QuestionQuestion

We are attempting to gain access to a secure network. We have already succeeded in finding some hashes that may be associated with the passwords that we need. And a brutal force attack with a large password list has yielded nothing. In an 'internal memo'1 that is addressed to new system administrators in the company we read: ... strong passwords are of great importance for adequate security. These must be unique and may not be reused...

... Passwords that secure infrastructure components must be long (at least 16 characters), preferably made up of several (non-English) words and combined with special characters and / or numbers,...

... passwords may never be recorded, not digitally and not on paper. The department manager keeps a copy in a notebook, which is kept in a safe. This can be consulted in an emergency. ...

One of the new managers is known to us by name and by name. A social media analysis of this person teaches us:

names of family members +: ​Anderson, Noah, Olivia, Abigail, Sophia, Wanda (= fish), Tiger (= cat)
hobbies: ​dancing (Latin American), chess (fanatic! )
born: ​Oct. 5 ‘83​,​ Edinburgh​,
education: ​Edinburgh College​, diploma: ​24 jun ‘05​,
married: ​4 feb ‘10​,​ ​birth of 1st child: ​3 sep ‘12​, birth of 2nd child: ​2 aug ‘14 current address: ​Kortekade 51b 3062 GM Rotterdam
(last) big trip: T​ahiti Pearl Beach Resort, Lafayette beach PK7 Arue, 12-28 March '10

On the basis of this information we make a list of words. The hope is that the password, in one way or another, is a combination of words from this list, possibly with adjustments.
With adjustments you can think of:

• substitution of letters with numbers / symbols.
• inserting special characters ('@', '#', '$', etc ...) Of course there is no guarantee of success. But the administrator must be able to remember multiple passwords and will therefore want to use a reminder.

for this Assignment You get a number of files:
1. hashes.txt the list of MD5hash values ​​that we want to 'crack'.
2. checkHash.cpp This program is provided with code documentation and is not explained further.
3. md5.cpp an extra 'help' program to check the installation of openssl-dev.
4. woorden.txt an example word list with which you can crack the 1st MD5 hash values. Each line in this file contains 1 word that will become part of a candidate password.
5. subst.txt an (example) of a config file for the subst program. See below.

You have to write a number of programs​ (further specifications can be found below). Each program reads from stdin​ and writes to​ stdout​. In addition, configuration info is read from a file that is specified via a commandline parameter.

1. combi.cpp this program combines a number of words that are offered via​ stdin​. Special characters can be included between them.
2. subst.cpp this program replaces 1 or more letters with numbers / special characters in the lines that are offered via ​stdin​.
3. filter.cpp Because only passwords of length 16 or more are acceptable, a filter program is created that filters out all words that are smaller.

If everything works well, the following pipe structure will be able to 'crack' the password list. This is also the way in which your programs should be used. ​combi <words.txt | subst p1 | filter | checkHashes p2​ where p1 and p2 are the parameters for the different programs.

Program specifications
combi.cpp​ This program reads from​ stdin a​ nd writes to ​stdout​. Input is the list of words from the words.txt file. Save these words in an internal list. Then make all possible combinations of 3 (may be hard-coded) words, with ​none ​or​ 1​ of the following 6 special characters between the words:! @ # $ & *. Any combination can occur. Every word you can make is written in ​stdout.

subst.cpp​ This program reads from ​stdin​ and writes to​ stdout​. The program is called with 1 parameter on the command line. This parameter gives the name of a config file. This file has 2 char's per line. The 1st char must be replaced by the 2nd char. This program always passes on the original for each line offered, and if substitutions have been made, also the line where ALL possible substitutions have also been made.

Example: config file with only 3 substitutions (1 per line):

a4
t7
n#

the input line with:
monkeytennis
now gives 2 lines as output:
monkeytennis 44p7e##

filter​.​cpp
This program reads from​ stdin​ and writes to ​stdout​.

The length of each read-in line is determined. Only if the length is 16 or larger is the line (unchanged) copied to stdout.

Cracking the MD5 hashes
If you have created and run all 3 programs tru the pipe-line, you can already crack some of the hashes.

The end Assignment is to crack all hashes in the hashes.txt file.

By varying with the ​subst config-file​ and / or the​ woorden.txt ​you get other possible passwords.

• Subst config file​ the correct substitutions is always a subset of:
-a4
-b6
-e3
-t7
-o0
-i1

• words.txt
all words in this file are written in lowercase!​ A 1st example word set is given, but this is not enough for everything. You must use the info from the social media analysis of page 1. And show that you can think a bit like a hacker ...

Handing in​. As a solution to these problems you must submit the following:
• ​The cracked MD5 hashes.
• ​The c-code of: ​combi.cpp, subst.cpp ​and ​filter.cpp

Explanation of the openssl-dev installation​ To be able to perform the check for the MD5 hash, the ​checkHash​ program must be compiled. This uses the​ openssl​ functionality.

Libssl-dev​ must be installed on the machine for this. You can use the ​md5.cpp​ program to confirm the correct installation. If md5 works well then checkHash works as well. See also the comment in md5.cpp.

Solution PreviewSolution Preview

These solutions may offer step-by-step problem-solving explanations or good writing examples that include modern styles of formatting and construction of bibliographies out of text citations and references. Students may use these solutions for personal skill-building and practice. Unethical use is strictly forbidden.

#include <iostream>
#include <iomanip>
#include <fstream>
#include <sstream>
#include <vector>
#include <algorithm>
#include <stdlib.h>
#include <openssl/evp.h>
#include <map>


/**
* reading in the words with configurations for substitutions
* @param filenm       the file name
* @return             a vector <string> with the words
*/
std::vector<std::string> readwords( std::string filenm ){
//create vector of words
std::vector<std::string> words;
//open stream using path to the config file
std::ifstream configfile( filenm );
//if successfully opened, continue, otherwise print error message and exit
if ( !configfile.is_open() ) {
std::cout << "Cannot open config file: " + filenm << std::endl;
std::cout << "exit !"<< std::endl;
exit(EXIT_FAILURE);
}
//read line by line from config file and put it into vector words
for( std::string regel; getline( configfile, regel); ) {
words.push_back(regel);
}
//return words
return words;
}

/**
* main
* @param argc         must be equal to 2
* @param argv
*                      must contain the name of the config file (with relative path)
* @return             Exit_FAILURE if an error occurs, otherwise 0;
*/
int main(int argc, char const *argv[]) {

//map that will be used for replacement of characters from input string
std::map<char, char> subst_map;

// read all words from config file
if (argc != 2) {
std::cout << "enter 1 argument: config-file"<< std::endl;
std::cout << "exit !"<< std::endl;
exit(EXIT_FAILURE);
}...

By purchasing this solution you'll be able to access the following files:
Solution.zip.

$50.00
for this solution

PayPal, G Pay, ApplePay, Amazon Pay, and all major credit cards accepted.

Find A Tutor

View available C-Family Programming Tutors

Get College Homework Help.

Are you sure you don't want to upload any files?

Fast tutor response requires as much info as possible.

Decision:
Upload a file
Continue without uploading

SUBMIT YOUR HOMEWORK
We couldn't find that subject.
Please select the best match from the list below.

We'll send you an email right away. If it's not in your inbox, check your spam folder.

  • 1
  • 2
  • 3
Live Chats