1 00:00:00,000 --> 00:00:00,902 2 00:00:00,902 --> 00:00:01,860 ZAMYLA CHAN: All right. 3 00:00:01,860 --> 00:00:04,170 Let's get cracking. 4 00:00:04,170 --> 00:00:07,380 For this walk-through, because this is a more comfortable problem, 5 00:00:07,380 --> 00:00:10,020 I will be going over some of the concepts used 6 00:00:10,020 --> 00:00:13,140 to solve this problem but less so some of the code 7 00:00:13,140 --> 00:00:15,720 that you might use to do it. 8 00:00:15,720 --> 00:00:19,770 Your tasks for this problem are to get the hashed password from the user 9 00:00:19,770 --> 00:00:23,020 and then try to crack that password. 10 00:00:23,020 --> 00:00:26,410 The hashed password will be passed in via a command-line argument. 11 00:00:26,410 --> 00:00:31,530 So make sure to ensure that the user is using your program properly. 12 00:00:31,530 --> 00:00:35,190 If your program is executed without any command-line arguments or, perhaps, 13 00:00:35,190 --> 00:00:37,870 more than one command-line argument, then your program 14 00:00:37,870 --> 00:00:42,390 should print an error of your choice and exit immediately with main returning 15 00:00:42,390 --> 00:00:46,300 one, thereby signifying an error. 16 00:00:46,300 --> 00:00:46,870 All right. 17 00:00:46,870 --> 00:00:51,100 Now that you have the hash, let's try to crack this password. 18 00:00:51,100 --> 00:00:53,120 In order to reasonably solve this problem, 19 00:00:53,120 --> 00:00:55,310 we'll allow you to make several assumptions. 20 00:00:55,310 --> 00:00:57,460 The first of which is that all of these passwords 21 00:00:57,460 --> 00:01:01,460 are hashed with C's DES-based crypt function. 22 00:01:01,460 --> 00:01:03,790 Take a look at the man page for this function. 23 00:01:03,790 --> 00:01:08,314 You'll find that crypt takes in two arguments, key and salt. 24 00:01:08,314 --> 00:01:10,480 And you can find the salt because it's the first two 25 00:01:10,480 --> 00:01:14,050 characters of that hashed password. 26 00:01:14,050 --> 00:01:17,110 Key to solving this problem is remembering that hashing a word 27 00:01:17,110 --> 00:01:20,230 will always return the exact same hash. 28 00:01:20,230 --> 00:01:22,690 The crypt function is deterministic. 29 00:01:22,690 --> 00:01:26,080 So as long as you pass in the same key and salt, 30 00:01:26,080 --> 00:01:30,070 crypt will always return the same hash. 31 00:01:30,070 --> 00:01:32,740 So I want you to try a word. 32 00:01:32,740 --> 00:01:35,440 Hash that try calling the crypt function. 33 00:01:35,440 --> 00:01:39,340 And if those hashes match, then you can assume that you've successfully 34 00:01:39,340 --> 00:01:40,660 cracked the password. 35 00:01:40,660 --> 00:01:44,010 More assumptions that you can make as you're guessing these passwords. 36 00:01:44,010 --> 00:01:47,030 One, that they're no longer than four characters 37 00:01:47,030 --> 00:01:50,650 and that they're composed entirely of alphabetical characters. 38 00:01:50,650 --> 00:01:54,700 So how might you generate the plain text to be hashed? 39 00:01:54,700 --> 00:01:58,000 For the guesses, think of a way to carefully iterate over 40 00:01:58,000 --> 00:02:01,900 every combination of one to four characters where all of the characters 41 00:02:01,900 --> 00:02:05,170 are alphabetic and case sensitive. 42 00:02:05,170 --> 00:02:07,750 Consider an array, perhaps, of five bytes. 43 00:02:07,750 --> 00:02:11,110 And use one to four of those bytes for alphabetical characters 44 00:02:11,110 --> 00:02:15,040 with a trailing backslash 0 to end the string. 45 00:02:15,040 --> 00:02:19,410 And also be sure to left-align the string in the buffer. 46 00:02:19,410 --> 00:02:22,510 Calling crypt on those and checking it against the user 47 00:02:22,510 --> 00:02:28,030 provided hash will, hopefully, get you to crack these passwords. 48 00:02:28,030 --> 00:02:29,380 My name is the Zamyla. 49 00:02:29,380 --> 00:02:32,130 And this was crack. 50 00:02:32,130 --> 00:02:33,483