Académique Documents
Professionnel Documents
Culture Documents
1
DIANA CAROLINA
ECHEVERRIA ROJA
HCTOR LENIDAS DUARTE
UNIVERSIDADPILOTODE
COLOMBIA
Desarrollodellaboratorio1delamateriade
criptografa,elcualestenfocadoalanlisisdela
fortalezadelasclavesdeusuarioenunsistemalinux
ESPECIALIZACINEN
SEGURIDAD
INFORMTICA
COHORTE5
CRIPTOGRAFA
02/08/2011
Informe laboratorio
Laboratorio 1 - Conclusiones.
Siguiendo las instrucciones del laboratorio 1 paso 1, se verific la versin
instalada, para este laboratorio se empleo la versin 5 de BackTrack, luego se
procedi a crear cinco usuarios:
User1: hduarte
Pw: hduarte
User2: usuario1
Pw: 123
User2: usuario2
Pw: 123456
User3: usuario3
Pw: 123456789
User4: usuario4
Pw: #$%&
User5: root
Pw: toor
Luego se procedi unficar el archivo de los usuarios y las claves mediante el
comando cat:
# cat /etc/passwd > passwd.1
# cat /etc/shadow>> passwd.1
Despues de unicar esta informacin en un archivo, passwd.1, se utiliz el
comando ./John para ver el texto en claro de las claves usadas por los usuarios:
# ./John passwd.1
guesses: 5 time: 0:00:40:12 22.12% (2) (ETA: Sat Jul 30 12:08:23 2011) c/s:
32.61 trying: elsie3 - gretzky3
guesses: 5 time: 0:00:40:21 22.25% (2) (ETA: Sat Jul 30 12:07:59 2011) c/s:
32.61 trying: jimmy3 - lotus3
guesses: 5 time: 0:00:51:10 28.74% (2) (ETA: Sat Jul 30 12:04:40 2011) c/s:
32.41 trying: overkill4 - snowski4
only
only
only
only
only
armitage
->
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:36:38
Error: File for passwords not found!
root@bt:/usr/local/bin# hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh2
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:36:46
Error: Unknown service
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh2
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:03
Error: Unknown service
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin#
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password1.lst 127.0.0.1
ssh
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:16
Error: File for passwords not found!
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f -P password.lst 127.0.0.1
ssh
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:33
Error: File for passwords not found!
root@bt:/usr/local/bin# ./hydra -e ns -t 32 -l hduarte -f 127.0.0.1 ssh2
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:37:53
Error: Unknown service
root@bt:/usr/local/bin#
./hydra
-e
ns
-t
32
-l
hduarte
-f
-P
/pentest/passwords/john/password.lst 127.0.0.1 ssh
Hydra v6.2 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only
for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-07-30 11:38:42
[DATA] 32 tasks, 1 servers, 3171 login tries (l:1/p:3171), ~99 tries per task
[DATA] attacking service ssh on port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
[22][ssh] host: 127.0.0.1 login: hduarte password: hduarte
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
[STATUS] attack finished for 127.0.0.1 (valid pair found)
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Hydra (http://www.thc.org/thc-hydra) finished at 2011-07-30 11:38:52
root@bt:/usr/local/bin#
PARTE 2
ROMPIENDO CLAVES EN WINDOWS
Siguiendo las instrucciones dadas en la gua ROMPIENDO CLAVES DE
WINDOWS CON BACKTRACK.docx se obtuvieron los siguientes resultados:
1K-blocks
Used Available Use% Mounted on
899744 10580 889164 2% /
890500
244 890256 1% /dev
1929380 1929380
0 100% /cdrom
1862528 1862528
0 100% /rofs
899744
0 899744 0% /dev/shm
899744
8 899736 1% /tmp
none
899744
64 899680 1% /var/run
none
899744
0 899744 0% /var/lock
none
899744
0 899744 0% /lib/init/rw
/dev/sda1
102398276 14752376 87645900 15% /media/disk
root@root:~# bkhive /media/disk/WINDOWS/system32/config/system syskey.txt
bkhive 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it
Root Key : $$$PROTO.HIV
Default ControlSet: 001
Bootkey: 3bd793b752863593b511df3f55504dcb
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/ syskey.txt
samdump2 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it
Error opening sam hive or not valid file("/media/disk/WINDOWS/system32/config/")
root@root:~#
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt
> pass?hash.txt
samdump2 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it
Root Key : SAM
root@root:~# samdump2 /media/disk/WINDOWS/system32/config/SAM syskey.txt
> pass-hash.txt
samdump2 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it
Root Key : SAM
root@root:~# dir
Desktop pass-hash.txt pass?hash.txt syskey.txt
root@root:~#