv.pl
-rwxr-xr-x 1 root root 13102 2011-05-06 22:50 siege.config

-rwxr-xr-x 1 root root 85976 2011-04-30 05:14 sigfind
-rwxr-xr-x 1 root root 176659 2011-04-30 05:13 sipsak
-rwxr-xr-x 1 root root 23151 2011-05-10 11:10 smbencrypt
-rwxr-xr-x 1 root root 18547 2011-04-30 05:04 smtpd.py
-rwxr-xr-x 1 root root 137632 2011-05-06 05:26 smtprc
-rwxr-xr-x 1 root root 10089 2011-05-06 04:53 smtpscan
-rwxr-xr-x 1 root root 38496 2011-05-08 22:11 smurf6
-rwxr-xr-x 1 root root 50339 2011-04-30 05:14 sorter
974 2011-04-30 05:05 sort-pictures
-rwxr-xr-x 1 root root 21194 2011-04-30 05:14 srch_strings
-rwxr-xr-x 1 root root 520792 2011-05-06 13:06 ssidsniff
-rwxr-xr-x 1 root root 5751141 2011-05-06 03:49 sslsniff
-rwxr-xr-x 1 root root 549081 2011-04-30 05:20 stegbreak
-rwxr-xr-x 1 root root 140226 2011-04-30 05:20 stegcompare
-rwxr-xr-x 1 root root 172383 2011-04-30 05:20 stegdeimage
-rwxr-xr-x 1 root root 1667355 2011-04-30 05:20 stegdetect
-rwxr-xr-x 1 root root 9792 2011-05-02 20:35 strace.py
-rwxr-xr-x 1 root root 73888 2011-05-01 11:27 tcptraceroute
-rwxr-xr-x 1 root root 15938 2011-05-02 03:30 teredo-mire
-rwxr-xr-x 1 root root 67094 2011-05-03 00:48 text2pcap
-rwxr-xr-x 1 root root 38496 2011-05-08 22:11 thcping6
-rwxr-xr-x 1 root root 30840 2011-04-30 05:23 thc-pptp-bruter
-rwxr-xr-x 1 root root 117614 2011-04-30 04:54 tigerdeep
-rwxr-xr-x 1 root root 38504 2011-05-08 22:11 toobig6
-rwxr-xr-x 1 root root 42612 2011-05-08 22:11 trace6
-rwxr-xr-x 1 root root 45088 2011-05-01 10:54 traceroute
-rwxr-xr-x 1 root root 782093 2011-05-03 00:48 tshark
-rwxr-xr-x 1 root root 1206144 2011-04-30 05:14 tsk_comparedir
-rwxr-xr-x 1 root root 1183318 2011-04-30 05:14 tsk_gettimes
-rwxr-xr-x 1 root root 2531582 2011-04-30 05:14 tsk_loaddb
-rwxr-xr-x 1 root root 1178349 2011-04-30 05:14 tsk_recover
-rwxr-xr-x 1 root root 21398 2011-05-01 09:44 uninstall_zenmap
-rwxr-xr-x 1 root root 1494 2011-05-02 00:34 UTscapy
-rwxr-xr-x 1 root root 22933625 2011-05-08 01:26 videojak
-rwxr-x--- 1 root root 51607 2011-05-08 06:21 voipctl
-rwxr-x--- 1 root root 127959 2011-05-08 06:21 voipong
-rwxr-xr-x 1 root root 130239 2011-04-30 04:54 whirlpooldeep
-rwxr-xr-x 1 root root 5616244 2011-05-03 00:48 wireshark
-rwxr-xr-x 1 root root 12070 2011-04-30 05:20 wrjpgcom
-rwxr-xr-x 1 root root 59340 2011-05-02 01:37 xhydra
6 2011-07-30 06:30 xnmap -> zenmap
-rwxr-xr-x 1 root root 977581 2011-05-09 11:58 yersinia
-rwxr-xr-x 1 root root 6815 2011-05-01 09:44 zenmap
-rwxr-xr-x 1 root root 18096 2011-05-06 22:08 zipinfo
root@bt:/usr/local/bin# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
root@bt:/usr/local/bin# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh2
for legal purposes.
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh2
for legal purposes.
root@bt:/usr/local/bin#
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh
for legal purposes.
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1
ssh
for legal purposes.
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f 127.0.0.1 ssh2
for legal purposes.
./hydra
-e
ns
-t
32
-l
hduarte
-f
-P
/pentest/passwords/john/password.lst 127.0.0.1 ssh
for legal purposes.
[DATA] 32 tasks, 1 servers, 3171 login tries (l:1/p:3171), ~99 tries per task
[DATA] attacking service ssh on port 22
Error: could not connect to target port 22
[22][ssh] host: 127.0.0.1 login: hduarte password: hduarte
[STATUS] attack finished for 127.0.0.1 (valid pair found)
Hydra (http://www.thc.org/thc-hydra) finished at 2011-07-30 11:38:52
PARTE 2
ROMPIENDO CLAVES EN WINDOWS
Siguiendo las instrucciones dadas en la gua ROMPIENDO CLAVES DE
WINDOWS CON BACKTRACK.docx se obtuvieron los siguientes resultados:
Parte 2 A: En esta parte se inicio con un live Cd de BackTrack5 una maquina

que tiene como sistema operativo nativo Windows XP, con el objetivo de capturar
el archivo que contiene las claves.
Archivo capturado:
Nombre Archivo: pass-hash.txt
Administrador:500:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac
768c47c729904:::
Invitado:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7
e0c089c0:::
Asistente de
ayuda:1000:227f6aaf9dc1afde2b5ce962334bef6f:78af5a261cda9ef022c500d9fe5d
7fad:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:90f202892d5
90f99ec1c81209bfac247:::
DORIS:1003:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac768c4
7c729904:::
IUSR_JAHV4290B798C4:1004:eb3e47debd1dfc69324e6037bf1ea7af:3143d884add2a9d72a1
730395fc3317e:::
IWAM_JAHV4290B798C4:1005:57d5ed45d95b17aab9da8d265ee6ec58:a99d253a471a6fc3db
449f105eb0adec:::
hector:1006:7584248b8d2c9f9eaad3b435b51404ee:186cb09181e2c2ecaac768c4
7c729904:::
ASPNET:1007:9ef4e5f35fd658386d9db28c0865c293:4135eea34882d86d152436a
997de61f0:::
Procedimientos realizados desde BackTrack5
root@root:~# df
Filesystem
aufs
none
/dev/sr0
/dev/loop0
none
tmpfs
1K-blocks
Used Available Use% Mounted on
899744 10580 889164 2% /
890500
244 890256 1% /dev
1929380 1929380
0 100% /cdrom
1862528 1862528
0 100% /rofs
899744
0 899744 0% /dev/shm
899744
8 899736 1% /tmp
none
899744
64 899680 1% /var/run
none
899744
0 899744 0% /var/lock
none
899744
0 899744 0% /lib/init/rw
/dev/sda1
102398276 14752376 87645900 15% /media/disk
root@root:~# bkhive /media/disk/WINDOWS/system32/config/system syskey.txt
bkhive 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it
Root Key : $$$PROTO.HIV
Default ControlSet: 001
Bootkey: 3bd793b752863593b511df3f55504dcb
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/ syskey.txt
samdump2 1.1.1 by Objectif Securite
Error opening sam hive or not valid file("/media/disk/WINDOWS/system32/config/")
root@root:~#
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt
> pass?hash.txt
Root Key : SAM
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt
> pass-hash.txt
Root Key : SAM
root@root:~# dir
Desktop pass-hash.txt pass?hash.txt syskey.txt
root@root:~#
OPERANDO CON JOHN THE RIPER

John the Ripper password cracker.
You can use an optimized version of john (optimized for your architecture),
or just use the default symbolic link "./john".
To modify the default executable you must replace the symbolic link.
john john.conf john-x86-any john-x86-mmx john-x86-sse2

root@root:/pentest/passwords/john# john pass_hash.txt -w:dic.txt
stat: pass_hash.txt: No such file or directory
root@root:/pentest/passwords/john# ls
all.chr
genmkvpwd
ldif2pw.pl README
tgtsnarf
alnum.chr
john
mailer
README-backtrack unafs
alpha.chr
john.conf
mkvcalcproba README-jumbo
undrop
calc_stat
john-x86-any netntlm.pl sap_prepare.pl unique
digits.chr
john-x86-mmx netscreen.py sha-dump.pl
unshadow
doc
john-x86-sse2 pass-hash.txt sha-test.pl
genincstats.rb lanman.chr password.lst stats
root@root:/pentest/passwords/john# john pass_hash.txt -i
stat: pass_hash.txt: No such file or directory
root@root:/pentest/passwords/john# john pass-hash.txt -w:dic.txt
Loaded 10 password hashes with no different salts (LM DES [128/128 BS SSE2])
fopen: dic.txt: No such file or directory
root@root:/pentest/passwords/john# john pass-hash.txt -i
Loaded 10 password hashes with no different salts (LM DES [128/128 BS SSE2])
(Invitado)
A
(Administrador)
Y como resultado se obtiene que la clave del administrador es

Informe LAB 1-Criptografia

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Informe LAB 1-Criptografia

Transféré par

Droits d'auteur :

Formats disponibles

Laboratorios

UNIVERSIDAD PILOTO DE COLOMBIA

De la utilizacin del comando anterior se obtiene la siguiente informacin:

Teniendo en cuenta que se incluyeron claves con caracteres especiales, el

-rwxr-xr-x 1 root root 456088 2011-05-06 22:49 john-x86-any

Enter new UNIX password:

INSTRUCCIONES PARA SSH E HYDRA

-rwxr-xr-x 1 root root 1192443 2011-04-30 04:21 affverify

-r-x--x--x 1 root root 55166 2011-05-05 02:45 fiked

-r-xr-xr-x 1 root root 11341181 2011-05-03 02:34 kismet_server

-rwxr-xr-x 1 root root 17297 2011-05-04 22:11 netmask

-rwxr-xr-x 1 root root 13102 2011-05-06 22:50 siege.config

Parte 2 A: En esta parte se inicio con un live Cd de BackTrack5 una maquina

OPERANDO CON JOHN THE RIPER

john john.conf john-x86-any john-x86-mmx john-x86-sse2

Vous aimerez peut-être aussi