Information Assurance Day Course

Slides:



Advertisements
Similar presentations
Password Cracking With Rainbow Tables
Advertisements

Password Cracking Lesson 10. Why crack passwords?
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
With a Penetration Tester’s Toolkit.  Background  What to Expect  Topics  Demonstrations.
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.
System Hacking Techniques
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.
Databases and security continued CMSC 461 Michael Wilson.
Windows Vista Security David Kenney Christopher Lange.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 3 – User Authentication.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
Cracking Systems Computer Science Innovations, LLC.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
Introduction to Information Security Network Traversal nirkrako at post.tau.ac.il itamargi at post.tau.ac.il.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
What do you know about password? By Guang Ling Oct. 8 th,
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
System Hacking (Gaining Access) Additions to CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Operating Systems Security
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
The Challenges of Teaching an Interdisciplinary IA Course Rose Shumba Indiana University of Pennsylvania EPASEC 2006.
Understanding Passwords ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Password Cracking, Sniffing and Man-in-the Middle
Authentication and Account Management
Penetration Testing Offline Password Cracking
I have edited and added material.
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
Password Cracking Lesson 10.
IIT Indore © Neminah Hubballi
Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.
CompTIA Security+ Study Guide (SY0-501)
Information Assurance Day Course Man-in-the-middle Attacks
Kiran Subramanyam Password Cracking 1.
Windows Passwords: Everything You Need To Know
Query Optimization CS 157B Ch. 14 Mien Siao.
Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Exercise: Hashing, Password security, And File Integrity
Network Penetration Testing & Defense
Pass-the-Hash.
Hash Function Requirements
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Information Assurance Day Course Cracking Passwords

Outline Introduction The Exercises Passwords & Hashes How do you get them? How can you abuse them? The Exercises Obtaining Hashes LiveCD Exploit Passive Sniffing Cracking Passwords

Introduction – Passwords & Hashes Passwords are used everywhere. The recommended best practice for storing them is to store them as a salted hash. Unix: $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ Windows LM: 855c3697d9979e78ac404c4ba2c66533 Windows NTLM: $NT$7f8fe03093cc84b267b109625f6bbf4b Salts are used to prevent cracking using precomputed hashes (rainbow tables) and bulk cracking. Talk a bit about passwords. Mention length, complexity, and keyspace - length is the best way to increase the keyspace. Explain salts. Windows LM Hashes are super easy to crack, which is why we love them: unsalted, case- insensitive, 14-char max length, split into two 7-char passwords. <3 Most modern Windows boxes still use the LM hashes for backwards compatibility!

Introduction – Obtaining Hashes In order to obtain password hashes, you must know where they are stored and how they are used. Hashes are usually stored locally on disk and are sometimes transmitted over the network. It follows then, that if we can somehow gain access to the disk or sniff some network traffic, we should be able to grab some password hashes.

Introduction – Abusing Hashes You now have some hashes. What can you do with them? Pass the Hash Attack (Windows) Crack them! John the Ripper Ophcrack rcracki

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.