create_rainbow_table_INCOMPLETE.py  import hashlib fp = open("10K_PLAINTEXT_PASSWORDS.txt", "r") # open for reading # Read existing file with plaintext passwords lines = [line.rstrip() for line in fp.readlines()] fp.close() # OPEN FILE TO STORE HASHED PASSWORDS HERE outfile = ...... # loop through each entry in lines # Call the md5 function in hashlib and pass it the password string in bytes. md5_hashed = ..... # Write the hexdigest of the md5_hashed object to the outfile. ..... outfile.close() 

recover_hashed_passwords_INCOMPLETE.py

from timeit import default_timer as timer

file1 = open("RECOVERED_PASSWORD_HASHES.txt")

recovered_hashes = file1.readlines()

file1.close()

file2 = open("RAINBOW_TABLE.txt")

indexed_hashes = list(enumerate(file2))

file2.close()

file3 = open("10K_PLAINTEXT_PASSWORDS.txt")

laintext_passwords = file3.readlines

()file3.close()

# for each candidate hash in recovered_hashes

# you'll need some way to stop the inner for loop search

# maybe use a flag variable (True/False)

for i,hash in indexed_hashes:

if candidate.rstrip() == hash.rstrip():

print("MATCH: hash # " + hash + " = " + plaintext_passwords[i])

print("The search took x microseconds")

# this part of the code is to be executed if there is no match after a search through

# the entire list of indexed_hashes. maybe condition on your flag variable

print("NO MATCH FOUND FOR ", candidate.rstrip())

print("The search took x microseconds")

INTRODUCTION

From your research, youve found that many IoT systems are vulnerable from poor password authentication. Rather than storing passwords in plaintext on the device, one common approach is to hash the password using a cryptographic hash function, and then store the hash values. This way, if an attacker is able to recover the hashed password file, it would be difficult for the attacker to recover the password from the hashed values. Weve talked about brute force and dictionary password attacks. Another type of attack is called a rainbow table attack, wherein the attacker uses a pre-computed table of hash values from common plaintext passwords. The idea is that rather than having to pick a plaintext password from a list, compute the hash value, then compare that hash value to a value from the hashed password list, the attacker just has to pick a hashed value from the password list and see if it appears in the rainbow table. If there is a match, the rainbow table gives the corresponding plaintext password. For this project using Python you will explore these concepts to create a simple rainbow table from a list of common plaintext passwords. You will then try to find the plaintext passwords from a list of hashed passwords that you, the attacker, have recovered.

TASKS

Modify the Python script create_rainbow_table_INCOMPLETE.py to read in each entry of 10K_PLAINTEXT_PASSWORDS.txt, hash each plaintext password with MD5, and write each hashed password to the file RAINBOW_TABLE.txt. Your main task here is to hash the passwords and write the hashes to a text file.

Modify the Python script recover_hashed_passwords_INCOMPLETE.py to read a recovered hashed password, see if that hashed password exists in the rainbow table, then find the corresponding plaintext password; output the matches if they are found and record how long it takes to search for each password. Your main task here is to put the timing commands in the correct places.

SUBMISSION

The pdf report should contain for each captured password hash value:

Password hash value

Recovered plaintext password (or NA if you were not able to recover the password)

Time to search the entire rainbow table (if hash is not located) OR time to recover plaintext password (if hash is found).

Finally include answers to these questions based on the timing data you collected:

1. Min time to recover a password

2. Maximum time to successfully recover a password

3. Time needed to search the entire rainbow table when no password could be recovered.

TIMING EXAMPLEIn Python, as an example, for this project you could generate timing statistics using the following

:# best timer to use across windows/unix platforms from

timeit import default_timer as timerstart

Time = timer()

# your code to search the hash list for a match

endTime = timer()

print ('It took ', (endTime - startTime)*1000000, ' microseconds.')

FILE I/O EXAMPLE

Reminder: to read from or write to a file stored on the harddrive, you use the open() function to create a file object:fp = open(filename, mode)Where filename is the string name of the file, and mode depends on whether you want to read from a file (r) or write to a file (w).Here is an example of opening a file for reading:

fp1 = open("10K_PLAINTEXT_PASSWORDS.txt", r)

Here is an example of opening a file for writing:

fp2 = open("foo.txt", "w")

Once reading or writing a file, it is a best practice to close the

file pointer:fp.close()

Once the file has been opened for reading, one way to read in the lines of the text file into a list variable is:

lines = fp.readlines()

Since every line as the newline character at the end, a better way is to first strip off end control characters:

lines = [line.rstrip() for line in fp.readlines()]

To write lines of text to a file, you can use the write() function, though remember to append an ending newline character before writing the text to the file:

for line in lines:

fp.write(line + " ")

RECOVRED_PASSWORD_HASHES.txt

fd820a2b4461bddd116c1518bc4b0f77 5e8667a439c68f5145dd2fcbecf02209 101a6ec9f938885df0a44f20458d2eb4 17329d04740580aa2ad2ecb102c2374a ea9f6aca279138c58f705c8d4cb4b8ce bb2e4c1498162eb6743f1728e8e403fe f25e84eda60b2c0915410f75d941d14c aca14b64eedb3711ca9129cfa568aaf6 b1148e254afb4e7ceacaf1a197116cf2 ac4599d019e13e20efade45393c9a162

10K PLAINTEXT PASSWORDS.txt

https://docs.google.com/document/d/114f3bcDJgouovsPvAlS_nKit4fTDv302oyiHZ6q5ceo/edit?usp=sharing