Tutorial Ophcrack (Ou Comment Utiliser Ophcrack Pour Recouvrir Un Mot De Passe Sous Windows XP Et Windows Vista)

Total Page:16

File Type:pdf, Size:1020Kb

Tutorial Ophcrack (Ou Comment Utiliser Ophcrack Pour Recouvrir Un Mot De Passe Sous Windows XP Et Windows Vista) Tutorial Ophcrack (ou comment utiliser Ophcrack pour recouvrir un mot de passe sous Windows XP et Windows Vista) Ophcrack est un utilitaire gratuit permettant de cracker les mots de passe des sessions Windows. Il s'agit d'un freeware très utile lorsque l'on a perdu le sien... Ou pour des activités un peu moins légales mais bien sûr, ici ce n'est pas l'objectif ! ;) Ophcrack marche donc sous Windows XP et Windows Vista, les deux systèmes d'exploitations de Windows les plus fréquents sur le marché actuellement. Nous allons dès maintenant apprendre à l'utiliser et vous aller voir qu'il est vraiment simple à manier. Grande question : Ophcrack en API ou en LiveCD ? Il existe deux « types » différents du software : une application windows qui permet de trouver les mots de passe à partir d'une session déjà ouverte ; et sous forme d'un LiveCD bootable à partir d'une machine éteinte (sympa quand on a accès à aucune session de la machine :p). Nous allons commencer par expliquer comment se servir de l'application sous Windows avant d'apprendre à faire de même avec le LiveCD... I) Ophcrack en API Tout d'abord, il vous faut Ophcrack (on s'en doutait un peu, non?) Allez donc sur http://ophcrack.sourceforge.net/ Et cliquez sur l'image « Download Ophcrack All platforms » pour télécharger la version applicative. (On remarque que ce petit freeware est disponible pour toutes les plateformes d'exploitation : Windows, Mac, Linux. Depuis le début de ce tutorial, je parle d'Ophcrack comme d'un utilitaire permettant de trouver les mots de passe des sessions Windows parce que c'est le plus fréquent mais vous voyez qu'en réalité, il n'y a pas que ça !). Ensuite, bien sûr, il faut installer le logiciel... Vous allez vous retrouver avec un .exe (pour Windows). C'est fait?! Bien, maintenant vous allez lancer le programme à partir de n'importe quelle session de l'ordinateur sur lequel vous voulez pratiquer le cracking. Vous allez vous retrouver avec cette petite fenêtre : Vous allez ensuite cliquer sur Load en haut à gauche : Pour faire apparaître cette liste déroulante : Nous avons ici plusieurs possibilités... Tout d'abord le Single Hash qui permet de cracker un hash md5 par exemple, on copie le hash dans la fenêtre et le tour est joué. PWDUMP file permet de cracker et d'exploiter un fichier PWDUMP. Idem avec Session file sauf que c'est avec un fichier de session (étonnant non?) Encrypted SAM permet d'indiquer le chemin du fichier SAM directement sur le disque dur pour le cracker après. Le SAM est le fichier qui contient les hashs des mots de passe des sessions sous Windows. La suivante, Local SAM est ce qui nous intéresse. En cliquant sur ce lien, le programme va charger le SAM de la machine sur laquelle vous vous trouvez... Remote SAM permet de charger le SAM d'une autre machine, SAM que l'on possède déjà sur une clé USB par exemple. Cliquez donc sur « Local SAM ». Les différents comptes de votre machine apparaissent donc avec à côté le LM Hash s'il y en a un et le NT Hash. Les ordinateurs d'aujourd'hui n'utilisent quasiment plus les LM Hash qui étaient de mise à l'époque des Windows 98. Aujourd'hui, c'est un NT Hash qui renferme le mot de passe de la session dans la plupart des cas. A droite encore vous avez la liste des comptes qui n'ont pas de mot de passe de session signalés par le mot « empty » et les autres ceux dont la case est vide sont ceux qui sont protégés. Vous avez sans doute remarqué qu'il y a un bouton « Delete » en haut à gauche, à droite du bouton « Load ». En sélectionnant d'abord un compte dans l'onglet « Progress » ou vous êtes, simplement en cliquant dessus puis en cliquant sur « Delete » vous allez pouvoir supprimer ce compte de la liste des comptes à cracker. Vous allez donc avoir la possibilité de supprimer de cette liste tous les comptes que vous ne voulez pas cracker pour ne garder que celui ou ceux qui vous intéressent. Par exemple moi je ne garde que le compte « Camille ». L'étape suivante est d'ajouter les Rainbow Tables que l'on veut utiliser le mot de passe... Les quoi ? -_-' Les Rainbow Tables : Ce sont en fait des tables qui contiennent des hashs de mot de passe ainsi que des mots de passe en clair et qui permettent de concilier taille des tables et vitesse d'exécution. Ce n'est pas qu'une simple base de données contenant des mots de passe et leurs hashs, il s'agit d'une base de données contenant quelques mots de passes et leurs hashs correspondant et à partir desquelles on peut créer d'autres mots de passes et d'autres hashs... Il y aura plus tard un cours sur les Rainbow Tables de publié. Il faut savoir qu'Ophcrack sans Rainbow Tables n'est qu'un logiciel de bruteforce classique ne pouvant découvrir que des passwords faisant entre 1 et 4 caractères, c'est très peu... Vous pouvez télécharger la table XP free, XP free fast ou Vista free qui sont gratuites et qui dépendent bien sûr de votre OS... Si vous voulez d'autres tables, plus performantes ou qui complètent les « free », il faudra payer ou les rechercher en torrent (chuuut ! Pas bien :$) Pour télécharger la Vista free, aller sur le site d'Ophcrack, sur l'onglet « Tables » en haut dans le menu : http://ophcrack.sourceforge.net/tables.php On considère donc à présent que vous avez téléchargé une ou plusieurs tables. On est toujours à la même étape que tout à l'heure : on vient de supprimer les comptes qui ne nous intéressent pas après avoir chargé un SAM, un hash, un PWDUMP ou un fichier de session... Cliquez maintenant sur « Tables ». Vous avez la liste de tous les tables qui existent qui apparaît dans une petite fenêtre. Comme vous le voyez, moi j'ai déjà la Vista free et la Vista special d'installées... Pour installer une table, rien de compliqué : sélectionner une table avec un point rouge dans la liste, cliquer ensuite sur « Install » en bas à droite puis indiquer le dossier dans lequel les fichiers de la table se trouve. Validez. C'est installé ! Une fois que vous avez installé, activé (pour qu'une table soit activé, elle doit être précédée d'un point vert dans la liste, pour cela si celui est jaune, cliquez sur le point vert en bas a gauche et sur le point jaune si vous voulez la désactiver pour ne pas l'utiliser lors du cracking), cliquez sur « OK » pour terminer. Dernière petite chose avant de commencer à cracker, allez faire un tour dans l'onglet « Preferences » si vous le souhaitez, vous pourrez y modifier le nombres de processeurs utilisés, la mémoire, etc... (Ophcrack peut être très gourmand en mémoire vive...) Une fois que tout vous convient, retourner sur l'onglet « Progress » et cliquez sur « Crack » dans le menu en haut. Vous n'avez qu'à attendre la fin ! Et voilà le résultat : Comme vous le voyez avec un mot de passe aussi simple que le mien, le temps du processus est vraiment court : 27 sec ici !!! Voilà pour l'utilisation d'Ophcrack en application. Idée : vous pouvez installer Ophcrack directement sur une clé USB avec dans un dossier une ou deux Rainbow Tables pour pouvoir l'utiliser sur n'importe quelle machine sans avoir à l'installer. SI une table est trop lourde (exemple de la Vista special qui ne fait pourtant que 8Go), vous pouvez mettre dans un dossier uniquement une ou deux tables de la Rainbow Table (en effet, elle est composée de 4 tables celle-ci !) et lors de l'installation, vous donner le chemin du dossier contenant juste la table « partielle » composée de une ou deux tables sur les 4 dans l'exemple que j'ai pris. 2) Ophcrack en LiveCD On va faire court pour cette partie, Ophcrack en liveCD est très simple : vous télécharger l'ISO sur le site : http://ophcrack.sourceforge.net/ Vous gravez l'ISO sur un CD ou un DVD. Vous bootez dessus en ayant pris soin de changer l'ordre de démarrage des périphiques dans le BIOS pour que le CD démarre avant le disque dur interne de la machine si nécessaire. Vous choississez l'option qui vous convient le mieux : option graphique ou texte. Le programme démarre ! Par défaut, vous aurez la Vista free comme Rainbow Table (si vous avez choisi l'option graphique et que vous ne voyez aucune table au lancement automatique du programme, cliquez sur « Stop » et allez dans « Tables », « Install » et cherchez la sur le CD. Vous pouvez bien sûr rajouter comme pour la clé USB, une ou deux tables dans le CD avant de graver ou sur un DVD (plus simple pour les grosses tables, le mieux restant encore de faire une clé USB bootable...). Voilà, ce tutorial touche à sa fin, si vous avez des questions n'hésitez pas, posez-les sur le forum : http://kamday-underground.forum-actif.net/ Sur ce, bonne continuation et bon apprentissage ;) Kam.
Recommended publications
  • Automating Security Checks
    Mag. iur. Dr. techn. Michael Sonntag Automating security checks Institute for Information Processing and Microprocessor Technology (FIM) Johannes Kepler University Linz, Austria E-Mail: [email protected] http://www.fim.uni-linz.ac.at/staff/sonntag.htm © Michael Sonntag 2010 Agenda Why automatization? What can be automated? Example: Skipfish How reliable are these tools? Practical examples of searching for vulnerabilities: Information collection with NMap Password cracking (John the Ripper, Ophcrack) Exploit scanning with Nessus Michael Sonntag Automating security checks 2 Why automatization? Ensuring security is not that hard for a single system You know it in detail When something is discovered, it is implemented and tested But: Many sites with many configuration options? Do you know them all? » Are they identical everywhere (versions!)? Do you have time to change everything accordingly? » Or do you depend on automatic updates/roll-out? Are you sure you did not miss one option somewhere? » Testing the same thing several times is tedious Solution: Automatic testing whether a problem exists Professionals write tests You just apply them » No need to know exactly how the attack works! Regular re-testing is possible Ad-hoc & patchy testing Systematic & comprehensive Michael Sonntag Automating security checks 3 Overlap with monitoring Some overlap with system monitoring exists Failures are just a “different kind” of attack Some problems may occur accidentally or intentionally » Example: Blacklisting of mail
    [Show full text]
  • Chapter 5 Results
    CHAPTER 5 RESULTS 5.1 Results This chapter will discuss the results of the testing and comparison of the password cracking tools used. This chapter can be summarized as follows: • Research Data and Result Analysis (Locally) • Research Data and Result Analysis (Remotely) • Research Data and Result Analysis (Alphabets only) • Research Data and Result Analysis (Alphabets and a special character) 5.2 Research Data and Result Analysis (Locally) In Figure 16, Ophcrack was used to crack the local users' password with different combinations of password, alphabets, alphanumeric, alphanumeric special characters, english and non-english words. In Figure 17, Ophcrack was used to crack the same password, but excluding the 3 password that were not cracked in the previous attempt. In Figure 18, Cain was used to crack the local users' password. 35 36 Figure 16 - Ophcrack cracked 7 of 10 passwords Figure 17 - Ophcrack cracked 7 of 7 passwords 37 Figure 18 - Cain cracked 5 of 10 passwords 5.3 Research Data and Result Analysis (Remotely) First, the author scans the network for active IP address with NMAP (Figure 19). He used the command of "nmap -O 192.168.1.1-254" to scan the network, it would scan each IP address for active computer. The command -O enabled operating system detection. From the result of the scanning, there were few ports in the state of open and the services that were using those ports, 135/TCP, 139/TCP, 445/TCP and 1984/TCP. Another important detail was the OS details; it showed that the computer was running under Microsoft Windows XP Professional SP2 or Windows Server 2003.
    [Show full text]
  • Password Security - When Passwords Are There for the World to See
    Password Security - When Passwords are there for the World to see Eleanore Young Marc Ruef (Editor) Offense Department, scip AG Research Department, scip AG [email protected] [email protected] https://www.scip.ch https://www.scip.ch Keywords: Bitcoin, Exchange, GitHub, Hashcat, Leak, OWASP, Password, Policy, Rapid, Storage 1. Preface password from a hash without having to attempt a reversal of the hashing algorithm. This paper was written in 2017 as part of a research project at scip AG, Switzerland. It was initially published online at Furthermore, if passwords are fed through hashing https://www.scip.ch/en/?labs.20170112 and is available in algorithms as is, two persons who happen to use the same English and German. Providing our clients with innovative password, will also have the same hash value. As a research for the information technology of the future is an countermeasure, developers have started adding random essential part of our company culture. user-specific values (the salt) to the password before calculating the hash. The salt will then be stored alongside 2. Introduction the password hash in the user account database. As such, even if two persons use the same password, their resulting The year 2016 has seen many reveals of successful attacks hash value will be different due to the added salt. on user account databases; the most notable cases being the attacks on Yahoo [1] and Dropbox [2]. Thanks to recent Modern GPU architectures are designed for large scale advances not only in graphics processing hardware (GPUs), parallelism. Currently, a decent consumer-grade graphics but also in password cracking software, it has become card is capable of performing on the order of 1000 dangerously cheap to determine the actual passwords from calculations simultaneously.
    [Show full text]
  • Computer Forensics CCIC Training Chapter 4: Understanding the Registry
    Computer Forensics CCIC Training Chapter 4: Understanding the Registry Lauren Pixley, Cassidy Elwell, and James Poirier March 2020 (Version 3) This work by California Cybersecurity Institute is licensed under a Attribution-NonCommercial-NoDerivatives 4.0 International License. Introduction As you are going through your investigation, you will need to know basic information about the forensic image you are searching. To find out more about the image you are analyzing, you will need to look through the Windows Registry. The Windows Registry is basically a database that stores thousands of records with information, such as the operating system, time zone, user settings, user accounts, external storage devices, and some program data. When you look through the Windows Registry in the next section with REGEDIT, it may appear as though the registry is one large storage location. However, there are several files where the information is being stored throughout the computer. REGEDIT simply takes these files and records stored in different locations and displays them for you. There are many records in the Windows Registry that will have no forensic value to you as an examiner, but there are some pieces of information that you will find useful. This chapter will walk you through the basic structure of the registry and where you need to look to find information that is valuable to your investigation. REGEDIT In this section, you will start with the Windows registry utility known as REGEDIT.exe. You can open this by pressing the Windows key+R and then typing in “REGEDIT”. You can also click on the Start menu and type “REGEDIT” in the Search box.
    [Show full text]
  • How to Handle Rainbow Tables with External Memory
    How to Handle Rainbow Tables with External Memory Gildas Avoine1;2;5, Xavier Carpent3, Barbara Kordy1;5, and Florent Tardif4;5 1 INSA Rennes, France 2 Institut Universitaire de France, France 3 University of California, Irvine, USA 4 University of Rennes 1, France 5 IRISA, UMR 6074, France [email protected] Abstract. A cryptanalytic time-memory trade-off is a technique that aims to reduce the time needed to perform an exhaustive search. Such a technique requires large-scale precomputation that is performed once for all and whose result is stored in a fast-access internal memory. When the considered cryptographic problem is overwhelmingly-sized, using an ex- ternal memory is eventually needed, though. In this paper, we consider the rainbow tables { the most widely spread version of time-memory trade-offs. The objective of our work is to analyze the relevance of storing the precomputed data on an external memory (SSD and HDD) possibly mingled with an internal one (RAM). We provide an analytical evalua- tion of the performance, followed by an experimental validation, and we state that using SSD or HDD is fully suited to practical cases, which are identified. Keywords: time memory trade-off, rainbow tables, external memory 1 Introduction A cryptanalytic time-memory trade-off (TMTO) is a technique introduced by Martin Hellman in 1980 [14] to reduce the time needed to perform an exhaustive search. The key-point of the technique resides in the precomputation of tables that are then used to speed up the attack itself. Given that the precomputation phase is much more expensive than an exhaustive search, a TMTO makes sense in a few scenarios, e.g., when the adversary has plenty of time for preparing the attack while she has a very little time to perform it, the adversary must repeat the attack many times, or the adversary is not powerful enough to carry out an exhaustive search but she can download precomputed tables.
    [Show full text]
  • Ophcrack USB Booting Windows Password Recovery for Windows XP Or Vista
    Ophcrack USB Booting Windows Password Recovery for Windows XP or Vista Labels: How To, Password, Solutions, USB BOOT, Windows We have already seen using Ophcrack Live CD for Cracking Windows XP and Windows Vista Passwords. The thing is that now a days we do not use CDs anymore, we use USB drives for our day to day activities. Now what if you want to run Ophcrack from your USB drive instead of wasting money on a CD or if your CD ROM Drive is not working? Moreover using USB drives are more convenient and common these days. Here I have an Ideal solution for this question. But if you are not interested in recovering the password or you simply want to reset or delete the password then there is much easier technique which requires only a 3 MB file instead of Ophcrack. Just see how to Reset windows Password Using a USB drive or a CD In this method we will be using a program called 7-ZIP for extracting the ISO file and some batch files for making the drives bootable. USB Requirement: • Minimum 512 MB for Windows XP • Minimum 1 GB for Windows Vista Or Windows 7 Beta • Format: FAT32 I have tried this method in Windows XP, Windows Vista, and Windows 7 Beta and it works perfectly fine. Follow the steps below: Step 1: Download the ISO File For Ophcrack Live CD 2.1.0 From the links below: (Choose according to your operating system). If you have already downloaded skip this step. Windows XP: Size: 452 MB http://downloads.sourceforge.net/ophcrack/ophcrack-xp-livecd-2.1.0.iso Windows Vista or 7: Size: 532 MB http://downloads.sourceforge.net/ophcrack/ophcrack-vista-livecd-2.1.0.iso Step 2: Download the ZIP File For making USB boot version of Ophcrack Live CD From the link below: Size: 414 KB http://www.techrena.net/downloads/usbboot.zip Step 3: Extract the usbboot.zip file at any location of your computer, not in the USB drive.
    [Show full text]
  • Password Cracking
    Password Cracking Sam Martin and Mark Tokutomi 1 Introduction Passwords are a system designed to provide authentication. There are many different ways to authenticate users of a system: a user can present a physical object like a key card, prove identity using a personal characteristic like a fingerprint, or use something that only the user knows. In contrast to the other approaches listed, a primary benefit of using authentication through a pass- word is that in the event that your password becomes compromised it can be easily changed. This paper will discuss what password cracking is, techniques for password cracking when an attacker has the ability to attempt to log in to the system using a user name and password pair, techniques for when an attacker has access to however passwords are stored on the system, attacks involve observing password entry in some way and finally how graphical passwords and graphical password cracks work. Figure 1: The flow of password attacking possibilities. Figure 1 shows some scenarios attempts at password cracking can occur. The attacker can gain access to a machine through physical or remote access. The user could attempt to try each possible password or likely password (a form of dictionary attack). If the attack can gain access to hashes of the passwords it is possible to use software like OphCrack which utilizes Rainbow Tables to crack passwords[1]. A spammer may use dictionary attacks to gain access to bank accounts or other 1 web services as well. Wireless protocols are vulnerable to some password cracking techniques when packet sniffers are able to gain initialization packets.
    [Show full text]
  • Download Ophcrack Live Iso Free Download Ophcrack for Windows 8/8.1
    download ophcrack live iso Free Download Ophcrack for Windows 8/8.1. Cracking passwords is usually not required as long as you remember the passwords for the accounts on your machine. However, what sometimes happens is that you forget the password for an account on your computer and that's when you rush to a tool that can help you crack the password for that account. There are tons of tools in the market that can help you recover these forgotten passwords, however, only a handful of those actually work and let you regain access to your account. One of these handful tools is Ophcrack which is a known tool for cracking passwords on Windows computers. Ophcrack is a nice tool that helps you recover the passwords for the accounts on your Windows computer. You can even burn it to a CD and boot up your computer from it and then begin cracking passwords on your machine. Below we will show you how to free download Ophcrack Windows 8.1/8 USB to recover forgotten local Administrator and user password on Windows 8.1/8 easily. Downloading Ophcrack for Windows 8/8.1. 1. Open a web browser such as Google Chrome on your PC and head over to the Ophcrack website. When the website loads-up, you will find a button saying Download Live CD. Click on it and it will let you download the Live CD version of the Ophcrack app. So, that was how you could download and use Ophcrack for Windows 8 and 8.1. Ophcrack Cannot Work on Windows 8/8.1 Computer? As you know, Ophcrack is a free tool that can crack Windows XP/Vista/7 login password.
    [Show full text]
  • UGRD 2015 Spring Bugg Chris.Pdf (464.4Kb)
    We could consider using the Mighty Cracker Logo located in the Network Folder MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum Password Security • Password security is important. • Users • Weak and/or reused passwords • Developers and Admins • Choose insecure storage algorithms. • Mighty Cracker • Show real world impact of poor password security. OVERVIEW • We made a hash cracker. • Passwords are stored as hashes to protect them from intruders. • Our program uses several methods to ‘crack’ those hashes. • Networking • Spread work to multiple machines. • Cross Platform OTHER HASH CRACKING PRODUCTS • Hashcat • Cain and Abel • John the Ripper • THC-Hydra • Ophcrack • Network support is rare. WHAT IS HASHING • A way to encode a password to help protect it. • A mathematical one-way function. • MD5 hash • cf4ff726403b8a992fd43e09dd7b5717 • SHA-256 hash • 951e689364c979cc3aa17e6b0022ce6e4d0e3200d1c22dd68492c172241e0623 SUPPORTED HASHING ALGORITHMS • Current Algorithms • MD5 • SHA-1 • SHA-224 • SHA-256 • SHA-384 • SHA-512 WAYS TO CRACK • Cracking Modes • Single User • Network Mode • Methods of Cracking: • Brute Force • Dictionary • Rainbow Table • GUI or Console BRUTE FORCE • Systematically checking all possible keys until the correct one is found. • Worst case this would transverse the entire search space. • Slowest but will always find the solution if given enough time. DICTIONARY ATTACK • List of common passwords from leaks/hacks. • Many people choose common passwords • Written works of Shakespeare ~66,000 words • Oxford English Dictionary ~290,000 words • Small dictionary = 900,000 words • Medium dictionary = 14 million words • Large dictionary = 1.2 billion words RAINBOW TABLE • Can’t store all possible hash/key combinations. • 16 character key = 10^40th combinations • 10^50th atoms on earth • Rainbow tables • Reduced storage.
    [Show full text]
  • Exploiting Host-Based Vulnerabilities
    Exploiting Host-Based Vulnerabilities • Exploit Windows-Based Vulnerabilities • Exploit *nix-Based Vulnerabilities Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 1 Commonalities Among Windows-Based Vulnerabilities (Slide 1 of 2) • OSs and most applications based on C, which has no default bounds-checking. • Susceptible to buffer overflows, arbitrary code execution, and privilege escalation. • Developers need to use security best practices and unit testing. • Proprietary product, so source code is not publicly available. • Fewer reviews open the door for undiscovered weaknesses. • Complexity enables vulnerabilities to remain undetected after release. • Microsoft doesn’t patch all vulnerabilities—they release new versions. • This leaves the vulnerability unaddressed in older installations. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2 Commonalities Among Windows-Based Vulnerabilities (Slide 2 of 2) • Servers: Network-based vulnerabilities; workstations: Application-based vulnerabilities. • Uses standard protocols and technologies. • Susceptible to cross-platform exploits. • Physical access puts hosts at greater risk. • Connecting cables to administrative console ports. • Booting to a different OS. • Using removable media. • Stealing and damaging hardware. • Social engineering is required to expose certain vulnerabilities. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3 Windows Operating System Vulnerabilities Category Description Remote code execution Any condition that allows attackers to execute arbitrary code. Buffer or heap overflow A programming error that allows attackers to overwrite allocated memory addresses with malicious code. Denial of service Any condition that allows attackers to use resources so that legitimate requests can’t be served. A programming error that allows attackers to access a program’s memory space and hijack the normal Memory corruption execution flow.
    [Show full text]
  • LAB 1 – Cracking Weak Passwords
    LAB 1 – Cracking weak passwords Introduction Password-based authenticaiton is still the most popular metod of access control. Methods based on passwords have numerous advantages: low implementation cost, ease of passwords change, reconfigurability, lack of any external systems to depend on. Passwords can be memorized, so it is not easy to steal them, unlike tokens or ID cards. Passwords are hard to recover, for example by means of reverse engineering, on condition that the password satisfies certain quality criteria. Passwords, which are short or too simple to guess, must not be used. This laboratory session aims to show the vulnerabilities to password-based authentication. We will evaluate passwords, which are too short or too simple. Short phrases or dictionary words must be avoided. This laboratory is not a hacking tutorial – its sole objective is to show, that common software can be used to break a passwod by brute force atatck or to recover it by other means, such as a dictionary attack. The lab also aims to show that strong passwords need to be enforced in all systems as a common security control, by means of an appropriate security policy. The methods and techniques presented here also aim to show administrators a few techniques to test the quality of a password, since a weak password presents considerable vulnerabiblity. Many network attacks follow some repetitive pattern: 1. Step 1: find login name and recover password of any user in the system. Contrary to many expectations, it is not difficult. Many users do not adhere to security principles, unless they are enforced.
    [Show full text]
  • Passwords Topics
    CIT 480: Securing Computer Systems Passwords Topics 1. Password Systems 2. Threat Models: Online, Offline, Side Channel 3. Storing Passwords: Hashing and Salting 4. Examples: UNIX, Windows, Kerberos 5. Password Selection 6. Graphical Passwords 7. One-Time Passwords Authentication System A: set of authentication information – information used by entities to prove identity C: set of complementary information – information stored by system to validate A F: set of complementation functions f : A → C – generate C from A L: set of authentication functions l: A × C→{T,F} – verify identity S: set of selection functions – enable entity to create or alter A or C Password System Example Authenticate with 8-character alphanumeric password. System compares against stored cleartext password. A = [A-Za-z0-9]{8} C = A F = { I } L = { = } Security problem: a threat who gains access to password file knows password for every user. Password Storage Solution: We should store complementary information instead of passwords, so threat doesn’t get every password by stealing one file. Idea #1: Encrypt passwords. – Encrypt passwords with secret key. – Store ciphertext. – Problem: what if attacker finds secret key? Idea #2: Hash passwords. – Store hash value of password. – No Problem: hashes can’t be turned back into passwords. Password System Example #2 Authenticate with 8-character alphanumeric password. System compares with stored MD5 hash of password. A = [A-Za-z0-9]{8} C = 128-bit numbers F = { MD5 } L = { MD5(a)=c } Password Leaks are Common Threat Models 1. Online Attacks – Threat has access to login user interface. – Attack is attempts to guess passwords using the user interface.
    [Show full text]