Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Password Cracking Lesson 10. Why crack passwords?
The Cain Tool Presented by: Sagar Chivate CS 685F.
Chapter One The Essence of UNIX.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Tom Parker Project Manager Identity Management Team IT Security Group.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Lecture 18 HACKING (CONTINUED). WHY DO PEOPLE HACK ?  JUST FOR FUN.  SHOW OF THEIR KNOWLEDGE.  HACK OTHER SYSTEM SECRETLY.  DESTROY ENEMY’S COMPUTER.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Module 1: Installing Internet Information Services 5.0.
Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Practical Lecture 1 Dr. John P. Abraham Professor UTPA.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.
Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges.
The Microsoft Baseline Security Analyzer A practical look….
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Lesson 34: Web Site Publishing and Maintenance. Objectives Perform site testing Use a staging/mockup server to test a site Compare in-house Web site hosting.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Lesson 1-Logging On to the System. Overview Importance of UNIX/Linux. Logging on to the system.
Windows NT 4.0. NT Architecture Executive Services I/O Manager –cache manager –file systems –network drivers –device drivers Object Manager Security.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
CHAPTER 9 Sniffing.
Kickstart Installation
Password Cracking By Allison Ramondetta & Christine Giordano.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Server-side Programming The combination of –HTML –JavaScript –DOM is sometimes referred to as Dynamic HTML (DHTML) Web pages that include scripting are.
Retina Network Security Scanner
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Backdoor Programs Trisha Arocena. 2 types 1.Backdoor programs as administrative application tools 2. Backdoor programs as viruses.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
CSCE 201 Identification and Authentication Fall 2015.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
Understanding Security Policies Lesson 3. Objectives.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Understanding Security Policies
File Transfer Protocol
IS 4506 Server Configuration (HTTP Server)
Intrusion.
6. Application Software Security
Sending data to EUROSTAT using STATEL and STADIUM web client
IS 4506 Configuring the FTP Service
Presentation transcript:

Exploit: Password Cracking

An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password

Introduction System vulnerabilities with passwords  Strong passwords Vs Weak Examples of vulnerabilities  Applications  FTP, HTTP, Telnet Password Cracking Tools  Tools in Common  Brutus Password Cracker

Experiment on Password Cracking Platform : Windows. Setting up of machines with services  Target Machine (Server)  Client

Setting up of Machines DHCP/Switch Client FTP-Serv-U Brutus Ethereal (Word List) (Word List) (BruteForce) (BruteForce)

About Brutus Password Cracker: Supported Applications  Telnet, FTP, HTTP Methods used to engage with Remote machine  Word List  Combo  BruteForce

A Quick Look On Brutus Password Cracker

Engaging Remote Machine Using “Word List” The Method: -Creates many number of combinations of Possible System passwords from two separate files“users” and “word”. - Engages remote machine enter word after word, at high speed, until a match is found.

Engaging Remote Machine using “Word List” Sample Entries for File “users” statler waldorf admin administrator Sample Entries for File “word” aaa abc123 academia academic

Engaging Remote FTP Server Using “Word List”

“Word List”: A Failed attempt

Sample Trace for the Method - “Word List”

Engaging Remote Server using “Combo” The Method: - Similar to “Word List” - Uses “combo” file to generate combinations passwords for each users of the remote system. - Uncertain; Needs more guessing Sample “combo” file Entries  admin:admin1  admin:admin12  admin:admin123

Engaging Remote Server using “BruteForce” The Method: -Guaranteed to some extent -Relies purely on power and repetition -Need very high processing speed - Produces many number of passwords for a particular user using permutations and combinations -May take months years to crack the password

Examples of Generated passwords: aaa, aab, aac... aaA, aaB, aaC... aa0, aa1, aa2, aa3... aba, aca, ada.. Each of the combinations of characters and symbols is fed through the appropriate cryptographic algorithm and compared to the stored password until a match is found.

Engaging Remote Machine Using “BruteForce” A sample display on initial settings just before engaging.

Engaging Remote Machine Using “BruteForce” A sample display on initial settings just before engaging.

Engaging Remote Machine Using “BruteForce” Sample display on cracked password

Questions? Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.