In this assignment, you are to implement the dictionary attack we have discussed in the lectures. You are given a list of hashed salted passwords (the le [url removed, login to view] described below), and your task is to nd the password that corresponds to each hash. The hashes are computed using Linux crypt(3) function. As discussed in the lectures, crypt supports different hash functions to compute the password hashes. In this assignment, all the passwords are hashed using MD5, and each hash value is 128 bit long. The hashes are encoded in a base-64 encoding as explained in the lectures.
You do not need to understand the details of how crypt and MD5 work. You will be utilizing an open source implementation of the crypt function, which is part of the Apache Commons Codec (see the `Technical Specication' section).
There will be a time limit set for computing the passwords, so for the scope of this assignment, it is not feasible to nd the passwords using brute force. Instead, you are to guess the passwords using a `dictionary', which contains a list of commonly used passwords and selected words from English dictionary. This dictionary (the le [url removed, login to view] described below) is provided to you and you must use only the provided dictionary to implement your attack.
Some, but not all, hashes in [url removed, login to view] are computed from selected words from the dictionary. For the rest of the hashes, the passwords are generated from the dictionary following certain common patterns for generating passwords. Recent leaked password lists resulting from several hacks on commercial servers show recurring patterns of passwords. For example, here is a non-exhaustive list of patterns found in
those leaked passwords:
Numeric prex or sux: A large number of passwords are obtained by simply appending or prepending some numeric constants to a dictionary word. For example, leaked passwords from LinkedIn hack contains passwords of this pattern, such as `march31', '19link'.
Character substitution: One or more character in a password is substituted by similar looking characters. One very common substitution used is based on the so-called `leetspeak' that substitutes alphabets with similar looking numbers. For example, `e' is replaced by `3', `i' is replace by `1', `o' is replaced by `0', `s' is replaced by `5', `t' is replaced by `7', etc. So from a dictionary word such as `password' one could generate `passw0rd' (which is one of the frequently used passwords), and from `linkedin' one can generate `l1nked1n', etc.
Combination of words: This combines two or more words from a dictionary. For example, `gohome' is obtained by combining the dictionary words `go' and `home'.
To crack all the hashes in [url removed, login to view] you need to consider these and other kinds of transformations.
Would need to to be done within 60 hours!
Added assignment brief.
Hi, I am Java expert and can surely help you here with this project. Please communicate so we can discuss further. Thank you
Bu iş için 6 freelancer ortalamada $115 teklif veriyor
I am interesting with this project. Let me help you to solve this challenge. I just did a homework for another guy yesterday (cracked 10 hashes SHA1 use hashcat tool)
Added Me Skype>>>>> silakot09 <<<<<<<<For More Details ..........................................................................................