Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.

Slides:

Advertisements

Similar presentations

Module XVII Novell Hacking

Advertisements

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Password Cracking Lesson 10. Why crack passwords?

The Cain Tool Presented by: Sagar Chivate CS 685F.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Section 3.2: Operating Systems Security

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Chapter 3 Passwords Principals Authenticate to systems.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Passwords, Encryption Forensic Tools

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

GROUP POLICY An overview of Microsoft Windows Group Policy.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.

CIS 450 – Network Security Chapter 8 – Password Security.

Lecture 11: Strong Passwords

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Hiding Data in “Plain Sight” Computer Forensics BACS 371.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.

Exercises Information Security Course Eric Laermans – Tom Dhaene.

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

Password Cracking By Allison Ramondetta & Christine Giordano.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Presented by Sharan Dhanala

Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.

King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

CSCE 201 Identification and Authentication Fall 2015.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

Best ways to Hack Facebook Account Now a days Facebook becomes the number 1 social networking portal that touches every one’s life. People are now a days.

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Understanding Security Policies Lesson 3. Objectives.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

Penetration Testing Exploiting I: Password Cracking

Understanding Security Policies

COEN 252 Computer Forensics

I have edited and added material.

Chapter 5 : Designing Windows Server-Level Security Processes

Windows Remembers Where is this information stored?

Password Cracking Lesson 10.

Attack Examples : DOS, Social Engineering

Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-

Lesson 16-Windows NT Security Issues

Security and File Permission

Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Computer Security Protection in general purpose Operating Systems

Presentation transcript:

Password Cracking COEN 252 Computer Forensics

Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords frequently use SSN, names of boyfriend, girlfriend, dog, sled, …

Dictionary Attacks Passwords need to be memorizable. Most Passwords based on actual words. Dictionary attacks uses a dictionary: Try all words in dictionary. Try all words in dictionary with slight changes. Typically very fast.

Brute Force Just try out all combinations possibilities for a UNIX password. But only if all letters are equally likely. Not feasible on a single machine. But possibly in a P2P system. Using technology.

Keystroke logging / sniffing Surveillance of suspect can yield passwords. Keystroke loggers can be set up to automatically reveal typed in passwords. Same for network sniffers.

Default Passwords Many applications come with a default password. VMS used to have a default super-user password. Often, the default password is the same as the default user name. In principle, the sys-ad changes the default password. Recently, applications are no longer shipped with default passwords.

Bios Password Stored in CMOS Remove power from CMOS and CMOS is reset. Looses valuable forensic data such as the system clock. Some BIOS can be programmatically cleaned. Looses valuable forensic data such as the system clock.

Windows 9x Windows 9x stores the login password in.pwl file in the c:\windows directory in encrypted form. Obtain the password from the file. Use an offline password cracker that attacks the weak encryption.

Windows 9x Windows screen saver password is stored in user.dat file in c:\windows. Password is in simple ASCII encryption. The screen saver password is very often the system password.

Windows NT and up Unix Only hash of password is stored. Computationally impossible to calculate password from the hash. Can use the hash for a dictionary or brute force attack.

Windows NT and Up Some applications need administrator’s password Passwords are stored in a protected area of the registry Local Security Authority Can be dumped

Various Applications Some applications store the password in clear text in a hidden location. Registry in Windows. Some file attached to the application. Or using easily breakable encryption of password in known place.

Multiple Passwords Since few users can remember many passwords, any password for a given application might also unlock other passwords.