Assignment
60 points
Instruction:
· Show your own work (at least 50% penalty otherwise)
· Submit
(1) a single word document containing the source code (copied from the source program file) of your program and screenshot of the program run including the number of words tested.
· Submit
source program files (e.g.,checker.py) and a Word document containing the plaintext password found, the number of words tested, and the screenshot capturing the program run and the password found, and the source code (copied from the source program file)
· Make sure you submit the intended one. It is recommended that you download what has been uploaded and double-check if the correct document has been submitted.
· You can submit as many times as you want, but the last submission will only be graded. If the last submission is made after the deadline, there will be a late submission penalty.
· No plagiarism: Do not copy and paste any from textbooks and other resources to answer questions (Zero points will be given otherwise).
· No resubmission/extension request will be accepted.
Problem 1. Linux File Permissions (20 pt., 4 pt. each)
For each permission requirement below, provide (1) symbolic permission and (2) 4-digit octal (numeric) permission.
a. For a file named “a.png”,
· Owner: can read and write
· Group: can read and write
· World: forbidden
Symbolic permission?
Numeric permission?
b. For a directory of “dir1”,
· Owner: can read, write, and execute
· Group: can read and execute
· World: can read and execute
Symbolic permission?
Numeric permission?
c. For a file named “passwd”,
· Owner: can read, write, and execute
· Group: can read and execute
· World: can read and execute
· Set user ID bit enabled
Symbolic permission?
Numeric permission?
d. For a directory of “dir2”,
· Owner: can read, write, and execute
· Group: can read, write, and execute
· World: can read, write, and execute
· Sticky bit enabled
Symbolic permission?
Numeric permission?
e. For a file of “b.txt”,
· Owner: can read, write, and execute
· Group: can read, write, and execute
· World: can read and execute
· Set group ID bit enabled
Symbolic permission?
Numeric permission?
Problem 2. (10 pt.) Password Strength Checker
What makes a strong password?
Strong passwords have many different attributes:
· Length – typically > 8 characters
· Case – contain both uppercase and lowercase letters
· Special characters – contain at least one special character (e.g., !, %,@)
· Numbers – contain one or more numbers
· Additionally, your password should never contain any personal information (like your birthday, middle name).
Develop a Python or C++ program that can check the strength of a password. There are a few requirements for the program.
Requirements
· Take user input (the password to be tested)
· Calculate a score based on the contents of the password
· Tell the user the score of their password
· Tell the user the strength of their password (Weak, Moderate, Strong)
Below is a python program snippet for reference.
# Get user’s password to check
userPassword = input(“What is your password: “)
# Set a baseline for the possible counts of each character type
# Loop through each character and see what type it is
# Calculate the score of the password
# Tell the user how strong their password is
Problem 3. Password Brute-force Attack (30 pt.)
Write a program that performs the brute-force attack to break the password. The following table shows encrypted passwords using the crypt() function. Your mission is to break the password corresponding to your CWID in the table. For example, the last digit of your CWID is 1, then you should identify the password for indBOW06MoVz6.
In this case my last number is 7.
Last digit of CWID | Encrypted password |
1 | indBOW06MoVz6 |
2 | in79RsnfG/VWo |
3 | inbqJM0dLgWvo |
4 | incT1ji3YqQ/Y |
5 | in7haMV00ylgk |
6 | in1U0tb9WpIcI |
7 | inPlXS.yNKivQ |
8 | inqidvfWapJp2 |
9 | injY7hdQJTeu2 |
0 | inQW.HgtuEe.M |
Crypt() is a function to check UNIX/LINUX passwords, and the encrypted passwords above are encoded by the standard crypt() function. Hence, you should use the crypt() function to break the password. The crypt() function takes two input parameters and returns the encrypted password, as follows:
Input parameters:
· Password (plaintext): string
· Salt: string
Output:
· Encrypted password: string
The password length is six and the salt is set to ‘infosec’ (without using the quotation mark). For the brute-force attack, you should try 6-character lower case letters of alphabet from ‘aaaaaa’, ‘aaaaab’, ‘aaaaac’, …, to ‘zzzzzz’, with the salt. Report the original plaintext password by breaking the encrypted password (one based on your CWID). Also report how many words you tested to find the original password.
It is recommended to write a program using either Python or C/C++. While there are numerous resources for referencing crypt(), the following shows just two of them (but you can refer to any other helpful resources).
· C:
–
pages/man3/crypt.3.html
Below is a python program snippet for reference.
# Please show the pycharm inside our VM with Kali Linux to do the coding # import the following modules import pwd import crypt #usage and sample output password = “computer” salt=”science” crypt.crypt(password, salt) |
Output is:
‘scRKJfdmHndxk’
Finally, submit the following:
· Screenshot showing the program running, the key found, and the number of words tested: 10 pts.
· Source code in the document: 10 pts.
· Source programming file (must be compliable and executable): 10 pts.
1
1
1
