I've started another strange network server process, listening on port 80 of the server "target.cs.uaf.edu". Your assignment is to see firsthand how a restricted password can be recovered purely from its hash.
The server listening on port 80 of target.cs.uaf.edu is NOT a webserver. Instead, it speaks the following very simple protocol:
Here's an example run. Things I typed in are in italic.
my_box> telnet target.cs.uaf.edu 80 Trying 220.127.116.11... Connected to target.cs.uaf.edu. Escape character is '^]'. Welcome to the CS 493/693 HW3 target. Send your UAF email ID and a newline foobar Which problem would you like to solve (1-5)? 1 <- Each email and problem will have a different secret password Problem 1: I'm thinking of a one-character printable ASCII password. Password's SHA1 hash: d160e0986aca4714714a16f29ec605af90be704d Please enter the password: L <- I cracked this with "brute.cpp" from the hash above YES! That's the password! Problem complete. Closing connection. ^] <- That's "control-right bracket" telnet> close Connection closed.I'll keep your highest grade--you can repeatedly attack the server as many times as you like. Please do not denial-of-service the target, or try buffer overflows (but there shouldn't be any).
There are 5 problems:
You should be able to do all 5 problems using just "telnet" run interactively. Unless you're really lucky, you'll almost certainly need to use the "brute.cpp" password-cracking code in the homework support directory (Directory, Zip, Tar-gzip). "brute.cpp" should build fine on Linux or Windows, but it takes the input hash on the command line. You can also read more about how the passwords are generated by reading the "grader.cpp" server (although the grader code is UNIX-specific).
Note that backspaces *look* like they work, but they actually don't! I recommend copy-and-pasting hashes and passwords.
The passwords are generated on the fly via a deterministic hash of your email address and a secret string (SECRET_BIAS in grader.cpp). This means you'll be asked for the same passwords each time you run, but it won't help to turn in your buddy's cracked passwords. If you're really dedicated, it's theoretically possible to recover the 16-digit SECRET_BIAS just by looking at the generated passwords--but as far as I can tell, it's computationally infeasible!
You should be able to bruteforce all of these passwords in about
one second--if you think you need to search for hours, think harder
about how you're generating the possible passwords.
You don't need to turn anything in--I'll get your grade right out
of the server logs!