You are conducting pentesting and have exploited a vulnerability to gain access to the file, /etc/shadow, in which one line reads as follows:
Which of the following is the most feasible to crack the line? (Source: Wentz QOTD)
A. Resolve by searching open-source intelligence
B. Try every possible combination
C. Employ a text file of the MD5 hash values
D. Download a table of pre-computed values in SHA
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Employ a text file of the MD5 hash values.
The file, /etc/passwd, is a text-based repository of Unix/Linux user accounts, while /etc/shadow is the repository of credentials or passwords.
The expression, root:$1$vb1tLY1q$6jf7S0s1, refers to the password hash of the user account, root, is 6jf7S0s1, which is hashed by MD5 ($1) with the salt, vb1tLY1q.
Both a text file of the MD5 hash values and a table of pre-computed values in SHA refer to the same thing, the rainbow table, which is “a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes.” (Wikipedia)
Since a rainbow table is a collection of precomputed table, the hash algorithm used matters. In this question, $1 means MD5, so you have to use a rainbow table of MD5 hash values.
Resolve by searching open-source intelligence means OSINT. It can be used to search well-know hash values. For example, you can Google for the following notoriously poor passwords:
- 4A7D1ED414474E4033AC29CCB8653D9B (MD5 hash of “0000”)
- 5F4DCC3B5AA765D61D8327DEB882CF99 (MD5 hash of “password”)
- 81DC9BDB52D04DC20036DBD8313ED055 (MD5 hash of “1234”)
Try every possible combination refers to brute-force.
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.