Hackers Beware

administrator access to the system, it is very hard to tell what is authorized and what is unauthorized activity. Also, the potential for damage increases because, by a slip of the hand, a user can accidentally delete the entire system if he is logged on as domain administrator. On the other hand, if only a few people have domain administrator access, an administrator can quickly scan and detect unauthorized access.

Summary

As you can see in this chapter, password security is not an area that can be ignored. Any company that is serious about security has to make sure they properly address password security and that their users have strong passwords. Also, do not assume that an out-of-the-box installation will be enough, especially with Microsoft NT. An administrator needs to make sure that she understands what is going on and secures the passwords as much as possible. For example, I would recommend any company that is using NT to upgrade all their clients to either Windows NT or 98 and disable LAN Manager hashes. With LAN Manager enabled, there is little that can be done to properly secure the network.

It is also important to note that, except in cases where you only have limited use for your password cracking program, L0phtcrack would be the best choose for testing the strength of passwords on your network. Always keep in mind that it is good to have other tools in your toolbox, so you might want to obtain a copy of the other programs, such as NTSweep, PWDump2, and NTCrack, because you never know when you might need them.

In this chapter, we have looked at password cracking on NT. In Chapter 10, “UNIX Password Crackers” we look at it from a UNIX perspective and see what similarities and differences exist.

Chapter 10. UNIX Password Crackers

So far in this section, we have discussed password management, password cracking, and the password issues that surround a Microsoft Windows NT environment. Hopefully at this point, you realize the importance of passwords and why it is so important to understand how to use these tools. Because so many companies have weak passwords and

this is a primary way attackers breach security, it is critical that security professionals understand the weak points and use tools like password crackers to improve these areas.

Now we will jump into the UNIX world and illustrate how UNIX deals with passwords. UNIX passwords do not have the same vulnerabilities that NT passwords have, but UNIX has its own set of issues to deal with. This chapter covers how UNIX passwords are stored on the system and what can be done to make those passwords more secure. Then, we will cover the following tools that are used to crack UNIX passwords:

•Crack

•John the Ripper

•XIT

•Slurpie

Each of these tools has different strengths and weaknesses, and by covering several, I will help you pick the right tool for your environment.

You might also want to have several or all of these tools in your toolbox because in different scenarios, a different tool might be quicker or easier to use. Remember: construction workers do not build a house with just one tool; they use several. The same thing goes for security. To secure your environment, you are going to have to use several tools. A common mistake is that companies look for the silver bullet, the single tool that will solve all of their security needs. Well, it doesn’t exist.

To have a secure environment, you are going to have to use several tools, across various domains. This concept is called defense in depth. Only by utilizing several tools can you truly have a secure site. If you use a single tool and there is vulnerability in that tool, or that tool fails, your security has just been defeated. On the other hand, if you have multiple tools, one tool can back up another tool if it fails.

Password cracking software plays a key role for a security professional and should be part of your toolbox. Remember, one of the ways that an attacker compromises a machine is by guessing a weak password. One of the ways to protect against this is to identify weak passwords and force users to change them before an attacker guesses them.

The easiest way to identify weak passwords in your company in a UNIX environment is to utilize one of the tools discussed in this chapter. Only by running a password cracker against user accounts can you identify the weakest link in your company’s chain of defense. Only by knowing what the weakest link is can you fix it and improve the security of your site. In this business, ignorance is deadly and knowledge is power. If you find the weak passwords at your site, you know which users you need to work with

to improve your security. Only by doing this can you take the power away from the attackers and give it back to your company, which is where it belongs.

Where Are the Passwords Stored in UNIX?

To understand how password cracking works in UNIX and how to protect against it, you need a basic understanding of how passwords are stored on a UNIX system. Early versions of UNIX contained a file /etc/passwd, which stored all of the user IDs and encrypted passwords in the same file. This file was a text file and contained the user ID, encrypted password, home directory, and default shell. The following is a sample passwd file:

root:6T1E6qZ2Q3QQ2:0:1:Super-User:/:/sbin/sh eric:T9ZsVMlmal6eA:1001:10::/usr/eric:/bin/sh John:.D532YrN12G8c:1002:10::/usr/john:/bin/sh mike:WD.ADWz99Cjjc:1003:10::/usr/john:/bin/sh mary:DEvGEswDCVOtI:1004:10::/usr/mary:/bin/sh sue:XEsB/Eo9JCf6.:1005:10::/usr/sue:/bin/sh lucy:CFWow5IYPyEHU:1006:10::/usr/lucy:/bin/sh pat::1007:10::/usr/pat:/bin/sh doug:NP:1008:10::/usr/doug:/bin/sh tim:sXu5NbSPLNEAI:1009:10::/usr/tim:/bin/sh cathy:BYQpdSZZv3gOo:1010:10::/usr/cathy:/bin/sh frank:bY5CQKumRmv2g:1011:10::/usr/frank:/bin/sh tom:zYrxJGVGJzQL.:1012:10::/usr/tom:/bin/sh karen:OZFGkH258h8yg:1013:10::/usr/karen:/bin/sh

The general format for the passwd file is as follows:

Username:passwd:UID:GID:full_name:home directory:shell

The following is a brief explanation of each field:

•Username . Stores the username of whom the account belongs to. The username and password are used to authenticate the user. Sometimes, usernames can give away more information than you want. For example, if you use first initial last name, this information can be used for social engineering. Or worse, if you have accounts like ericroot or sallyadmin, an attacker now has a good idea that these accounts will give him special access and might be a better target than other accounts.

•Passwd. Stores the user’s encrypted password. If shadow files are used, an x appears in this location.

•UID. The user ID or the user identification number. You can choose a user ID if you want, but for the most part, the system chooses this for you.

•GID. The group ID or group identification number, which reflects the native group that the user belongs to. A user must always belong to his native group at a minimum.

•Full name. This field usually contains the user’s full names but is not mandatory.

•Home Directory. Stores the location of the user’s home directory.

•Shell. Stores the user’s default shell, which is what is running when the user first logs onto the system. In the early days of computing, security was not a concern; ease of access, sharing of information, and troubleshooting were the main priorities. Having a file that was world readable, which means any user who was on the system had access to read the file, made it easy to troubleshoot and fix the system. One problem with passwd was that the file was world readable. If a user typed more /etc/passwd, he could see the entire file. At first, being world readable seemed to be a benefit because it provided easy access for authentication.

With the rise of computer hackers, the introduction of password crackers, and the increased awareness for security, being world readable became a major security weakness. For example, today, if a user with standard access wants to acquire additional access privileges but is rejected by the system administrator, the user can easily obtain root access by reading the passwd file and running it through a brute force password cracker. Another, more harmful, example is if a guest account is not properly secured and the attacker gains basic access to the system. Again, with world readability, every user has read access to the file, which enables the attacker to copy it and crack it from the comfort of his home.

These types of attacks where a user logs on as guest and acquires the password file to obtain root access are commonly referred to as elevating privilege attacks. Ideally, an attacker wants to gain root access to a UNIX machine. In some cases, this is easy to do; in other cases, it is much harder. In cases where it is difficult, an attacker tries to gain a lower level of access such as guest privileges or tries to log on as a normal user. After initial access is gained, the attacker then tries to gain root access by increasing or elevating his access.

To further illustrate this example, let’s look at the following scenario. John, one of the consultants for ABC Company, needs to transfer a file to the company at the end of a project. Because this is a one-time occurrence, the company creates a guest account for John. Unfortunately, the IT staff is overworked, forgets about the account, and forgets to delete or disable it after John uses it. Several weeks later, an attacker finds the account. Because it has minimal access, there is not a lot he can

do, but he can read and obtain a copy of the /etc/passwd file. He then runs a password cracker for two weeks from his home and obtains root access.

Shadow Files

To create a solution to the readability problem, UNIX, on its latest versions, split the passwd file into two files. The passwd file still exists, however it contains everything except the encrypted passwords. A second file, shadow, was created, which contains the encrypted password. The shadow file is only accessible to root. The following is a sample passwd file where a shadow file is used:

root:x:0:1:Super-User:/:/sbin/sh eric:x:1001:10::/usr/eric:/bin/sh John:x:1002:10::/usr/john:/bin/sh mike:x:1003:10::/usr/john:/bin/sh mary:x:1004:10::/usr/mary:/bin/sh sue:x:1005:10::/usr/sue:/bin/sh lucy:x:1006:10::/usr/lucy:/bin/sh pat:x:1007:10::/usr/pat:/bin/sh doug:x:1008:10::/usr/doug:/bin/sh tim:x:1009:10::/usr/tim:/bin/sh cathy:x:1010:10::/usr/cathy:/bin/sh frank:x:1011:10::/usr/frank:/bin/sh tom:x:1012:10::/usr/tom:/bin/sh karen:x:1013:10::/usr/karen:/bin/sh

The example is similar to the passwd file that was shown previously where there was only a passwd file on the system, no shadow file; but now an x replaces the encrypted passwords. The following is the corresponding shadow file:

root:6T1E6qZ2Q3QQ2:6445::::::

eric:T9ZsVMlmal6eA:::::::

John:.D532YrN12G8c:::::::

mike:WD.ADWz99Cjjc:::::::

mary:DEvGEswDCVOtI:::::::

sue:XEsB/Eo9JCf6.:::::::

lucy:CFWow5IYPyEHU:::::::

pat::::::::

doug:NP:::::::

tim:sXu5NbSPLNEAI:::::::

cathy:BYQpdSZZv3gOo:::::::

frank:bY5CQKumRmv2g:::::::

tom:zYrxJGVGJzQL.:::::::

karen:OZFGkH258h8yg:::::::

As illustrated, the original passwd file contained the user ID, encrypted passwords, and other information about the user. In the updated version, the encrypted password is no longer in the passwd file; it is moved to the shadow file. The format for the shadow file is as follows:

username:passwd:last:min:max:warning:expire:disable

In some cases, only the first two fields are used. The remaining fields can be used to make the passwords more secure. The following are the fields that are contained in the shadow file:

•username. The user’s name of the account. There should be a corresponding line in the passwd file with the same username.

•passwd. Contains the encrypted password.

•last. Contains the date of the last password change.

•min. The minimum number of days until the password can be changed.

•max. The maximum number of days until the password must be changed.

•warning. The number of days that the user is warned that the password must change.

•expire. The number of days in which the password expires and the account is disabled.

•disable. The number of days since the account has been disabled.

Note: Dates are stored as the number of days since January 1, 1970.

Also note: Any entry in the shadow file that has an asterisk (*) identifies accounts that should never log in, and the system should deny any attempt of someone trying to log in with this user account.

By using a shadow file, the effectiveness of password cracking is reduced, due to the attacker’s inability to have root access to crack a file. If you are using a version of UNIX that does not use shadow files, you can either upgrade to the latest version of the operating system or obtain a patch from the corresponding vendor. The easiest way to tell if a system is using shadow files it to type more /etc/passwd. After the user ID, see if there is an x or random characters. If there is an x, the system is using shadow files; if it is random text, it is not. Another way is to see if the shadow file exists on the system. For example, with Linux, you can install the shadow utility package and then run the pwconv utility to convert your passwd file to a shadow file. Depending on which version of UNIX (or Linux) you are running, you can go to the appropriate vendor’s web site to obtain a utility to convert your system to use shadow files. For example, with Redhat Linux, you would go to www.redhat.com.

It is important to mention that using shadow files is safer than before, but there still is a security risk. To break into a system using a password, an attacker needs a valid user ID and a password. Some cases are easier than others to obtain valid user IDs. Because there is still a passwd file that is world readable, an attacker could use this to obtain a list of all valid users on the system, which could then be used to launch a password guessing attack. Also, even though shadow files require root access, there are several attacks that an attacker could use to acquire a copy of the shadow file without obtaining root access directly. One such exploit is imapd, where the system displays the shadow file on the screen, which allows an attacker to copy and crack it.

How Does UNIX Encrypt Passwords?

UNIX uses an encryption algorithm called Crypt to encrypt its passwords. Crypt is a hash algorithm, which performs a one-way transformation of the password. There is no way to unencrypt a password that has been encrypted with Crypt. To guess a password, an attacker runs a password guess through Crypt and compares the encrypted guess with the encrypted password; if there is a match, the password has been guessed.

Each encrypted password is 11 characters and is combined with a 2- character salt to get a 13-character password. A salt is a random string that is used to randomize the password. Without a salt, two users who have the same password would have the same encrypted password. With a salt, each user has a different encrypted password, because the salts are different for each account. This is a key attribute of salts: they must be random. If two users have a high chance of having the same salt, the usefulness of the salt is decreased. For example, if I create two users with a password of yellow, the following are the passwords that are stored on the system:

XcRqBAu2wfRQo

5pjoJnbeVEUbw

Notice that even though they have the same plain text password, the encrypted version of each user’s password is stored differently on the system. The reason for this is that they both have different salts, which randomize the password and make the encrypted passwords different. As you saw with NT, this increases the time it takes to crack a password. Without a salt, an attacker would just encrypt a possible password once, and everyone who has that password would have it cracked. Remember, this is why l0phtcrack can run so quickly. With a salt, an attacker has to go through and re-encrypt each password with a different salt to crack everyone’s password.

To illustrate how UNIX encryption works, the following is a small PERL program that takes a plain text word and generates the encrypted password:

#!/usr/bin/perl

srand( time() ^ ($$ + ($$ << 15)));

@salts=('46' .. '57', '65' .. '90', '97' .. '122'); print "Enter a password: ";

chop ($password=<STDIN>);

print "The results are: ", crypt ($password, ( chr ($salts[int(rand $#salts+1)] ) .

chr ($salts[int(rand $#salts+1) ] ))), "\n";

The following is a sample run from using the program:

[eric@seclinux1 eric]$ perl encrypt.pl Enter a password: yellow

The results are: 7CNVwu.lRKxoE

You will learn more about UNIX password crackers in the next section of this chapter, “UNIX Password-Cracking Programs,” but just to show you that this works, I took this value and pasted it into a sample password file, as follows:

test: 7CNVwu.lRKxoE:1001:10::/usr/eric:/bin/sh

I then ran it through a password cracker. In approximately one minute, I received the following results:

USERNAME PASSWORD REAL NAME USER ID HOME DIRECTORY

--------------------------------------------------------------

This shows that an attacker can encrypt and crack the password to obtain the original plain text password. One of the reasons the password was cracked in such a short interval of time is because the password is a dictionary word that only contains letters. Because this was a dictionary attack and this word was in the dictionary, it was cracked quickly. If you had picked a password of random characters and numbers and performed a brute force attack, it would have taken considerably longer to crack the password. Because UNIX uses salts to increase the randomness of passwords, to crack a password, the program needs to obtain the salt. The salt is stored along with the encrypted passwords; so for each user,

the program obtains the salt, combines it with the guess of the password, and runs it through the encryption algorithm that is being employed. If the result matches the encrypted value stored for that user, the password has been cracked; if it doesn’t, it moves on to the next guess.

With a newer version of UNIX, you can employ other encryption options besides Crypt. One such option is MD5 hash algorithm, which provides for a stronger encryption of the password file. Again, hash algorithms cannot be decrypted because they are irreversible, one-way transformations of the data. For example, with RedHat Linux, when you install the operating system, you are given an option of whether you want to use a shadow file and whether you want to use MD5.

UNIX Password-Cracking Programs

Now that we have covered how passwords are stored on UNIX and how UNIX encrypts passwords, we can cover some common UNIX password crackers. If you search the web or go to www.astalavista.com, a network security/hacker search engine, and type in UNIX password crackers, you receive several results.

The programs I chose for this section were selected because they cover the range of features that are offered in UNIX password crackers and are also the most popular— for example, the first program that we will cover, Crack, is probably one of the most popular password crackers for the UNIX environment. When covering the various password-cracking programs, it is important to remember that there are three basic methods of cracking programs: dictionary, brute force, and hybrid attacks.

Dictionary attacks are usually performed first because they are the fastest, but they are not guaranteed to find every password. Also, it is important to remember that a dictionary attack is only as good as the dictionary that is used. Therefore, it is important to spend a little time to build a solid dictionary that contains most of the common words that users of a company might use for their password.

A brute force attack takes the longest amount of time to perform, but it is guaranteed to find every single password. It might take 100 years, but it will eventually crack every password.

Because most passwords are a dictionary word with a couple of numbers or special characters appended to the end, a hybrid attack is also used. A hybrid attack takes more time than a dictionary attack and less time than a brute force attack, but it usually finds several additional passwords that a dictionary attack could not crack.

Crack

Crack is a password-cracking program that is designed to quickly locate weaknesses in UNIX passwords. Crack runs only on UNIX operating systems and was designed to crack only UNIX passwords. This is an important point because some passwords crackers run on various operating systems (as you will see later in this chapter) and can crack passwords from various systems. Crack uses standard guessing techniques to determine the passwords. It checks to see if the passwords are any of the following:

•The same as the user ID

•The word password

•A string of numbers

•A string of letters

Crack works by encrypting a list of likely passwords and seeing if the results match any of the user’s encrypted passwords, which must be supplied prior to running the program. Crack, written by Alec Muffet, is available at CERIAS (which use to be Coast) and is run out of Purdue University at http://www.cerias.purdue.edu/. CERIAS has an extensive number of other useful tools available to download. Muffet’s web site is http://www.users.dircon.co.uk/~crypto/ and contains some information on Crack and other programs he has written. Crack uses a dictionary and connotations of words to break passwords that have been encrypted with Crypt (which is the algorithm UNIX uses to encrypt passwords). Similar to NT password-cracking programs, Crack computes the encrypted password of the guess to see if there is a match. Crack’s primary function and original purpose is to crack passwords on a UNIX machine. Several versions have been ported to other operating systems, but they do not work as well as the original program, which was designed for UNIX.

Crack is beneficial because it has a modular approach. Crack is only used to crack user passwords, but the reason it is so useful is because it comes with various other scripts that help make your job and the hacker’s job easier. For example, you can use one script to obtain the encrypted passwords, another to crack the passwords, and a different script to view the results. You must understand how these tools work and use them on your system, because if you don’t, an attacker will and then it will be too late.

For example, Reporter is used to view the results of running Crack, whereas shadmrg is used to combine password files. This is very useful because by breaking out the functionality, they make Crack very flexible and adaptable for use in various environments.