Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Slides:

Advertisements

Similar presentations

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

Advertisements

Password Cracking Lesson 10. Why crack passwords?

Configuring Windows to run Dr.Web scanner remotely.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Chapter 7 HARDENING SERVERS.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Lesson 19: Configuring Windows Firewall

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Windows Security Mechanisms Al Bento - University of Baltimore.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Bezpečnost Windows pro pokročilé: uživatelské účty GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |

CIS 450 – Network Security Chapter 8 – Password Security.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Security Planning and Administrative Delegation Lesson 6.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Windows Vista Security David Kenney Christopher Lange.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Passwords Everywhere GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP:

Windows XP Professional Features ©Richard L. Goldman February 5, 2003.

Mastering Windows Network Forensics and Investigation Chapter 13: Logon and Account Logon Events.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

KeePass Open Source Software James Hadvabne Open Source Software James Hadvabne.

Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.

INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |

Password Cracking By Allison Ramondetta & Christine Giordano.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Ethical Hacking: Hacking GMail. Teaching Hacking.

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

Module 7: Implementing Security Using Group Policy.

Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:

Windows Administration How to protect your computer.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.

Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Windows XP Professional Not Finish Yet

Penetration Testing Exploiting I: Password Cracking

Chapter 6 Application Hardening

Ethical Hacking: Hacking GMail

Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.

Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Designing IIS Security (IIS – Internet Information Service)

Network Penetration Testing & Defense

Bethesda Cybersecurity Club

Presentation transcript:

Ethical Hacking: Defeating Logon Passwords

2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information Technology City College San Francisco City College San Francisco Web: samsclass.info Web: samsclass.info

Teaching Hacking

4 What do Hackers Do? Get into computer systems without valid accounts and passwords Get into computer systems without valid accounts and passwords Open encrypted files without the key Open encrypted files without the key Take over Web servers Take over Web servers Collect passwords from Internet traffic Collect passwords from Internet traffic Take over computers with remote access trojans Take over computers with remote access trojans And much, much more And much, much more

5 Ethical Hackers Ethical Hackers do the same thing criminal hackers do, with one difference Ethical Hackers do the same thing criminal hackers do, with one difference Ethical Hackers have permission from the owner of the machines to hack in Ethical Hackers have permission from the owner of the machines to hack in These "Penetration Tests" reveal security problems so they can be fixed These "Penetration Tests" reveal security problems so they can be fixed

6 Two Hacking Classes CNIT 123: Ethical Hacking and Network Defense Has been taught since Spring 2007 (four times) Face-to-face and Online sections available Fall 2008 CNIT 124: Advanced Ethical Hacking Taught for the first time in Spring 2008

7 Supplemental Materials Projects from recent research Projects from recent research Students get extra credit by attending conferences Students get extra credit by attending conferences

8 Certified Ethical Hacker Those two classes prepare students for CEH Certification Those two classes prepare students for CEH Certification

9 Certificate in Network Security

10 Associate of Science Degree

Windows Passwords

12 Password Hashes Passwords are not stored on Windows computers in plaintext Passwords are not stored on Windows computers in plaintext They are run through one-way mathematical Hash Functions They are run through one-way mathematical Hash Functions

13 Logging On User types in password User types in password Example: fish45 Example: fish45 Windows calculates the hash Windows calculates the hash Example: Example: The hash is compared to the stored password hash The hash is compared to the stored password hash If they match, the user is permitted to log on If they match, the user is permitted to log on

14 LM Hashes Windows breaks the password into two 7-character pieces Windows breaks the password into two 7-character pieces Each section is hashed separately Each section is hashed separately So a long, strong password like So a long, strong password like Alligator1978 Alligator1978 Becomes two short passwords Becomes two short passwords ALLIGAT OR1978 ALLIGAT OR1978

15 Weakness of LM Hashes Each section has only 2 43 possible values Each section has only 2 43 possible values Modern computers can try all those values in just a few minutes Modern computers can try all those values in just a few minutes

16 Ophcrack Live CD – boot from it Live CD – boot from it Completely automatic LM Hash Cracker Completely automatic LM Hash Cracker

Countermeasures

18 Hardening Windows Microsoft has a stronger hashing technique called NTLM Hashes Microsoft has a stronger hashing technique called NTLM Hashes But all versions of Windows before Vista use LM Hashes by default But all versions of Windows before Vista use LM Hashes by default A change in Local Security Policy can eliminate the LM Hashes (see references) A change in Local Security Policy can eliminate the LM Hashes (see references)

Cracking Vista

20 Ultimate Boot CD With this CD, you can create new Administrator accounts on Windows XP, Vista, and Server 2008 With this CD, you can create new Administrator accounts on Windows XP, Vista, and Server 2008 It does not reveal existing passwords It does not reveal existing passwords

21 References Wikipedia: LM Hashes Wikipedia: LM Hashes Ophcrack LiveCD Ophcrack LiveCD Ultimate Boot CD Ultimate Boot CD Turning off LM Hashes Turning off LM Hashes Last modified Last modified