CS 473
Table of Contents
1) Project Title
2) Abstract
3) Explanation
4) Architecture
a. Conceptual Diagram
b. Interaction between Concepts
5) List of Deliverables and Milestones
6) Tools and Technologies
7) Team
CS 473
1) Project Title:
Online Systems Password Hacking
2) Abstract:
An online system password hacking program, which will be using brute force
technique. The program will be able to run in a distributed way on many machines at the
same time (unique password tries in all machines collectively). Also the program will
save its state at regular intervals so that it can start running again from where it left last
time (killed by someone or intentionally stopped). Also make use of probability to first
make combinations that are most likely to be selected as a password.
Program should be independent of site to be hack. Like for example if I want to
hack the password of www.yahoo.com or www.hotmail.com there should be no change in
the logic of program but only few changes in a configuration file (XML file).
The program should accomplish it task in reasonable amount of time (like within
a week).
The program will demonstrate to actually hack the password of any well known
system for example hotmail, yahoo or LUMS registration system.
3) Explanation:
1) XML based Configuration
XML based text file with a define DTD so that user can configure the
password hacking program. Following is the rules that DTD will define in
structured way.
Will have URL of the site to hack password
Will have the FAILUREKEY that occur in an html page if password fails
Will suggest a set of predefined combinations which will have highest
priority (to try as a candidate password). For example one login name,
root, super user, password etc.
Will specify set of valid characters (alphabets, numbers, special characters
etc) which will combine in different permutation to make a candidate
password.
The XML file will able user to add probability against every valid
characters. For example A with probability 0.2 etc. The value of
probability will start from 0 and will mostly be LESS then 1 (as we can
not mostly say with 100% surety that some character will be part of
password. Unless we have observed one entering his password).
One can also be able to specify probability against many valid characters
instead of specifying it against every other character. This is named as a
group probability.
CS 473
2) Sate Of program:
The program will have current state that will be an indication of the all the
combination it has tried so far (and what is left behind).
3) Save and retrieve State
The state of program is saved after regular intervals so that if someone stop
the program (or kill it) and run it later it will start from the last saved state.
4) Probability Calculation
The will use probability to first make combination (from valid character set)
which have higher probability.
5) Failure Key
The failure key (some words/sentence) is the key to identify the html page
(response after a password try) when password is wrong. If an html response
page does not have a failure key then it mean a success and password is
hacked.
6) Distributed and parallel running
The program will be able to run in distributed way on many machine so that
power of many machines can be used for computing password, in less time.
To distribute program one has to make changes in the configuration file so
that unique combination (of candidate password) can be try on different
machines.
CS 473
4) Architecture:
a. Conceptual Diagram:
The following Conceptual diagram show different concepts and there
interaction with the XML configuration file as state storage. Usually we do not
show interaction of data storage in conceptual diagram but here this is added so
that one can get better understanding of the whole process.
PasswordGenerator
PasswordHacker
1
1
State
StatePersistent
Configuration
1
1
HTMLParser
1
FailureKey
ConfigurationLoader
1
State
Storage
1
1
ProbabilityCalculator
XMLReader
XML
Configuration
File
b. Concept Interactions:
The PasswordHacker Concept will be the main Concept (which will be
the starting concept). That Concept will first load the state of program by calling a
function in State Concept. If this hacking program is executed before then that
saved state is retrieve from storage system otherwise it will start from default null
state (starting state).
The PasswordHacker concept then called PasswordGenerator which
see if the Configuration is already in the memory. If Configuration is not in
the memory then ConfigurationLoader will load the configuration in the static
Configuration concept (memory). The PasswordGerator then (using
Configuration Concept and ProbablityCalculator Concept) finds next valid
Password to try. This candidate password is returned to the PasswordHacker.
CS 473
Milestone
Define Document Type Definition
(DTD):
For the configuration of the program one
has to come up with a detailed DTD that
full fill all requirements specified above.
2.
3.
Deliverable
DTD document (with
a sample XML) by
email as well a hard
copy.
Expected
30/12/2002
12/01/2002
15/01/2002
A working model is
shown.
25/01/2002
CS 473
01/02/2002
Java
Network programming in Java
Threads (in Java)
HTML and Java Script
Rational Rose and UML
MS Access
JDBC
XML
DOM XML Parser
7) Team:
Faisal Aslam
2002-03-0006