Security代写：CS330 Password Selection and Cracking

用所给的密码字典，实现一个密码暴露破解器，练习crypto lib的用法。

Requirement

One of the first steps in most intrusion attempts is to try to guess user logins and passwords. Your objective in this lab assignment is to create a C language program (convince me you want to do this in a language other than C) to read a pseudo-password file named jfd_passwords.txt and attempt to guess the encrypted passwords within.
You may work on this assignment in pairs. You must write the program in C.
You should use the crypt(3) library function to encrypt your password guesses. You should extract the salt string from the pseudo-password file entry. You may use any technique you wish to guess passwords (see suggestions below). The Linux system dictionary file is (usually) in /usr/share/dict/words (or linux.words). It has 480K words in it, including numbers, hyphenated words, and a host of very strange ones. The system dictionary on Mac OS X 10.11 is also in /usr/share/dict/words. It has 235K words, however. On a Mac OS X system there is also a /usr/share/dict/web2a dictionary that include hyphenated words, and a /usr/share/dict/propernames file that contains 1323 proper names, all one per line. I’ve also got several lists of common and pilfered passwords that I’ll post on the Google Classroom page.
The jfd_passwords.txt file is in the Google Classroom, attached to this problem set. The format of the entries in the file matches that of the/etc/passwd file as found in the passwd(5) man page on your local Linux box. Copy this file to your own computer or to one of the computers in the Crash and Burn lab to work on it.

DO NOT execute your password program on euclid.
DO NOT use the system password file as a test file. (It doesn’t have any passwords in it anyway!)
DO NOT execute your password program on any of the ITS lab machines, or on KnoxAnyWare.

If you’ve installed Kali Linux on your machine (under VirtualBox), then that’s a great place to create and test your program. You can easily move files back and forth via your Google Drive (just login to my.knox.edu using the Ice Weasel web browser on Kali Linux). If you don’t want to use Kali Linux, you can use the SEED version of Ubuntu, or you can just login to euclid.lab.knet.edu and do your work there (except for that final testing bit from above). If you have a Mac, just open up the terminal window and work there. If you have a Windoze machine, I’d suggest downloading Cygwin and working in there.
In addition to your program and the documentation described below, you should turn in:

1. the list of the passwords you recovered
2. the number of tries it took to recover each password
3. the time it took your program to recover each password.

Your grade for this problem set will depend on how many passwords you crack. The more the better!!
HINTS AND SUGGESTIONS:
I’d try a straight dictionary attack first, using one of the dictionary files mentioned above.
Then try some of the common passwords from the files on the Google Drive.
Then try dictionary words backwards.
Then try replacing certain characters with digits O = 0, I = 1, E = 3, etc.
The above attacks should get you several passwords; then be creative!
Be aware that your program might execute for a loooooooonnnnnngggggg time, (like for 12 to 24 hours or more). You must print each password you find (including the original line from the password file) to an output file along with a timestamp. You should consider executing your program in the background. To do this from the command line, do something like:

$  time ./mypasswordCracker <dictionary file> <password file> &

You must time how long your password program works and print the elapsed time at the end. (you can do this using the time(1) command line function in Linux as above).
The plaintext passwords used to create the jfd_passwords.txt file have the following characteristics:

• They are composed of only the characters [a-zA-Z0-9*_]
• The password lengths are between 3 and 12 characters, inclusive. (I’m being nice.)
• At least some of the passwords are dictionary words. (Nice again.)

To help you understand the use of the crypt() function , here’s a simple example that works on MacOS X systems and (with slight modification) on Linux systems:

Example

/* * Short program to test the crypt(3) library function.  * note that on a Linux system you must include  * crypt.h and link with -lcrypt  * this is not necessary on Mac OS X  */ 
 * Short program to test the crypt(3) library function. 
 * note that on a Linux system you must include 
 * crypt.h and link with -lcrypt 
 * this is not necessary on Mac OS X 
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
  char *salt;
  char *password;
  if (argc < 3) {
    fprintf(stderr, "usage: %s <salt> <password>\n", argv[0]);
    exit(1);
  }
  salt = argv[1];
  password = argv[2];
  printf("Encrypted password is %s\n", crypt(password, salt));
  return 0;
}