Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Cracking 101 Jamie Maguire Thank you all for coming

Published byMyles Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "Password Cracking 101 Jamie Maguire Thank you all for coming"— Presentation transcript:

1 Password Cracking 101 Jamie Maguire Thank you all for coming
Today we are going to talk about cracking passwords. I’m going to try to condense everything I’ve learned about password cracking over the past year or so into a 30 minute presentation. Which I had a hard time doing We won’t be able to touch on everything, but I hope that everyone will be able to get something out of this. Jamie Maguire

2 Password Cracking 101 How, what and why of password cracking
Recovering hashed passwords Tools How to protect your passwords

3 *OBLIGATORY LEGAL WARNING*
We are going to talk about how to crack passwords, and we’re going to see what that looks like Neither myself, nor High Point Networks accepts any responsibility for any passwords you choose to crack. This is intended to be educational. Begin Brute forcing demo

4 Why? Pentesting Domain admins Protecting personal accounts
Why would we want to know how to crack passwords?

5

6 What is a hashed Password?
Hashes are a one-way mathematical function performed against a cleartext value Easy to generate hard to reverse When logging in, the password is hashed, and compared to the stored value.

7 Recovering hashed passwords
On the personal side Yahoo – 3 billion accounts Myspace – 359 mil accounts LinkedIn – 164 mil accounts Adobe – 152 mil accounts DropBox – 68 mil accounts On the enterprise side IPMI devices Miscellaneous config backups Other network appliances (unitrends) Windows endpoints Dumping passwords on windows with Metasploit:

8 IPMI version 2 Devices Baseboard Management Controllers HP iLo
Dell iDrac Supermicro Intelligent Management

9 Miscellaneous Backups

10 Unitrends

11 Windows Devices Powershell script: Out-Minidump.ps1
Metasploit: hashdump command Dumping passwords on windows with Metasploit:

12 What is Cracking? “Cracking” a password is really: Guessing a password, hashing it, and comparing it to the hash of the password we are trying to crack.

13 8be3c943b1609fffbfc51aad666d0a04adf83c9d
What is Cracking? Target: Guesses: Password001 7cbfa25a0ba328ee7c8058e62dcdbedf8544f293 Password 8be3c943b1609fffbfc51aad666d0a04adf83c9d Password1 70ccd d6d81dd3b b9cf9a97ea00 Password01 C464af cbd6493c df531 Password001 7cbfa25a0ba328ee7c8058e62dcdbedf8544f293 This may sound like a lot of work, but modern computers can do this rapidly.

14 Different types of Hashes
Strong Hashes: Weak Hashes: Bcrypt Scrypt SHA-256 SHA-512 MD5 SHA-1 Be aware that there are different types of hashing algorithms. If you are designing an application that uses authentication or stores credentials think about how you are hashing them.

15 Tools for Cracking Software: Hardware: HashCat John The Ripper
L0phtcrack Hardware: A PC with a decent video card(s)

16 Why GPU Cracking Traditional Desktop CPU may have 4 or 8 cores
GPU’s have hundreds of cores In our case my GPU’s have 1344 cores per card This is especially important for what's called Parallel Computation. Which is just really just doing A LOT of similar tasks at once

17 Hashcat Hashcat claims to be the fastest password recovery tool
Supports GPU cracking Open Source (free) Preinstalled on Kali Linux

18 Mask attacks If we were trying to brute force attack “Jamie1989”
9 characters, could be uppercase, lowercase or numbers 62 possible characters and 9 total characters in the password 62^9 = combinations Four years to crack at 100M/s** In a mask attack, we attempt to guess the pattern Upper and lower character, four lowercase characters and four digits. 52*26*26*26*26*10*10*10*10 = combinations 40 minutes to crack at 100M/s**

19 Wordlist attacks Wordlist attacks are effective against passwords based on words Common wordlists available are made up of passwords from previous breaches Rockyou – preinstalled on Kali Linux Crackstation Custom wordlists can be created with CeWL Location based wordlists can be created with Wordsmith Rockyou comes with Kali Crackstation is 14.6 GB

20 Wordlist attacks with rules
Wordlist can be modified using “rules” Using rules, we can simulate common character substitutions For example: “notepad” becomes “password” becomes or “pa$$w0rd”, “matthew” becomes “ma77h3w” and so on.

21 LinkedIn Data Breach 164 million addresses and hashed passwords exposed Copies still hosted online, relatively easy to find Data from 2012 but was released publicly in 2016 Move into demo

22 How to Protect yourself
Check yourself: haveibeenpwnd.com Search data breaches for your Use 2FA wherever possible: twofactorauth.org Check sites that support MFA Move from Passwords to Passphrases Consider a password manager

23 Tips for creating passphrases
The space bar is a special character 15 characters is a good start Keep using special characters

24 LastPass

25 How to Protect your environment
Again, check yourself: haveibeenpwnd.com Check data breaches for domain records Consider 2FA on External Services (VPN, OWA, etc) Consider Enterprise Password Management Move from Passwords to Passphrases Review your password policy

26 Microsoft LAPS The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers.

27 Check passwords against wordlists
nFront Password Filter Microsoft/Forefront Identity Manager AD SelfService Plus

28 Password Guidance Microsoft:
Eliminate mandatory periodic password resets for user accounts Ban common passwords, to keep the most vulnerable passwords out of your system Educate your users not to re-use their password for non-work- related purposes Enforce registration for multi-factor authentication

29 Password Guidance National Cyber Security Centre (UK)
Use technical solutions to reduce password burden Steer users away from predictable passwords Only change passwords on suspicion of compromise Ban common or compromised passwords

30 Password Guidance NIST SP 800-63: All Characters should be accepted
Do away with password hints Use password managers Do not impose composition rules Compare prospective passwords against a list of known passwords

31

32 Questions?

Download ppt "Password Cracking 101 Jamie Maguire Thank you all for coming"

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Www.durham.ac.uk/cmp Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.

Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.

Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
NetTech Solutions Supporting Local Users and Groups Lesson Three.

NetTech Solutions Supporting Local Users and Groups Lesson Three.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Similar presentations

Ads by Google