Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Offline Password Cracking

Published byAbner Fowler Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Testing Offline Password Cracking"— Presentation transcript:

1 Penetration Testing Offline Password Cracking
CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou

2 Acknowledgement Content from the book:
“The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”, Second Edition

3 Two Types of Password Cracking
Online password cracking We introduced in ‘Exploiting1.pptx’ Pro: can be conducted without any special access or authorization Con: Generate clear abnormal traffic Password guessing speed is too slow Offline password cracking Pre-requisite: have obtained a password file Pro: very fast speed in password guessing

4 Motivation for Offline Password Cracking
You should already have root privilege, why need to crack user accounts password? Attackers conduct hacking in multiple steps: compromising an easy target first Gain internal access, conduct scanning, and obtain user accounts password file Crack password file to obtain users’ passwords Because many users reuse the same password for most of their accounts, attackers can try the same password to access more important targets

5 Set Up Test Account on Vulnerable WinXP
Set up password for the default account ‘IEUser’ Password is: ‘password’ Create a new account ‘cis6395’ Password is: ‘123abc’

6 Obtain Password Hash from Compromised WinXP
Once compromise a WinXP, run meterpreter on the target Use command “hashdump” to get password file Use MS vulnerability attack as an example

7 Obtain Password Hash from Compromised WinXP
Target WinXP has IP of Use command “hashdump” to get password file Copy and Paste the hash text into a text file ‘password- hash.txt’

8 King of Password Crackers
JtR (John the Ripper): King of Password Crackers Homepage: Basic Procedure of an Offline Password Cracker: While (not found) Guess a plaintext password Generate its hash (according to the hash algorithm for the password file) Check if the hashed value exists in the password Hash file End while JtR: John the Ripper Program ‘john’ is already built in Kali Linux

9 JtR: King of Password Crackers
Edit the password-hash.txt file first, remove any account that we do not care (reduce cracking workload) In Kali Linux, you can use ‘pico’ editor to edit, or any other text editor

10 JtR: King of Password Crackers
Run John to crack the selected accounts John can detect correctly which hash algorithm has been used by the password file You can see that all three accounts have found correct passwords!

11 JtR: King of Password Crackers
An account password may have been split into two parts Some poorly designed hash types have a property that allows John to split their encodings into two separate hashes on load. Once a password is cracked, it will be saved into ‘john.pot’ file under the hidden dir ‘.john’ You can type ‘john –show’ to show cracked password You can remove this ‘john.pot’ to redo password cracking on the same password file

12 Linux Password Cracking
First, we add a user ‘cis6395’ account with simple password ‘lucy’ besides the ‘root’ account Our task is to crack the root password ‘toor’ and the cis6395 password of ‘lucy’

13 Linux Offline Password Cracking
Linux password are in two files: /etc/passwd This file actually does not contain password hash /etc/shadow Actually contains the password hash Can only be read by root privilege Pre-requisite: obtain these two files from a compromised Linux

14 Linux Offline Password Cracking
JtR provide the ‘unshadow’ command to combine /etc/passwd and /etc/shadow together to obtain the normal password hash list You’ll need to run unshadow as root to be able to read the shadow file Edit the hash file to only contain accounts we are interested

15 Linux Password Cracking
Use JtR to crack the password hash list Take about 30 seconds to crack the two accounts of ‘root’ and ‘cis6395’ Cracked hash will be stored under .john hidden dir Use ‘--show’ option to show previously cracked hash

Download ppt "Penetration Testing Offline Password Cracking"

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Customizing Word Microsoft Office Word 2007 Illustrated Complete.

Customizing Word Microsoft Office Word 2007 Illustrated Complete.
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
1 Introducing Windows Backup There are different methods for starting Windows 2000 Backup. Requirements for running Windows 2000 Backup All users can back.

1 Introducing Windows Backup There are different methods for starting Windows 2000 Backup. Requirements for running Windows 2000 Backup All users can back.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
bWAPP – Bee Bug – Installation

bWAPP – Bee Bug – Installation
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
1 Online Textbook Adooptions www.shepherdbook.com.

1 Online Textbook Adooptions
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Guide to Linux Installation and Administration, 2e1 Chapter 7 The Role of the System Administrator.

Guide to Linux Installation and Administration, 2e1 Chapter 7 The Role of the System Administrator.
INTRUDERS BY VISHAKHA RAUT TE COMP 411151. OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.

INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Similar presentations

Ads by Google