Extracting Passwords

Anonymous
timer Asked: Oct 19th, 2018
account_balance_wallet $60

Question Description

Linux systems keep user account information in the passwd file and the encrypted password in the shadow file.

The passwd file containing account information might look like this:

smithj:x:1001:1001:John Smith:/home/smithj:/bin/bash

The shadow file containing password and account expiration information for users might look like this:

smithj:KJDKKkkLLjjwlnttqoiybnm.:10063:0:99999:7:::

The fields in the shadow file are separated by a colon, with the first field being the username and the second the password.

Under normal circumstances, the password is encrypted but for the purpose of this assignment, you can assume the password is already unencrypted.

Review the bruteLogin function program on pp. 58 through 59 of Ch. 2, "Penetration Testing with Python," of Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers.

Make the following changes/additions to the function:

  • Modify the bruteLogin function to use both the passwd and shadow files. Assume your passwd and shadow files include two accounts.
  • Change the bruteLogin to extract the username and full name from the passwd file and the password from the shadow file
  • Change the output to display the full name when confirming successful FTP Login; e.g., "Myhostname FTP Logon Succeeded: John Smith/ KJDKKkkLLjjwlnttqoiybnm"

Capture screenshots of your code and output for each conversion. Paste the screenshot in a Word document.

Unformatted Attachment Preview

For this assignment you are asked to modify the bruteLogin() method as follows: • • • Modify the bruteLogin function to use both the passwd and shadow files. Assume your passwd and shadow files include two accounts. Change the bruteLogin to extract the username and full name from the passwd file and the password from the shadow file Change the output to display the full name when confirming successful FTP Login; e.g., "Myhostname FTP Logon Succeeded: John Smith/ KJDKKkkLLjjwlnttqoiybnm" I could not change the wording because this is a rubric, but I would like you to submit the changed .py file in a .zip file. Use the attached .py file as a base. I modified the method for JES. The assignment is: Make the following changes/additions to the function: • • • Modify the bruteLogin function to use both the passwd and shadow files. Assume your passwd and shadow files include two accounts. Change the bruteLogin to extract the username and full name from the passwd file and the password from the shadow file Change the output to display the full name when confirming successful FTP Login; e.g., "Myhostname FTP Logon Succeeded: John Smith/ KJDKKkkLLjjwlnttqoiybnm" First, you need at least 2 users in each file. I would write the files in the main area, before you call the bruteLogin() method and add the shadow file name to the list of parameters. Password files contain the user information, including username and full name. Shadow files include username and encrypted password. Linux systems keep user account information in the passwd file and the encrypted password in the shadow file. The passwd file containing account information might look like this: smithj:x:1001:1001:John Smith:/home/smithj:/bin/bash The shadow file containing password and account expiration information for users might look like this: smithj:KJDKKkkLLjjwlnttqoiybnm.:10063:0:99999:7::: I would create your 2 files based on this format. For this assignment, I would just leave the IP address as is. It does not connect, but that's OK. If you just run the program I attached, that is what it does. I would change the print statement to include the full name in addition to the username and password. I would change the print statement to print the full in the success case as the problem states. I would also print the full name in the case of failure. In my attached file of bruteLogin() made to run in JES, I just converted what was in the text, with the addition of creating the files. You need to include the IO operations in the try: except: blocks. If you had the shadow and password files created in your JES program, you do not need to include them. But, if you created your shadow and password files outside of JES, say with WordPad, you need to submit them. You do not want to hard code the file path. JES looks for files in the directory where the JES application is loaded. For instance, if I loaded JES in C:\JES\jes-5.020-windows-java-included\JES.exe, this is where JES puts its files. Let's say you created your shadow and password files in WordPad, copy them to the directory as stated above on your system. I found that when putting your file here, I had to change the Properties for the file to unblock them, since they were not created on my system. I think it is easier to allow the JES program to create the needed files. ...
Purchase answer to see full attachment

Tutor Answer

Ace_Tutor
School: UT Austin

attached is my answer

In the followng code, we have already modified the bruteLogin function so as to apply both the
passwd and shadow files. In addition, we have changed the bruteLogin so as to have the
username and full name extracted from the passwd file and the password extracted from the
shadow file and t...

flag Report DMCA
Review

Anonymous
Good stuff. Would use again.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors