DOCSLIB.ORG

Forensics Book 2: Investigating Hard Disk and File and Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Forensics Book 2: Investigating Hard Disk and File and Operating Systems Forensics Book 2: Investigating Hard Disk and File and Operating Systems Chapter 7: Application Password Crackers Objectives Understand password terminology Use a password cracker Implement various cracking methods Perform system-level password cracking Perform application software password cracking Use default password databases Use password-cracking tools Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Introduction This chapter: Deals with password crackers and the tools used in password recovery Covers concepts such as ways to bypass BIOS passwords, methods for removing CMOS batteries, and Windows XP/2000/NT keys Discusses BIOS password crackers and explains the Passware Kit, default password databases, and distributed network attacks Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password Terminology Passwords Gateway to most computer systems One of the easiest and most common ways to improve security: adopt good password procedures Passwords can be classified as weak or strong Strength of passwords can be calculated mathematically by the length of time it would take for a brute force cracker to discover them Strong passwords would take years to crack, while weak passwords could be broken in less than a second. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password Terminology Strength of a password is not the only thing determining its quality Good password must also be easy for the creator to remember or it may need to be written down, which adds another vulnerability Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited What Is a Password Cracker? Password cracker Used to identify an unknown or forgotten password to a computer or network resource Used to obtain unauthorized access to resources Primary methods to discover passwords: Brute force Dictionary searches A brute force cracker runs through combinations of characters of a predetermined length until it finds a combination accepted by the system. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited What Is a Password Cracker? When conducting a dictionary search, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variety of topics, including politics, movies, and music groups. Some password crackers search for hybrids of dictionary entries and numbers. For example, ants01, ants02, ants03, and so on for word of ants. A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer’s memory, the program may be able to decrypt it. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? In order to understand how a password cracker works, it is important to understand how a password generator works. Most password generators use some form of cryptography to encrypt the passwords. In table, below each letter is a corresponding number. Thus, A=7, C=2, and so forth. This is a code of sorts. But it can be easily decoded. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? Figure 7-1 This is a simple cryptographic cipher. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Another example of cryptography is ROT-13, where each letter is replaced by a substitute letter. Moving 13 letters ahead derives the substitute letter. This is, of course, fairly ineffective because there are programs that quickly identify this pattern. Software is available on the Internet that can create strong, difficult-to-crack passwords. In addition, users should change their passwords frequently. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-2 ROT-13 is another simple cryptography method. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-3 shows how password cracking takes place. The word list is sent through the encryption process, generally one word at a time. Rules are applied to the word and the word is again compared to the target password, which was encrypted using the same rules. If no match occurs, the next word is sent through the process. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-3 This shows how password cracking occurs. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Most password crackers use one or more of the following methods: Brute force attack Dictionary attack Syllable attack Rule-based attack Hybrid attack Password guessing Rainbow attack Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Brute force attack Attacker tries every possible combination of characters until the correct password is found Slow method and takes a large amount of time against longer passwords Program will usually follow a sequence, example: 1. aaaaa 2. aaaab 3. aaaac The difficulty depends on the following factors: • How long can the password be? • How many possible values can each component of the password have? • How long will it take to attempt each password? Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Dictionary attack Dictionary file is loaded into the cracking application that runs against user accounts Program uses every word present in the dictionary to find the password Considered more useful than brute force attacks Does not work against systems that use passphrases This attack can be applied under two situations: 1. In cryptanalysis, it is used to find out the decryption key for obtaining the plaintext from the ciphertext. 2. In computer security, it can be used to guess passwords. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Dictionary attack In order to improve the success of a dictionary attack, the attacker may do the following: • Use a number of dictionaries, such as technical dictionaries and foreign dictionaries • Use string manipulation on the dictionary, meaning if a dictionary contains the word system, then the cracker would also try using metsys and other variations Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Syllable attack Combination of both a brute force attack and a dictionary attack Often used when the password is a nonexistent word Attacker takes syllables from dictionary words and combines them in every possible way to try to crack the password Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Rule-based attack Used when an attacker already has some information about the password Attacker writes a rule so that the cracking software will generate only passwords that meet this rule For example, if the attacker knows that all passwords on a system consist of six letters and three numbers, he or she can craft a rule that generates only these types of passwords. Considered the most powerful attack, because the cracker can narrow down the possibilities considerably. This technique combines brute force, dictionary, and syllable attacks. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Hybrid attack This type of attack is based on the dictionary attack Often, people change their passwords by just adding numbers to their old passwords In this attack, the program adds numbers and symbols to the words from the dictionary. For example, if the old password is “system”, the user may have changed it to “system1” or “system2.” Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Password guessing Sometimes users set passwords that can be easily remembered, such as a relative’s or a pet’s name Can make the password easy to guess Guessing requires only physical access or an open network path to a machine running a suitable service Common weak passwords include the following: Words password, passcode, admin, and their derivatives The user’s name or login name; A relative’s name The user’s birthplace or date of birth; • A pet’s name Automobile license plate number; • A row of letters from the qwerty keyboard, such as “qwerty,” “asdf,” or “qwertyuiop” Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Rainbow attack Based on the cryptanalytic time-memory trade-off technique Requires less time for cryptanalysis Uses already calculated information stored in memory to crack a code, such as a password Rainbow table Table of password hashes created by hashing every possible password and variation thereof to be used in a rainbow attack to recover a plaintext password from a captured ciphertext Copyright © by EC-Council Press All rights reserved. Reproduction
Load more

Recommended publications
  • Active@ UNDELETE Documentation
    Active @ UNDELETE Users Guide | Contents | 2 Contents Legal Statement.........................................................................................................5 Active@ UNDELETE Overview............................................................................. 6 Getting Started with Active@ UNDELETE.......................................................... 7 Active@ UNDELETE Views And Windows...................................................................................................... 7 Recovery Explorer View.......................................................................................................................... 8 Logical Drive Scan Result View..............................................................................................................9 Physical Device Scan View......................................................................................................................9 Search Results View...............................................................................................................................11 File Organizer view................................................................................................................................ 12 Application Log...................................................................................................................................... 13 Welcome View........................................................................................................................................14 Using
    [Show full text]
  • Assignment 3 – Authentication July 2021 Due Thursday, August 12, 2021
    CryptoWorks21 Network Security Assignment 3 – Authentication July 2021 due Thursday, August 12, 2021 Assignment 3 – Authentication Assignment reports must be submitted by Thursday, August 12, 2021. Assignment Description In this assignment you will carry out exercises related to the lectures on authentication. You will work on cracking password hashes, as well as investigate two-factor authentication on the Internet. Assignment Requirements and Setup Virtual machines. You will need to use the Kali Linux virtual machines. If you have not downloaded and installed it yet, please check the “Assignment 0” document. John the Ripper. You will need to use a tool called John the Ripper in order to crack password hashes. This tool is pre-installed in the Kali Linux virtual machine. However, John is very computationally intensive, and it might run faster on your main computer rather than inside a virtual machine. If you do decide to install it on your main computer, be sure to use the “jumbo” version, which contains support for many more types of hash algorithms. • For Windows, you can download a jumbo build from the John the Ripper homepage (http://www.openwall.com/john/) • For macOS, you can install John using the command-line package manager “Home- brew”. To install Homebrew, visit https://brew.sh/. Once you’ve installed Home- brew, you can install John using the command brew install john-jumbo . Getting text to and from your virtual machine. During this assignment, you may need to copy text to or from your various virtual machines. This can be somewhat annoying. It is possible to set up shared clipboards in VirtualBox (Settings Ñ General Ñ Advanced Ñ Shared Clipboard Ñ Bidirectional), but these are not always reliable.
    [Show full text]
  • Active @ UNDELETE Users Guide | TOC | 2
    Active @ UNDELETE Users Guide | TOC | 2 Contents Legal Statement..................................................................................................4 Active@ UNDELETE Overview............................................................................. 5 Getting Started with Active@ UNDELETE........................................................... 6 Active@ UNDELETE Views And Windows......................................................................................6 Recovery Explorer View.................................................................................................... 7 Logical Drive Scan Result View.......................................................................................... 7 Physical Device Scan View................................................................................................ 8 Search Results View........................................................................................................10 Application Log...............................................................................................................11 Welcome View................................................................................................................11 Using Active@ UNDELETE Overview................................................................. 13 Recover deleted Files and Folders.............................................................................................. 14 Scan a Volume (Logical Drive) for deleted files..................................................................15
    [Show full text]
  • Hash Crack: Password Cracking Manual
    Hash Crack. Copyright © 2017 Netmux LLC All rights reserved. Without limiting the rights under the copyright reserved above, no part of this publication may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise) without prior written permission. ISBN-10: 1975924584 ISBN-13: 978-1975924584 Netmux and the Netmux logo are registered trademarks of Netmux, LLC. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor Netmux LLC, shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. While every effort has been made to ensure the accuracy and legitimacy of the references, referrals, and links (collectively “Links”) presented in this book/ebook, Netmux is not responsible or liable for broken Links or missing or fallacious information at the Links. Any Links in this book to a specific product, process, website, or service do not constitute or imply an endorsement by Netmux of same, or its producer or provider. The views and opinions contained at any Links do not necessarily express or reflect those of Netmux.
    [Show full text]
  • NCL Password Cracking--Key Getting Started You Can Install a Pre-Built Vmware VM from Here
    NCL Password Cracking--Key Getting Started You can install a pre-built VMware VM from here. You just need to open the VM, not install it. The login credentials are kali, kali. https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Then read this excellent blog from NCL. https://cryptokait.com/2019/09/24/everything-you-need-to-know-about-password-cracking-for-the- national-cyber-league-games/ A Note about Hashcat Hashcat, and the older John the Ripper, keep a list of hashes they have already cracked. If the hash is in the list, it will not appear in the output. This can be confusing if you are having problems and run the same hash file repeatedly. If you think some cracked hashes are missing, look in .hashcat/hashcat.potfile in your home directory, or perhaps where you ran hashcat from. If you want to start from scratch, just delete .hashcat/hashcat.potfile A Crack to Start With This is from the paragraph in the NCL Blog, “Using a Pre-Made Wordlist on Kali.” Follow the procedure to unzip (actually Gnu unzip or gunzip) the password list from the rockyou.com breach (I moved rockyou.txt to my home directory instead of Downloads.) Then run the hashcat line, hashcat -m 0 {means the hashes are MD5} -a 0 {attack will be wordlist only} -o outputfile {where the output goes} hashlist pwlist Here are the hashes. 8549137cd494c22ae87eef3e18a46986 0f96a320a8c0bf7e3f6d375b0d9d3a4c 1a8cb8d148b513dfa1d285077fc4e3fb 22a313110bf5b84c0a58eecc27deaa30 e4fd50109f0e40e8c1a895d8e5c71199 These are easy and should crack in under a minute. Solution Save the hashes in a file on Kali.
    [Show full text]
  • UGRD 2015 Spring Bugg Chris.Pdf (464.4Kb)
    We could consider using the Mighty Cracker Logo located in the Network Folder MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum Password Security • Password security is important. • Users • Weak and/or reused passwords • Developers and Admins • Choose insecure storage algorithms. • Mighty Cracker • Show real world impact of poor password security. OVERVIEW • We made a hash cracker. • Passwords are stored as hashes to protect them from intruders. • Our program uses several methods to ‘crack’ those hashes. • Networking • Spread work to multiple machines. • Cross Platform OTHER HASH CRACKING PRODUCTS • Hashcat • Cain and Abel • John the Ripper • THC-Hydra • Ophcrack • Network support is rare. WHAT IS HASHING • A way to encode a password to help protect it. • A mathematical one-way function. • MD5 hash • cf4ff726403b8a992fd43e09dd7b5717 • SHA-256 hash • 951e689364c979cc3aa17e6b0022ce6e4d0e3200d1c22dd68492c172241e0623 SUPPORTED HASHING ALGORITHMS • Current Algorithms • MD5 • SHA-1 • SHA-224 • SHA-256 • SHA-384 • SHA-512 WAYS TO CRACK • Cracking Modes • Single User • Network Mode • Methods of Cracking: • Brute Force • Dictionary • Rainbow Table • GUI or Console BRUTE FORCE • Systematically checking all possible keys until the correct one is found. • Worst case this would transverse the entire search space. • Slowest but will always find the solution if given enough time. DICTIONARY ATTACK • List of common passwords from leaks/hacks. • Many people choose common passwords • Written works of Shakespeare ~66,000 words • Oxford English Dictionary ~290,000 words • Small dictionary = 900,000 words • Medium dictionary = 14 million words • Large dictionary = 1.2 billion words RAINBOW TABLE • Can’t store all possible hash/key combinations. • 16 character key = 10^40th combinations • 10^50th atoms on earth • Rainbow tables • Reduced storage.
    [Show full text]
  • List of Versions Added in ARL #2547 Publisher Product Version
    List of Versions Added in ARL #2547 Publisher Product Version 2BrightSparks SyncBackLite 8.5 2BrightSparks SyncBackLite 8.6 2BrightSparks SyncBackLite 8.8 2BrightSparks SyncBackLite 8.9 2BrightSparks SyncBackPro 5.9 3Dconnexion 3DxWare 1.2 3Dconnexion 3DxWare Unspecified 3S-Smart Software Solutions CODESYS 3.4 3S-Smart Software Solutions CODESYS 3.5 3S-Smart Software Solutions CODESYS Automation Platform Unspecified 4Clicks Solutions License Service 2.6 4Clicks Solutions License Service Unspecified Acarda Sales Technologies VoxPlayer 1.2 Acro Software CutePDF Writer 4.0 Actian PSQL Client 8.0 Actian PSQL Client 8.1 Acuity Brands Lighting Version Analyzer Unspecified Acuity Brands Lighting Visual Lighting 2.0 Acuity Brands Lighting Visual Lighting Unspecified Adobe Creative Cloud Suite 2020 Adobe JetForm Unspecified Alastri Software Rapid Reserver 1.4 ALDYN Software SvCom Unspecified Alexey Kopytov sysbench 1.0 Alliance for Sustainable Energy OpenStudio 1.11 Alliance for Sustainable Energy OpenStudio 1.12 Alliance for Sustainable Energy OpenStudio 1.5 Alliance for Sustainable Energy OpenStudio 1.9 Alliance for Sustainable Energy OpenStudio 2.8 alta4 AG Voyager 1.2 alta4 AG Voyager 1.3 alta4 AG Voyager 1.4 ALTER WAY WampServer 3.2 Alteryx Alteryx Connect 2019.4 Alteryx Alteryx Platform 2019.2 Alteryx Alteryx Server 10.5 Alteryx Alteryx Server 2019.3 Amazon AWS Command Line Interface 1 Amazon AWS Command Line Interface 2 Amazon AWS SDK for Java 1.11 Amazon CloudWatch Agent 1.20 Amazon CloudWatch Agent 1.21 Amazon CloudWatch Agent 1.23 Amazon
    [Show full text]
  • Password Cracker Tutorial
    Password cracker tutorial In cryptanalysis and computer security, password cracking is the process of recovering passwords[1] from data that has been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.[2] The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby system administrators check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file's permissions are restricted. Time needed for password searches The time to crack a password is related to bit strength (see password strength), which is a measure of the password's entropy, and the details of how the password is stored. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. One example is brute-force cracking, in which a computer tries every possible key or password until it succeeds. With multiple processors, this time can be optimized through searching from the last possible group of symbols and the beginning at the same time, with other processors being placed to search through a designated selection of possible passwords.[3] More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc.
    [Show full text]
  • LAB 1 – Cracking Weak Passwords
    LAB 1 – Cracking weak passwords Introduction Password-based authenticaiton is still the most popular metod of access control. Methods based on passwords have numerous advantages: low implementation cost, ease of passwords change, reconfigurability, lack of any external systems to depend on. Passwords can be memorized, so it is not easy to steal them, unlike tokens or ID cards. Passwords are hard to recover, for example by means of reverse engineering, on condition that the password satisfies certain quality criteria. Passwords, which are short or too simple to guess, must not be used. This laboratory session aims to show the vulnerabilities to password-based authentication. We will evaluate passwords, which are too short or too simple. Short phrases or dictionary words must be avoided. This laboratory is not a hacking tutorial – its sole objective is to show, that common software can be used to break a passwod by brute force atatck or to recover it by other means, such as a dictionary attack. The lab also aims to show that strong passwords need to be enforced in all systems as a common security control, by means of an appropriate security policy. The methods and techniques presented here also aim to show administrators a few techniques to test the quality of a password, since a weak password presents considerable vulnerabiblity. Many network attacks follow some repetitive pattern: 1. Step 1: find login name and recover password of any user in the system. Contrary to many expectations, it is not difficult. Many users do not adhere to security principles, unless they are enforced.
    [Show full text]
  • Can I Download Xp Repair Cd
    Can i download xp repair cd I want to do a Winows repair but can't find the original disc. for kubuntu, and download it, burn the iso to a disc, and boot from cd with in it. Download this iso and burn it to a CD/DVD/USB. It's the Windows XP Recovery Console that's included in the XP installation CD and should. Here is how to make a bootable XP Recovery Console CD and a Hiren's You can make a bootable Recovery Console CD by downloading an ISO file and windows xp repair/reinstall. I have lost my windows XP system restore recovery CD and was you can download and/or order all recovery disk from the Microsoft website. OK the title might be a bit off but can i download and burn onto a cd? Well I didnt get a repair CD when i purchased the desktop so just about XP professional repair without disk. The Windows XP installation CD-ROM includes recovery options on it. When booting from the CD-ROM you can access the recovery console to repair corrupted. Repair USB Key Instructions: Windows XP 1. Download from. 2. Double. Repairing Windows XP this way will fix damaged files but will keep other XP repair process, you will need to boot from the Windows XP CD. When purchased, many computers don't come with a Windows XP recovery setup disk, but you can download one for free from Microsoft. This is a download of file of just the Recovery Console for XP.
    [Show full text]
  • Computer Hacking Forensic Investigator V4 Exam 312-49 CHFI Computer Hacking Forensic Investigator Training Program
    Computer Hacking Forensic Investigator v4 Exam 312-49 CHFI Computer Hacking Forensic Investigator Training Program Course Description Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. The CHFI course will give participants the necessary skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal." It is no longer a matter of "will your organization be comprised (hacked)?" but, rather, "when?" Today's battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cyber- criminal, then this is the course for you. The CHFI is a very advanced security-training program. Proper preparation is required before conducting the CHFI class. Who Should Attend . Police and other law enforcement personnel . Defense and Military personnel . e-Business Security professionals . Systems administrators . Legal professionals . Banking, Insurance and other professionals .
    [Show full text]
  • Lab 8: Using John the Ripper to Crack Linux Passwords
    ETHICAL HACKING LAB SERIES Lab 8: Using John the Ripper to Crack Linux Passwords Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License. Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah. This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Lab 8: Using John the Ripper to Crack Linux Passwords Contents Introduction .......................................................................................................................
    [Show full text]