DOCSLIB.ORG

Passwords Topics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CIT 480: Securing Computer Systems Passwords Topics 1. Password Systems 2. Threat Models: Online, Offline, Side Channel 3. Storing Passwords: Hashing and Salting 4. Examples: UNIX, Windows, Kerberos 5. Password Selection 6. Graphical Passwords 7. One-Time Passwords Authentication System A: set of authentication information – information used by entities to prove identity C: set of complementary information – information stored by system to validate A F: set of complementation functions f : A → C – generate C from A L: set of authentication functions l: A × C→{T,F} – verify identity S: set of selection functions – enable entity to create or alter A or C Password System Example Authenticate with 8-character alphanumeric password. System compares against stored cleartext password. A = [A-Za-z0-9]{8} C = A F = { I } L = { = } Security problem: a threat who gains access to password file knows password for every user. Password Storage Solution: We should store complementary information instead of passwords, so threat doesn’t get every password by stealing one file. Idea #1: Encrypt passwords. – Encrypt passwords with secret key. – Store ciphertext. – Problem: what if attacker finds secret key? Idea #2: Hash passwords. – Store hash value of password. – No Problem: hashes can’t be turned back into passwords. Password System Example #2 Authenticate with 8-character alphanumeric password. System compares with stored MD5 hash of password. A = [A-Za-z0-9]{8} C = 128-bit numbers F = { MD5 } L = { MD5(a)=c } Password Leaks are Common Threat Models 1. Online Attacks – Threat has access to login user interface. – Attack is attempts to guess passwords using the user interface. Slow but always possible. 2. Offline Attacks – Threat has access to hashed passwords. – Attack is to guess words, hash words, then compare with hashed passwords. Fast but needs hashes first. 3. Side Channel Attacks – Threat has access to account management UI. – Attack by using password reset or update functionality. Online Password Cracking Offline Password Cracking Password word = Next dictionary word dictionary wordhash = Hash(word) Usernames for each (username, hash) word == hash + Hashed hash False Passwords True Store(usernames, word) Side-Channel Attacks Web sites will e-mail you password if you answer a simple “secret” question: – What is your favorite color? – What is your pet’s name? – What is your mother’s maiden name? Violation of fail-safe defaults – Failover to less secure protocol. – How many favorite colors exist? Cracking Methods 1. List of candidate passwords 2. Permutation rules – Append or prepend symbols or numbers – Substitute numbers/symbols for letters – Change case, pluralize, reverse words, character shifts, joining words 3. Brute force – Try all possible passwords in length range – Only feasible for offline cracking of passwords less than 10 characters long. Cracking Tools Online Tools – Hydra – Medusa – NSE brute force scripts – Brutus (Windows) Offline Tools – John the Ripper – oclHashcat (GPU) – Cain and Abel (Windows) – Ophcrack (rainbow table) Parallel Cracking This $12,000 computer, dubbed Project Erebus v2.5 by creator d3ad0ne, contains eight AMD Radeon HD7970 GPU cards. Running oclHashcat, it requires just 12 hours to brute force all 8 char passwords. Brute Force Attack Performance http://blog.erratasec.com/2012/06/linkedin-vs-password-cracking.html Countering Password Guessing Choose A, C, and F to select suitably low probability P(T) of guessing in time T. – Improve A with longer, complex passwords. – Improve C + F by choosing better hash algorithm. – Require users to change password after T. P(T) >= TG / N – G is number of guesses per time unit T. – T is number of time units in attack. – N is number of possible passwords. Example Password Length Calc Password System – 96 allowable characters for passwords. – Attackers can guess 106 passwords/second. – Users must change passwords each year, so we want probability of a successful guess to be no more than 50% in a year. To find minimum password length, we start by – Finding number of passwords needed (N). – N = Σ96i, where i ranges from 1 to length of password p – N = 96 + 962 + 963 + … + 96p – Each term in series is almost 100X as big as previous terms, so we can let N=96p with an error of only about 1%. Example Password Length Calc Solve P(T) >= TG / N for N N >= TG/P Known values P(T) = 0.5 G = 107 passwords/second. T = 365 days = 365 days x 24 hours/day x 60 min/hour x 60 sec/min = 31,536,000 seconds Solve N >= TG/P – N >= 31,536,000 x 107 ÷ 0.5 – 96p >= 6.31 x 1014 14 – p >= log96(6.31 x 10 ) = 7.47 – We must round up to meet the security requirements, which means – The minimum password length for the system is 8 characters. Password Aging Requirement that password be changed after a period of time or after an event has occurred If expected time to guess is 180 days, should change password more frequently than 180 days 1. If change time too short, users have difficulty recalling passwords. 2. Cannot allow users to change password to current one. 3. Also prevent users from changing passwords too soon. 4. Give notice of impending password change requirement. Rainbow Tables We can speedup cracking by using a hash table – Dictionary of passwords with associated hashes. – Contains passwords from char set within length range. Problem: hash tables require huge storage space. Solution: Rainbow table algorithm reduces storage. – MD5 table of lc + numeric passwords <= 9 needs 80GB. – Adding uc + symbols would increase size to about 10TB. – Success rate around 99.9% (some passwords missing.) Salts Add random, public data to password to create key. Any word may be hashed in 2n possible ways: – Your password always uses same n-bit salt. – Someone else with same password a probably has different salt, and thus different c = f(a). – Multiplies size of rainbow table by 2n. – Doesn’t significantly slow down other cracking techniques. Classic UNIX crypt hashes had a 12-bit salt: – Number of possible keys increased to 266 – Rainbow table needs to be 4096 times bigger due to salt. Password Storage and Use Classic UNIX Passwords Passwords are up to 8 ASCII characters – A contains 6.9 x 1016 possible passwords. – C contains crypt hashes with 12-bit salts, strings of length 13 chosen from alphabet of 64 characters, 3.0 x 1023 strings. – Hashes stored publicly in /etc/passwd. Modern Format – A is unlimited, as there is no maximum length. – C contains 512-bit hash values + 128-bit salt. – Hashes stored in /etc/shadow. Modern Storage: Iterated Hash + Salt Password security basics – Hashes prevent direct access to cleartext passwords. – Salts make rainbow tables too expensive to use. How can we make cracking too expensive? Solution: slower hashing via – Use slower hash algorithms. – Run the hash function multiple times, passing output of one iteration as input to next. Modern Hashing Schemes SHA512crypt (Linux, Mac OS X) – Unlimited password length. – 5000 iterations of SHA-512 hash function. – 16 character salt. Bcrypt (OpenBSD, 55 chars, 128-bit salt) – Based on modified (slower) Blowfish encryption algorithm. – Configurable iteration count for hashing. – Increases cost of guessing on a per-account basis. PBKDF2 (Password-Based Key Derivation Function 2) (.NET) – Framework with configurable hash, iterations, salt. Scrypt – Sequential, memory-hard hashing algorithm. – Defense against specialized hardware (GPUs, ASICs, FPGAs) Windows Passwords Storage – %systemroot%\system32\config\sam – Locked while OS running so other programs can’t open. Retrieval – Boot system with Ophcrack or Kon-boot USB drive. – Tool will copy SAM to USB drive for cracking. Format – Classic: LAN Manager (LM) Hash – Modern: NTLM (MD4) Hash – Many systems use both for backwards compatibility. Windows LM Hash Algorithm 1. Password fitted to 14 character length by truncating or padding with 0s. 2. Password converted to upper case. 3. Password divided into two 7-byte halves. 4. Each half used as DES key to encrypt same 8-byte constant. 5. Resultant strings merged to form a 16-byte hash value. Windows LM Hash Problems The Problems 1. Last 8 bytes of c known if password < 7 chars. 2. Conversion to upper case reduces character set. 3. Two 7-character passwords are much, much easier to crack than a 14-character password. Let’s say there are only 10 allowed chars, 0-9, then 14 chars: 1014 = 100,000,000,000,000 possible passwords 7 chars: 107 = 10,000,000 possible passwords Worse, it’s possible to build a rainbow table of all LM passwords since there’s no salt and adversary only needs a table of passwords up to 7 chars long. NTLM Passwords NTLM is a replacement for LM hashes. – LM authentication disabled by default as of Windows Server 2008 (and Vista on desktop.) NTLM Hash Algorithm – Convert password to Unicode. – Hash with MD4 Algorithm. NTLM Security Problems – No salt. – Passwords cached on client. – Pass-the-hash vulnerabilities. Obtaining Hashed Passwords Physical Attacks – Reboot system with Kali Linux USB drive. – UNIX: cp /etc/{passwd,shadow} – Windows: Run bkhive to obtain bootkey. – Windows: Run samdump2 to decrypt & copy SAM. Network Attacks – Compromise network service with exploitation framework like Metasploit to run Meterpreter. – Use Meterpreter’s hashdump command. Kerberos Kerberos is a challenge/response protocol – Passwords are never sent over network. – Passwords are never stored on client. – Users authenticate via tickets, not passwords or hashes. Open standard based on symmetric cryptography – Created by MIT for internal use. – Open source and commercial versions exist. – Microsoft Active Directory = Kerberos + LDAP. Password storage – Multiple allowed hashing techniques. Random Password Selection Yields equal distribution of passwords for maximum difficulty in cracking. Random passwords aren’t easy to remember – Short term memory holds 7 +/- 2 items – People have multiple passwords – Principle of Psychological Acceptability Requires a secure PRNG to be effective.
Recommended publications
  • Automating Security Checks

    Automating Security Checks

    Mag. iur. Dr. techn. Michael Sonntag Automating security checks Institute for Information Processing and Microprocessor Technology (FIM) Johannes Kepler University Linz, Austria E-Mail: [email protected] http://www.fim.uni-linz.ac.at/staff/sonntag.htm © Michael Sonntag 2010 Agenda Why automatization? What can be automated? Example: Skipfish How reliable are these tools? Practical examples of searching for vulnerabilities: Information collection with NMap Password cracking (John the Ripper, Ophcrack) Exploit scanning with Nessus Michael Sonntag Automating security checks 2 Why automatization? Ensuring security is not that hard for a single system You know it in detail When something is discovered, it is implemented and tested But: Many sites with many configuration options? Do you know them all? » Are they identical everywhere (versions!)? Do you have time to change everything accordingly? » Or do you depend on automatic updates/roll-out? Are you sure you did not miss one option somewhere? » Testing the same thing several times is tedious Solution: Automatic testing whether a problem exists Professionals write tests You just apply them » No need to know exactly how the attack works! Regular re-testing is possible Ad-hoc & patchy testing Systematic & comprehensive Michael Sonntag Automating security checks 3 Overlap with monitoring Some overlap with system monitoring exists Failures are just a “different kind” of attack Some problems may occur accidentally or intentionally » Example: Blacklisting of mail
  • Attack Frameworks and Tools

    Attack Frameworks and Tools

    Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet Technologies and Mobile Communication WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München Overview Introduction Overview of Tools Password Crackers Network Poisoners Network Security Tools Denial of Service Tools Concluding remarks AttackTitel Frameworks and Tools 2 Introduction Network Security – perhaps the most important aspect of communications in todays world How easy it is to attack a target system or network today? . Tools automate most of the work . From fingerprinting your target to attacking . Knowledge requirements decrease day by day AttackTitel Frameworks and Tools 3 Introduction The CIA Triangle Confidentiality Integrity Availability AttackTitel Frameworks and Tools 4 Overview of the Tools Password Crackers • Free • Free • Free • Windows • Various • Linux, Only GUI Platforms OSX and Hashcat Windows Cain and Abel and Cain John the Ripper John AttackTitel Frameworks and Tools 5 Overview of the Tools Network Poisoners • Free • Free • Python • Various ZARP Script Platforms Ettercap AttackTitel Frameworks and Tools 6 Overview of the Tools Network Security Tools • Free • Free • Free • Various (Signup • Python Nmap Platforms Required) Script • Windows Sqlmap Metasploit and Linux AttackTitel Frameworks and Tools 7 Overview of the Tools Denial of Service Tools • Free • Free • Windows • Python LOIC Only GUI HULK Script AttackTitel Frameworks and Tools 8 Password Crackers Attack: Confidentiality Crack passwords or keys Crack various kind of hashes Initially used to crack local system passwords like for Windows and Linux Have extended to include numerous kinds of hashes New versions are faster and use different kind of cracking methods .
  • A New Approach in Expanding the Hash Size of MD5

    A New Approach in Expanding the Hash Size of MD5

    374 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 10, No. 2, August 2018 A New Approach in Expanding the Hash Size of MD5 Esmael V. Maliberan, Ariel M. Sison, Ruji P. Medina Graduate Programs, Technological Institute of the Philippines, Quezon City, Philippines Abstract: The enhanced MD5 algorithm has been developed by variants and RIPEMD-160. These hash algorithms are used expanding its hash value up to 1280 bits from the original size of widely in cryptographic protocols and internet 128 bit using XOR and AND operators. Findings revealed that the communication in general. Among several hashing hash value of the modified algorithm was not cracked or hacked algorithms mentioned above, MD5 still surpasses the other during the experiment and testing using powerful bruteforce, since it is still widely used in the domain authentication dictionary, cracking tools and rainbow table such as security owing to its feature of irreversible [41]. This only CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level means that the confirmation does not need to demand the compared to the original MD5. Furthermore, the proposed method original data but only need to have an effective digest to could output a hash value with 1280 bits with only 10.9 ms confirm the identity of the client. The MD5 message digest additional execution time from MD5. algorithm was developed by Ronald Rivest sometime in 1991 to change a previous hash function MD4, and it is commonly Keywords: MD5 algorithm, hashing, client-server used in securing data in various applications [27,23,22].
  • Chapter 5 Results

    Chapter 5 Results

    CHAPTER 5 RESULTS 5.1 Results This chapter will discuss the results of the testing and comparison of the password cracking tools used. This chapter can be summarized as follows: • Research Data and Result Analysis (Locally) • Research Data and Result Analysis (Remotely) • Research Data and Result Analysis (Alphabets only) • Research Data and Result Analysis (Alphabets and a special character) 5.2 Research Data and Result Analysis (Locally) In Figure 16, Ophcrack was used to crack the local users' password with different combinations of password, alphabets, alphanumeric, alphanumeric special characters, english and non-english words. In Figure 17, Ophcrack was used to crack the same password, but excluding the 3 password that were not cracked in the previous attempt. In Figure 18, Cain was used to crack the local users' password. 35 36 Figure 16 - Ophcrack cracked 7 of 10 passwords Figure 17 - Ophcrack cracked 7 of 7 passwords 37 Figure 18 - Cain cracked 5 of 10 passwords 5.3 Research Data and Result Analysis (Remotely) First, the author scans the network for active IP address with NMAP (Figure 19). He used the command of "nmap -O 192.168.1.1-254" to scan the network, it would scan each IP address for active computer. The command -O enabled operating system detection. From the result of the scanning, there were few ports in the state of open and the services that were using those ports, 135/TCP, 139/TCP, 445/TCP and 1984/TCP. Another important detail was the OS details; it showed that the computer was running under Microsoft Windows XP Professional SP2 or Windows Server 2003.
  • Password Security - When Passwords Are There for the World to See

    Password Security - When Passwords Are There for the World to See

    Password Security - When Passwords are there for the World to see Eleanore Young Marc Ruef (Editor) Offense Department, scip AG Research Department, scip AG [email protected] [email protected] https://www.scip.ch https://www.scip.ch Keywords: Bitcoin, Exchange, GitHub, Hashcat, Leak, OWASP, Password, Policy, Rapid, Storage 1. Preface password from a hash without having to attempt a reversal of the hashing algorithm. This paper was written in 2017 as part of a research project at scip AG, Switzerland. It was initially published online at Furthermore, if passwords are fed through hashing https://www.scip.ch/en/?labs.20170112 and is available in algorithms as is, two persons who happen to use the same English and German. Providing our clients with innovative password, will also have the same hash value. As a research for the information technology of the future is an countermeasure, developers have started adding random essential part of our company culture. user-specific values (the salt) to the password before calculating the hash. The salt will then be stored alongside 2. Introduction the password hash in the user account database. As such, even if two persons use the same password, their resulting The year 2016 has seen many reveals of successful attacks hash value will be different due to the added salt. on user account databases; the most notable cases being the attacks on Yahoo [1] and Dropbox [2]. Thanks to recent Modern GPU architectures are designed for large scale advances not only in graphics processing hardware (GPUs), parallelism. Currently, a decent consumer-grade graphics but also in password cracking software, it has become card is capable of performing on the order of 1000 dangerously cheap to determine the actual passwords from calculations simultaneously.
  • Computational Security and the Economics of Password Hacking

    Computational Security and the Economics of Password Hacking

    COMPUTATIONAL SECURITY AND THE ECONOMICS OF PASSWORD HACKING Abstract Given the recent rise of cloud computing at cheap prices and the increase in cheap parallel computing options, brute force attacks against stolen password databases are a new option for attackers who may not have enough computing power on their own. We take a survey of the current availability and cost of cloud computing as it relates to the idea of computational security in the context of breaking password databases. Rather than look at just the increase in computing power available per computer, we look at how computing as a service is raising the barrier for password protections being computationally secure. We look at the set of key stretching functions meant to defeat brute force password attacks with the current cheapest cloud computing service in order to determine what amount of money and effort an attacker would need to compromise a password database. Michael Phox Zachary Sherin Adin Schmahmann Augusta Niles Context In password-based network security systems, there is a general architecture whereby the password is sent from the user device to a service server, which then hashes the password some number of times using a random oracle before storing the password in a database. Authentication is completed by following the same process and checking if the hashed password is correct. If the password is in the database, access permission is granted (See Figure 1). Figure 1 Password-based Security However, the security system above has been shown to have significant vulnerability depending on the method of password encryption. In contrast to informationally secure (intercepting a ciphertext does not yield any more information to change the probability of any plaintext message.
  • How to Break EAP-MD5

    How to Break EAP-MD5

    How to Break EAP-MD5 Fanbao Liu and Tao Xie School of Computer, National University of Defense Technology, Changsha, 410073, Hunan, P.R. China [email protected] Abstract. We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented suc- cessfully even if the underlying hash function MD5 is replaced with SHA- 1 or even SHA-512. Keywords: EAP-MD5, IEEE 802.1X, Challenge and Response, Length Recovery, Password Cracking, Rainbow Table. 1 Introduction IEEE 802.1X [6] is an IEEE Standard for port-based Network Access Con- trol, which provides an authentication mechanism to devices wishing to attach to a Local Area Network (LAN) or Wireless Local Area Network (WLAN). IEEE 802.1X defines the encapsulation of the Extensible Authentication Proto- col (EAP) [4] over IEEE 802 known as “EAP over LAN” (EAPoL). IEEE 802.1X authentication involves three parties: a peer, an authenticator and an authentica- tion server. The peer is a client device that wishes to attach to the LAN/WLAN. The authenticator is a network device, such as a Wireless Access Point (WAP), and the authentication server is typically a host running software supporting the Remote Authentication Dial In User Service (RADIUS) and EAP proto- cols.
  • Computer Forensics CCIC Training Chapter 4: Understanding the Registry

    Computer Forensics CCIC Training Chapter 4: Understanding the Registry

    Computer Forensics CCIC Training Chapter 4: Understanding the Registry Lauren Pixley, Cassidy Elwell, and James Poirier March 2020 (Version 3) This work by California Cybersecurity Institute is licensed under a Attribution-NonCommercial-NoDerivatives 4.0 International License. Introduction As you are going through your investigation, you will need to know basic information about the forensic image you are searching. To find out more about the image you are analyzing, you will need to look through the Windows Registry. The Windows Registry is basically a database that stores thousands of records with information, such as the operating system, time zone, user settings, user accounts, external storage devices, and some program data. When you look through the Windows Registry in the next section with REGEDIT, it may appear as though the registry is one large storage location. However, there are several files where the information is being stored throughout the computer. REGEDIT simply takes these files and records stored in different locations and displays them for you. There are many records in the Windows Registry that will have no forensic value to you as an examiner, but there are some pieces of information that you will find useful. This chapter will walk you through the basic structure of the registry and where you need to look to find information that is valuable to your investigation. REGEDIT In this section, you will start with the Windows registry utility known as REGEDIT.exe. You can open this by pressing the Windows key+R and then typing in “REGEDIT”. You can also click on the Start menu and type “REGEDIT” in the Search box.
  • Rainbow Tables

    Rainbow Tables

    Rainbow Tables Yukai Zang Division of Science and Mathematics University of Minnesota, Morris Morris, Minnesota, USA 56267 [email protected] Table of contents – Introduction & Background – Rainbow table – Create rainbow tables (offline stage) – Use rainbow tables (online stage) – Tests – Conclusion Table of contents – Introduction & Background – Rainbow table – Create rainbow tables (offline stage) – Use rainbow tables (online stage) – Tests – Conclusion Introduction & Background Introduction & Background Your password Hashed value (plain-text) 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Data base Introduction & Background – Hash function Arbitrary Length Input – Map data of arbitrary size onto data of fixed size Hash Function Fixed Length Output Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; Cryptographic 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; Cryptographic 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; – Small change(s) in plain-text will cause huge changes in hashed value; Introduction & Background – Cryptographic hash function – Small change(s) in plain-text will cause huge changes in hashed value; Introduction & Background Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; – Small change(s) in plain-text will cause huge changes in hashed value; – Infeasible to find two different plain-text with the same hashed value.
  • How to Handle Rainbow Tables with External Memory

    How to Handle Rainbow Tables with External Memory

    How to Handle Rainbow Tables with External Memory Gildas Avoine1;2;5, Xavier Carpent3, Barbara Kordy1;5, and Florent Tardif4;5 1 INSA Rennes, France 2 Institut Universitaire de France, France 3 University of California, Irvine, USA 4 University of Rennes 1, France 5 IRISA, UMR 6074, France [email protected] Abstract. A cryptanalytic time-memory trade-off is a technique that aims to reduce the time needed to perform an exhaustive search. Such a technique requires large-scale precomputation that is performed once for all and whose result is stored in a fast-access internal memory. When the considered cryptographic problem is overwhelmingly-sized, using an ex- ternal memory is eventually needed, though. In this paper, we consider the rainbow tables { the most widely spread version of time-memory trade-offs. The objective of our work is to analyze the relevance of storing the precomputed data on an external memory (SSD and HDD) possibly mingled with an internal one (RAM). We provide an analytical evalua- tion of the performance, followed by an experimental validation, and we state that using SSD or HDD is fully suited to practical cases, which are identified. Keywords: time memory trade-off, rainbow tables, external memory 1 Introduction A cryptanalytic time-memory trade-off (TMTO) is a technique introduced by Martin Hellman in 1980 [14] to reduce the time needed to perform an exhaustive search. The key-point of the technique resides in the precomputation of tables that are then used to speed up the attack itself. Given that the precomputation phase is much more expensive than an exhaustive search, a TMTO makes sense in a few scenarios, e.g., when the adversary has plenty of time for preparing the attack while she has a very little time to perform it, the adversary must repeat the attack many times, or the adversary is not powerful enough to carry out an exhaustive search but she can download precomputed tables.
  • Ophcrack USB Booting Windows Password Recovery for Windows XP Or Vista

    Ophcrack USB Booting Windows Password Recovery for Windows XP Or Vista

    Ophcrack USB Booting Windows Password Recovery for Windows XP or Vista Labels: How To, Password, Solutions, USB BOOT, Windows We have already seen using Ophcrack Live CD for Cracking Windows XP and Windows Vista Passwords. The thing is that now a days we do not use CDs anymore, we use USB drives for our day to day activities. Now what if you want to run Ophcrack from your USB drive instead of wasting money on a CD or if your CD ROM Drive is not working? Moreover using USB drives are more convenient and common these days. Here I have an Ideal solution for this question. But if you are not interested in recovering the password or you simply want to reset or delete the password then there is much easier technique which requires only a 3 MB file instead of Ophcrack. Just see how to Reset windows Password Using a USB drive or a CD In this method we will be using a program called 7-ZIP for extracting the ISO file and some batch files for making the drives bootable. USB Requirement: • Minimum 512 MB for Windows XP • Minimum 1 GB for Windows Vista Or Windows 7 Beta • Format: FAT32 I have tried this method in Windows XP, Windows Vista, and Windows 7 Beta and it works perfectly fine. Follow the steps below: Step 1: Download the ISO File For Ophcrack Live CD 2.1.0 From the links below: (Choose according to your operating system). If you have already downloaded skip this step. Windows XP: Size: 452 MB http://downloads.sourceforge.net/ophcrack/ophcrack-xp-livecd-2.1.0.iso Windows Vista or 7: Size: 532 MB http://downloads.sourceforge.net/ophcrack/ophcrack-vista-livecd-2.1.0.iso Step 2: Download the ZIP File For making USB boot version of Ophcrack Live CD From the link below: Size: 414 KB http://www.techrena.net/downloads/usbboot.zip Step 3: Extract the usbboot.zip file at any location of your computer, not in the USB drive.
  • Password Cracking

    Password Cracking

    Password Cracking Sam Martin and Mark Tokutomi 1 Introduction Passwords are a system designed to provide authentication. There are many different ways to authenticate users of a system: a user can present a physical object like a key card, prove identity using a personal characteristic like a fingerprint, or use something that only the user knows. In contrast to the other approaches listed, a primary benefit of using authentication through a pass- word is that in the event that your password becomes compromised it can be easily changed. This paper will discuss what password cracking is, techniques for password cracking when an attacker has the ability to attempt to log in to the system using a user name and password pair, techniques for when an attacker has access to however passwords are stored on the system, attacks involve observing password entry in some way and finally how graphical passwords and graphical password cracks work. Figure 1: The flow of password attacking possibilities. Figure 1 shows some scenarios attempts at password cracking can occur. The attacker can gain access to a machine through physical or remote access. The user could attempt to try each possible password or likely password (a form of dictionary attack). If the attack can gain access to hashes of the passwords it is possible to use software like OphCrack which utilizes Rainbow Tables to crack passwords[1]. A spammer may use dictionary attacks to gain access to bank accounts or other 1 web services as well. Wireless protocols are vulnerable to some password cracking techniques when packet sniffers are able to gain initialization packets.