Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.

Published byJemima Delilah Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder."— Presentation transcript:

1 MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder

2 Password Security Password security is important. Users Weak and/or reused passwords Developers and Admins Choose insecure storage algorithms. Mighty Cracker Show real world impact of poor password security.

3 OVERVIEW We made a hash cracker. Passwords are stored as hashes to protect them from intruders. Our program uses several methods to ‘crack’ those hashes. Networking Spread work to multiple machines. Cross Platform

4 OTHER HASH CRACKING PRODUCTS Hashcat Cain and Abel John the Ripper THC-Hydra Ophcrack Network support is rare.

5 WHAT IS HASHING A way to encode a password to help protect it. A mathematical one-way function. MD5 hash cf4ff726403b8a992fd43e09dd7b5717 SHA-256 hash 951e689364c979cc3aa17e6b0022ce6e4d0e3200d1c22dd68492c172241e0623

6 SUPPORTED HASHING ALGORITHMS Current Algorithms MD5 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512

7 WAYS TO CRACK Cracking Modes Single User Network Mode Methods of Cracking: Brute Force Dictionary Rainbow Table GUI or Console

8 BRUTE FORCE Systematically checking all possible keys until the correct one is found. Worst case this would transverse the entire search space. Slowest but will always find the solution if given enough time.

9 DICTIONARY ATTACK List of common passwords from leaks/hacks. Many people choose common passwords Written works of Shakespeare ~66,000 words Oxford English Dictionary ~290,000 words Small dictionary = 900,000 words Medium dictionary = 14 million words Large dictionary = 1.2 billion words

10 RAINBOW TABLE Can’t store all possible hash/key combinations. 16 character key = 10^40th combinations 10^50th atoms on earth Rainbow tables Reduced storage. More computation. Storage can still be immense. Far faster than other methods.

11 RAINBOW TABLE (HOW IT WORKS) Tables are generated by repeated use of hash and reduce functions.

12 RAINBOW TABLE (HOW IT WORKS) Store only the initial key and final hash of each row. Middle part is easily reproducible. Storage requirements divided by the width of the table.

13 GUI DEMO

14 *^n1gh7^m4r3^*[*123*] Stolen in 2009 data breach Don’t reuse passwords.

15 DEVELOPMENT Requires Python 2.7.X GUI Requires wxPython Pycharm Linux, OSX 10.6+, Windows 7+ Git

16 WHY USE PYTHON? ♥ People love Python ♥ Easy to learn the basics and get going. Something new compared to what we have learned. C/C++, Java, C#, Haskell, OCaml, MySQL, Perl

17 CHALLENGES Global Interpreter Lock (GIL) in Python Threads Run Serially, Not in Parallel Caused many issues for networking Solution was Python’s multiprocessing library Pickling wxPython objects are not pickleable

18 CHALLENGES CONTINUED Windows support manager conflicts fork vs. spawn processes pickling issues Graphics Library Tkinter - can’t handle complicated layouts Solution was wxPython library Everyone knows “a little” python In-depth help was hard to find

19 FUTURE PLANS Crash recovery “Pause” ability GPU Support Real-time Client Monitoring System for Server Re-Implement in C++ More algorithms LM (Windows ME and before) NTLM (Windows XP → 8.1)

20 DEFEATING THE MIGHTY CRACKER Strong storage algorithms bcrypt, scrypt Use long (12+ character) random passwords Don’t reuse passwords Two factor authentication Password manager KeyFree, LastPass

21 Thank You Ruben Gamboa Jim Ward StackOverflow The Internet

22 QUESTIONS?

23 References GRC’s Password Haystack - https://www.grc.com/haystack.htm "Rainbow table1" by Dake - Dake. Licensed under CC BY-SA 2.5 via Wikimedia Commons - https://commons.wikimedia.org/wiki/File:Rainbow_table1.svg#/media/File:Rainbow_table1.sv g http://media.idownloadblog.com/wp-content/uploads/2013/06/OS-X-Mavericks-logo-full- size.jpg http://th03.deviantart.net/fs70/PRE/f/2012/312/7/3/microsoft___windows_8_logo_by_n_studi os_2-d5keldy.png https://thinkboxly.files.wordpress.com/2012/04/linux_logo.png http://astroleaks.lamost.org/wp-content/uploads/2012/03/Logo_Python.png http://blog.jetbrains.com/wp-content/uploads/2014/02/pycharm_logo_square.jpg

Download ppt "MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder."

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
The Cain Tool Presented by: Sagar Chivate CS 685F.

The Cain Tool Presented by: Sagar Chivate CS 685F.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.

(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.

Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Similar presentations

Ads by Google