Scribd Logo
Upload

Welcome to Scribd!

  • Security Assignment

    Uploaded by

    KaiWei Lee
    53 views3 pages
    1) The document discusses decrypting 10 encrypted files using a brute force attack program called Hashcat. 9 out of the 10 files were successfully decrypted. 2) The complexity of decrypting the files ranged from very easy to insanely hard, depending on the types of characters used in the password and password length. Longer passwords with a mix of upper/lowercase, numbers, and symbols were the most difficult to crack. 3) Lessons learned show that password complexity, length, and hashing method all impact the difficulty of brute force cracking. Stronger passwords require exponentially more attempts to crack.

    Original Description:

    Original Title

    security assignment

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1) The document discusses decrypting 10 encrypted files using a brute force attack program called Hashcat. 9 out of the 10 files were successfully decrypted. 2) The complexity of decrypting the files ranged from very easy to insanely hard, depending on the types of characters used in the password and password length. Longer passwords with a mix of upper/lowercase, numbers, and symbols were the most difficult to crack. 3) Lessons learned show that password complexity, length, and hashing method all impact the difficulty of brute force cracking. Stronger passwords require exponentially more attempts to crack.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    53 views3 pages

    Security Assignment

    Uploaded by

    KaiWei Lee
    1) The document discusses decrypting 10 encrypted files using a brute force attack program called Hashcat. 9 out of the 10 files were successfully decrypted. 2) The complexity of decrypting the files ranged from very easy to insanely hard, depending on the types of characters used in the password and password length. Longer passwords with a mix of upper/lowercase, numbers, and symbols were the most difficult to crack. 3) Lessons learned show that password complexity, length, and hashing method all impact the difficulty of brute force cracking. Stronger passwords require exponentially more attempts to crack.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    In this assignment we managed to decrypt 9 files out of 10 files using a Brute-force attack, we

    used a program with an algorithm to test password one by one following the hints given. The
    tool used for decrypting the file is Hashcat. Below are the steps are taken to use Hashcat.
    1. Use hash our documents from a website
    called https://www.onlinehashcrack.com/tools-office-hash-extractor.php
    2. Create a text file and copy the hash code to the file.
    3. Open your CMD and type: cd [the directory of your hashcat]
    4. Different code for a different file will be provided below.

    First, the password of the first file is 57913, the complexity of decrypting the file is very easy.
    The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] ?d?d?d?d?d
    The lesson learnt from decrypting file1.txt is that from the hashcode, we found that all
    numbered password is very weak, as one number only has 10 combinations and
    100000 combinations for 5 numbers, and it takes the shortest time amongst all the file we
    cracked.

    Second, the password for the second file is HJGYBN, the complexity of decrypting the file is
    easier than the first file. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] ?u?u?u?u?u?u
    The lesson learnt from decrypting file2.txt is that all upper case charactered password is also
    weak, but it’s still stronger compared than file1.txt as it uses all upper case password which
    one upper-case password has 26 combinations and the length of the password is 6 compared to
    file1.txt which has only 5 of them. Hence 6 upper case would have 308915776 which is ways
    more than in file1.txt

    Third, the password for the third file is SgIAvb, the complexity of decrypting the file is
    medium which is harder than file2. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code]-1 ?l?u ?1?1?1?1?1?1
    The lesson learnt from decrypting file3.txt is that the password consisting upper case and lower
    case charactered password is harder to crack compared to file2 and file1 because both upper
    case and lower case password have 26 combinations, which one character of the password
    would consist 52 combinations. The length of the password is 6. Hence 6 upper case and lower
    case password would have 19770609664 which is ways more than in file2.txt.

    Fourth, the password for the fourth file is 9Akk6Z, the complexity of decrypting the file is
    moderately hard, which is harder than file3. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?u?l?d ?1?1?1?1?1?1
    The lesson learnt from decrypting file4.txt is that the password consisting upper case, lower
    case and integer charactered password are harder to crack compared to file3 because both upper
    case and lower case password have 26 combinations and integer has 10 combinations, which
    one character of the password would consist 62 combinations. The length of the password is 6.
    Hence 6 upper case and lower case password would have 56800235584.
    Fifth, the password for the fifth file is *72@3#, the complexity of decrypting the file is very
    hard, which is harder than file4. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?u?l?d?s ?1?1?1?1?1?1
    The lesson learnt from decrypting file5.txt is that, the password consisting upper case, lower
    case, integer and symbol charactered password are harder to crack compared to file3, because
    both upper case and lower case password has 26 combinations, integer has 10 combinations
    and symbols have 32 combinations, which one character of the password would consist 92
    combinations. The length of the password is 6. Hence 6 upper case and lower case password
    would have 689869781056.

    Sixth, the password for the sixth file is e*o0p8v, the complexity of decrypting the file is very
    hard. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?l?d?s ?1?1?1?1?1?1?1
    The lesson learnt from decrypting file6.txt is that, because lower case password has 26
    combinations, integer has 10 combinations and symbols have 32 combinations, which one
    character of the password would consist of 68 combinations. Hence 7 characters would have
    6.7229888e+12 combinations. Although it doesn’t have Upper case character but only one
    extra character, it will still vastly increase the combinations of password.

    Seventh, the password for the seventh file is &6vy%7B, the complexity of decrypting the file
    is insanely hard, which is harder than file4. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?u?l?d?s ?1?1?1?1?1?1?1
    The lesson learnt from decrypting file7.txt is that The number of combinations of character is
    same as file5.txt but it consists of 7 characters. Hence 7 characters would have 6.4847759e+13
    combinations. Although it has only one extra character it vastly increased the combinations of
    password.

    Eighth, the password for the eighth file is ##66**88, the complexity of decrypting the file is
    moderately easy. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?u?n ?1?1?1?1?1?1?1?1
    The lesson learnt from decrypting file8.txt is that the password consisting only symbols and
    integers are easier to crack because it consists only 10 integers and 32 symbols of combinations
    in 1 character. Hence 8, characters will have 9.682652e+12. This password is easier to crack
    because it has many consecutive repeating characters which make brute-force attack faster to
    crack the password as the separation of each combination is not far away.

    Ninth, the password for the ninth file is unknown, the complexity of decrypting the file is
    insanely hard. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9810 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] -1 ?s?n?l?u ?1?1?1?1?1?1?1?1
    The lesson learnt from decrypting file9.txt is that the password consisting upper case, lower
    case, integer and symbol charactered password are harder to crack because both upper case and
    lower case password have 26 combinations, integer has 10 combinations and symbols have 32
    combinations, which one character of the password would consist 92 combinations. The length
    of the password is 8. Hence 8 upper case and lower case password would have 5.1321887e+15.
    The combinations of one character might be the same as file5.txt but 8 characters further
    increased the combinations of the password which make the Brute-force attack taking a very
    long time to crack.

    Tenth, the password for the tenth file is ADGJMP, the complexity of decrypting the file is
    easy. The code we use for the above instruction is:
    hashcat64.exe -a 3 -m 9600 -w 4 -keep-guessing -O --force -o [destination text file for
    decrypted password] [destination text file of hash code] ?u?u?u?u?u?u
    The lesson learnt from decrypting file10.txt is that, the combinations of password are the same
    as in file2.txt but the encryption method ate different compared to the rest of 9 files as the rest
    of the file has the Microsoft version of year 97–2003, the password protection used 40-bit key
    RC4 which contains multiple vulnerabilities rendering it insecure while file10.txt which used
    Office 2007–2013 which employed 128-bit key AES password protection which remains
    secure. Office 2016 employed 256-bit key AES password protection which also remains secure.
    Hence, the hashcode becomes longer and brute-force attack needs to generate more passwords
    into hash code to match the integrity of the file.

    You might also like