CISSP PRACTICE QUESTIONS – 20200715

Effective CISSP Questions

You are conducting pentesting and have exploited a vulnerability to gain access to the file, /etc/shadow, in which one line reads as follows:
root:$1$vb1tLY1q$6jf7S0s1/qsCHOGJLrDb.1:18009:0:120:7:14::
Which of the following is the most feasible to crack the line? (Source: Wentz QOTD)

A. Resolve by searching open-source intelligence
B. Try every possible combination
C. Employ a text file of the MD5 hash values
D. Download a table of pre-computed values in SHA


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Employ a text file of the MD5 hash values.

Shadowed Passwords

The file, /etc/passwd, is a text-based repository of Unix/Linux user accounts, while /etc/shadow is the repository of credentials or passwords.

The expression, root:$1$vb1tLY1q$6jf7S0s1, refers to the password hash of the user account, root, is 6jf7S0s1, which is hashed by MD5 ($1) with the salt, vb1tLY1q.

Rainbow Table

Both a text file of the MD5 hash values and a table of pre-computed values in SHA refer to the same thing, the rainbow table, which is  “a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes.” (Wikipedia)

Since a rainbow table is a collection of precomputed table, the hash algorithm used matters. In this question, $1 means MD5, so you have to use a rainbow table of MD5 hash values.

OSINT

Resolve by searching open-source intelligence means OSINT. It can be used to search well-know hash values. For example, you can Google for the following notoriously poor passwords:

  • 4A7D1ED414474E4033AC29CCB8653D9B (MD5 hash of “0000”)
  • 5F4DCC3B5AA765D61D8327DEB882CF99 (MD5 hash of “password”)
  • 81DC9BDB52D04DC20036DBD8313ED055 (MD5 hash of “1234”)

Brute-Force

Try every possible combination refers to brute-force.

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

Source: Wikipedia

Reference


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

 

您正在進行滲透測試,並且已經利用一個漏洞來訪問文件/etc/shadow,其中一行內容如下:
root:$1$vb1tLY1q$6jf7S0s1/qsCHOGJLrDb.1:18009:0:120:7:14::
要破解這個訊息,下列哪種方法最可行?
A.通過搜索開源情報來解決
B.嘗試所有可能的組合
C.使用有MD5雜湊值的文字檔案
D.下載預先計算,具有SHA值的表

Leave a Reply