All posts by david

Ashley Madison part 2: Cryptanalysis

Lets look at these password hashes:

$2a$12$6YEtyM93L2EQkHzs/PSP6OKEiW6fS3dSZCozzDrMKhHqRmI6NjS1S
111111Iwillneverdoitagain
$2a$12$3V0bFXAv1b4DT1KHh3uqjumaRYysI.NNpgXlcFEfulNUoBYtBEtTG
111111Iwillneverdoitagain
$2a$12$8b5m318FP10GzXI.mtJyh.L.LFjK5iZMwen9gJ68OrkrSLJrKsq1e
111111Iwillneverdoitagain
$2a$12$XC2CQOA5agBimTPHdvcsKOVgKkDwfjXFPyZjNhCFxhxj0yZS/T9f.
111111Iwillneverdoitagain
$2a$12$4FOWYjeL4AtnSuWqP7.1NeeBejEvwBFI/K3Pjt2r0jg5RhnPF38ja
$2a$12$zK2RRlnbtzm/0X0ZSuMrJ.L8v4KSOGnOuXDtDcPkw.ic6qeV.cg4i

Now when looking at the passwords, I notice that they all start with the marker “$2a$12$”.

This is Linux /etc/shadow notation. Linux keep the passwords in the /etc/shadow file. This file is readable only to root accounts. It contains the password hashes of all users. We call “shadow” because it is a shadow file of the /etc/passwd file. /etc/passwd is world readable, so we obviously don’t want to store our password hashes in this file. When we shadow the password file, /etc/passwd will only store an “x” for the password.

$ sudo cat /etc/passwd
...
david:x:1000:1000:david,,,:/home/david:/bin/bash
...

This contains our username:password (shadowed)

Now if I look at the contents of our shadow file (I changed the salt and hash)

$ sudo cat /etc/shadow
...
david:$1$HSnwkd2ajf$Aadhj20idhjSd8djv9d:16663:0:99999:7:::
...

This contains our username:$algorithm$salt$hashed password, followed by information regarding password changes. In this case, the $1$ means the hash was MD5.

Some other prefixes I found:

$0$ – DES
$2$, $2a$ = Blowfish
$3$ = NT hash
$5$ = SHA-256
$6$ = SHA-512

Back to the marker “$2a$12$” in the database. I know that the passwords were hashed with the Blowfish algorithm. The bcrypt algorithm implements Blowfish, so I’m that was the algorithm the website used to hash password. The $12$ means a cost factor of 12, or 12 rounds of bcrypt.

bcrypt, along with scrypt and PBKDF2 are a family of algorithms for hashing passwords. They are all considered “slow” for a computer to perform in relation to other algorithms like MD5 or SHA, so that if a database is compromised and the hashes revealed to an outsider, any brute force or dictionary attacks will be handicapped.

bcrypt has the advantage of being hard for a GPU to do. GPUs are many times faster at performing hashes then the CPU, so crackers often utilize one or more GPUs in parallel to crack passwords. According to https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage/6415#6415

“Bcrypt happens to heavily rely on accesses to a table which is constantly altered throughout the algorithm execution. This is very fast on a PC, much less so on a GPU, where memory is shared and all cores compete for control of the internal memory bus.”

With that being said, it is unlikely I will be able to crack any passwords from this database.

Another thing I noticed was the repeated password of “111111Iwillneverdoitagain”. I would assume that this is how the website disabled accounts, since it would be extremely difficult to find a string whose hash equals “111111Iwillneverdoitagain”.

Ashley Madison part 1: Getting the database

I downloaded the Ashley Madison database dump.

The dump was available here http://pastie.org/10360347. I downloaded it in an Ubuntu VM for safety precautions.

The files available:

am_am.dump.gz
aminno_member.dump.gz
aminno_member_email.dump.gz
ashleymadisondump.7z
CreditCardTransactions.7z
member_details.dump.gz
member_login.dump.gz

The file member_login.dump is a MySQL database backup. First I installed the database with:

$ sudo apt-get install mysql-server

Start MySQL with

$ mysql -u root -p

Now we need to create a new database and restore from the backup. We’ll go ahead and import member_login.dump and member_details.dump:

$ mysql

> create database AshMad

> use AshMad

$ mysql -u root -p < Downloads/dmps/member_login.dump

$ mysql -u root -p < Downloads/dumps/member_details.dump

And now MySQL will import the database.
Note: Do not use the MySQL source command to import large databases. Source is designed to run a small number of SQL queries, and will take a long time to import a large database.

Let’s explore the imported tables.

mysql> use AshMad;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> show tables;
+------------------+
| Tables_in_AshMad |
+------------------+
| member_login     |
| member_details   |
+------------------+
2 rows in set (0.00 sec)

mysql> show columns from member_login;
+----------+--------------+------+-----+---------+----------------+
| Field    | Type         | Null | Key | Default | Extra          |
+----------+--------------+------+-----+---------+----------------+
| pnum     | int(11)      | NO   | PRI | NULL    | auto_increment |
| username | varchar(28)  | NO   | UNI |         |                |
| password | varchar(128) | NO   |     |         |                |
| loginkey | varchar(36)  | NO   | MUL |         |                |
| notify   | int(4)       | NO   |     | 0       |                |
+----------+--------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)

Now we’re going to dump the password column into a text file for a password cracker. This might take a few minutes, as there are almost 4 million rows.

> select password from member_login into outfile 'ashmadpasswords.txt' lines terminated by '\n';

Now we have the passwords in a .txt document in the file /var/lib/mysql/AshMad/ashmadpasswords.txt;

Lets check the file to see what we have:

$ head -10 /var/lib/mysql/AshMad/ashmadpasswords.txt 
$2a$12$6YEtyM93L2EQkHzs/PSP6OKEiW6fS3dSZCozzDrMKhHqRmI6NjS1S
111111Iwillneverdoitagain
$2a$12$3V0bFXAv1b4DT1KHh3uqjumaRYysI.NNpgXlcFEfulNUoBYtBEtTG
111111Iwillneverdoitagain
$2a$12$8b5m318FP10GzXI.mtJyh.L.LFjK5iZMwen9gJ68OrkrSLJrKsq1e
111111Iwillneverdoitagain
$2a$12$XC2CQOA5agBimTPHdvcsKOVgKkDwfjXFPyZjNhCFxhxj0yZS/T9f.
111111Iwillneverdoitagain
$2a$12$4FOWYjeL4AtnSuWqP7.1NeeBejEvwBFI/K3Pjt2r0jg5RhnPF38ja
$2a$12$zK2RRlnbtzm/0X0ZSuMrJ.L8v4KSOGnOuXDtDcPkw.ic6qeV.cg4i

And that’s it for part 1.