Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9

Slides:

Advertisements

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Advertisements

The Cain Tool Presented by: Sagar Chivate CS 685F.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Section 3.2: Operating Systems Security

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

MIS Week 13 Site:

Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.

Windows Security and Rootkits Mike Willard January 2007.

Chapter 2 Accessing Your System and the Common Desktop Environment.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Week 5-1 Week 5: System Hacking Administrator Password Guessing.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Linux Security.

CSE 461 INTEGRITY CHECKING AND HASHING. JOKE: TELNET.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

CIS 450 – Network Security Chapter 8 – Password Security.

ECE Internetwork Security 1 Password Cracking, Sniffing and Man-in-the Middle Agenda  Storing Passwords on the system  Password Cracking on Windows.

CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Collaborate on Documents Microsoft Word Introduction Word 2010 makes it easy for groups of people to edit one document. You can easily edit documents.

Linux Administration. Pre-Install Different distributions –Redhat, Caldera, mandrake, SuSE, FreeBSD Redhat Server Install –Check HCL –Significant issues.

TenBox Technologies Small software company specializing in server PDF solutions Located in Portland, Oregon

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Introduction to Information Security Network Traversal nirkrako at post.tau.ac.il itamargi at post.tau.ac.il.

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets.

Penetration Testing 101 (Boot-camp)

Chapter 4 Hacking Windows Part 2. Authenticated Attacks Privilege Escalation Pilfering –Grabbing the Password Hashes –Cracking Passwords –LSADump –Previous.

Searching and Sorting. Why Use Data Files? There are many cases where the input to the program may come from a data file.Using data files in your programs.

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

Chapter 6: Using The Windows Performance and Reliability Monitor.

TCOM Information Assurance Management System Hacking.

Lecture 5 User Authentication modified from slides of Lawrie Brown.

Securing the Linux Operating System Erik P. Friebolin.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS7: Security 7.4. Lab Manual.

Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

System Hacking (Gaining Access) Additions to CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Module 4 Password Cracking

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

Encryption Techniques. The table below shows what DES (Data Encryption Standard ) key sizes are needed to protect data from attackers with different time.

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Understanding Passwords ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.

Hacking Windows.

Password Cracking, Sniffing and Man-in-the Middle

Penetration Testing Offline Password Cracking

I have edited and added material.

Password Cracking Lesson 10.

IS3440 Linux Security Unit 3 User Account Management

Chapter 1: Introduction

Presentation transcript:

Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9 Vicky

Introduction “Password” is the key

About the password One-way hash Brute-Force Plain Text WZYxAM$5IGD3yl

Where is the password ? Shadow Password Solaris DES from /etc/passwd Mandrake DES from /etc/shadow FreeBSD MD5 from /etc/shadow OpenBSD Blowfish from /etc/master.passwd Windows 2000 from \WINNT\repair\SAM Encrypted Password

Start to Cracking John the Ripper Pwdump2 Pwdump3 L0phtCrack SMBGrind Nbaudit

John the Ripper Get the file Uncompress make

Benchmark

Start to cracking

Pwdump Grab a text version of the SAM Task Monitor Find out PID Get the hashs Grab a text version of the SAM Usage

Pwdump3 Pwdump2+remote access Usage

L0phtCrack Pwdump + Brute-Force Cracking

Removing the LanMan Hash Why… LanMan 69^7 MD4 96^8 How to… LaMan MD4 LaMan LaMan

Lasdump Dump the password from memory No cracking

SMBGrind

Nbaudit SMBGrind+ Scan address range Specify put file Usage

Windows may be more security Run secpol.msc

Summary: Strong password 好膽！賣走 long a-z numbers !@#$%^& A-Z