Hacking

I’ve seen it before, a customer deletes a file and then needs it restored. Normally a challenging request, but under special circumstances a process may have the file opened. While showing my son some fun and exciting Linux security scenarios, I recalled all those times I was able to recover data from the /proc (in memory) filesystem. In order to visualize this scenario I threw together a small Dockerfile and had him poke around:

My son asked the other night if hacking computers really worked like on television, and if numbers/words really flashed across the screen. I explained to him a bit, then told him we could make something that looked like he seen on television. Below is a print out I wrote for him. Keep in mind I tried to dumb it down a bit for my 10 year old son. Hacking MD5 Hashes What is a MD5 Hash?

DISCLAIMER Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country. THE CODE In this paper we are going to go over the reverse engineering of a simple compiled C++ binary, if you look below I have included the source code.

DISCLAIMER Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country. THE CODE In this example we have a bit more complicated program which assigns two integers to varibles then performs a multiplication on them to get our code :

Since my last post showed how to check a salted password, I figured this time we can look over some example code for brute forcing a salted password. Of course this is just proof of concept and should not be used on any password you do not have access to. The code I tossed together is using a bit of some examples I found online, and is no where near optimized for speed, but as I will show it will work.

Well today I spent a bit of time looking up how /etc/shadow created their shadow passwords. I found a good source for the method at http://www.akkadia.org/drepper/SHA-crypt.txt , and if you take some time to review it you will notice the steps are a bit involved Lucky for us Python has a Crypt module that works nicely. First off I started by creating a dummy user with the password of test on one of my Linux computers:

After a bit of thinking I believe I have a better way to create all possible ASCII pass phrases, rather than create a recursive function that calls itself as I did in the previous post. This method takes a slightly different approach, but I believe it to return the same results. First off let’s create a list of all lower case ASCII character numbers: >>> chars = range(97, 123) >>> chars [97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122] >>> map(chr, chars) ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'] Next we can set our max word width and current word width variables: