Lab 3

Crypto attacks and Preparing for Penetration Testing

In this experiment, we will study how to use dictionary to accelerate cracking an encrypted file. Then we will discuss the tradeoff between time and space.

In addition, we will be installing and setting up some tools for future labs.

Section 1 - Attacking Passwords

Brute force attack

In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

--Wikipedi

Obviously, brute force attack is extremely inefficient. Since people often pick some meaningful words or phrases as their password or secret key. Attacker can utilize this knowledge. By searching a space that consist of the meaningful words and phrases, the attack may possibly get faster.

Dictionary attack

Let us begin with an example.
First, I encrypted a zip file as shown in Figure 1.

WinRARpic.pngFigure 1. Encrypted Zip File.

Some encrypted archives:

Then, I'll use a tool named "Advanced Archive Password Recovery" to crack the password.


ARCHPRPic.png

Figure 2. Advanced Archive Password Recovery.

You can specify the character sets and the max. and min. length of the password.
Select brute-force in the "type of attack" list. and open the encrypted zip file, it will start to work. After a while, a window pops up to inform you the attack is done. If it successfully get the password in the space (length of password, character sets, etc.) it will show you the password; otherwise, it will report the fail. (that means you should enlarge the space)

ARCHPRDonePic.png

Figure 3. Brute-force Attack.

Similarly, you can perform a dictionary attack. The result shown in Figure 4.

ARCHPRDonePic.png

Figure 4. Dictionary Attack.
Section 1 Actions Steps:

  1. Complete the included steps using ARCHPR above, including a screen capture of your working programs. Can you crack the harder one? Try 3 of your own.
Compare the results, you may get the idea. Now it's your turn, pick a weapon, create your own encrypted data, and crack it with different attacks. Here is a list of tools you can find on the Internet.

Section 2 - Installing tools on VMWare

Next we will install two new OS's on your systems:

  1. Metasploitable - an operating system with many know weaknesses, used for learning how to to penetration testing.
    Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means).
  2. Kali Linux - A penetration testing Linux System.
    Use the 64-bit VMware version, download from here: http://www.offensive-security.com/kali-llnux-vmware-arm-image-download/#. These images have a default password of “toor”.
For those in Mount Vernon, you can download these from the links about. They are big, so I suggest that you only download each ONCE, and share with each other.

Both of these are VMWare images. That means they don't need to be installed, just copied to your drive, and then opened with VMWare. I suggest creating a folder called "vmware" in your "Home" folder (if it doesn't already exist) and then copying the folder containing the VM (e.g. "Metasploitable2-Linux") to that folder. Note that the distributions are in ".zip" form, but you can open the zip and drag the folder out. Then start VMWare. and select "Open ...", and browse for the vmdk file (e.g. "Metasploitable.vmdk").

Finally start the OS, and test it out. Make sure you can browse the internat from it. Include a snapshot of the running system in what you turn in.

References

Topic revision: r6 - 2014-02-21 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback