CHAPTER 5

RESULTS

5.1 Results

This chapter will discuss the results of the testing and comparison of the password cracking tools used. This chapter can be summarized as follows:

• Research Data and Result Analysis (Locally)

• Research Data and Result Analysis (Remotely)

• Research Data and Result Analysis (Alphabets only)

• Research Data and Result Analysis (Alphabets and a special character)

5.2 Research Data and Result Analysis (Locally)

In Figure 16, Ophcrack was used to crack the local users' password with different combinations of password, alphabets, alphanumeric, alphanumeric special characters, english and non-english words. In Figure 17, Ophcrack was used to crack the same password, but excluding the 3 password that were not cracked in the previous attempt. In

Figure 18, Cain was used to crack the local users' password.

35

36

Figure 16 - Ophcrack cracked 7 of 10 passwords

Figure 17 - Ophcrack cracked 7 of 7 passwords

37

Figure 18 - Cain cracked 5 of 10 passwords

5.3 Research Data and Result Analysis (Remotely)

First, the author scans the network for active IP address with NMAP (Figure 19). He used the command of "nmap -O 192.168.1.1-254" to scan the network, it would scan each IP address for active computer. The command -O enabled operating system detection. From the result of the scanning, there were few ports in the state of open and the services that were using those ports, 135/TCP, 139/TCP, 445/TCP and 1984/TCP.

Another important detail was the OS details; it showed that the computer was running under Microsoft Windows XP Professional SP2 or Windows Server 2003.

38

Figure 19 - Nmap Scanning the Network

The next step was to find out what exploit could take over the target's system. The author used an exploit for port 445 (Figure 20), smb. Thus, he proceeded with exploit/windows/smb/ms08_067_netapi, and by choosing the payload windows/vncinject/reverse_tcp. He set the RHOST as his target, which is 192.168.1.111 and then exploit. Vncinject enabled the author to gain access of his target's desktop. A window showing the target's desktop appeared on top of the author's desktop and within the window, a command prompt (Metasploit Courtesy Shell) appeared. In Figure 21, it shows that the author has successfully entered the victim's desktop.

39

Figure 20 - Metasploit on Port 445

Figure 21 - Gained access of victim's desktop

40

By using the provided command prompt, the author initiated a FTP connection to his

FTP server (Figure 22). After that, he retrieved pwdump.exe to the victim's C drive and executed the program to dump the target's registered users and password to a text file

(Figure 22 & Figure 23). Then, he runs the pwdump.exe and dumps the password into a text file, pass.txt, by using the command, "pwdump localhost >> C:\pass.txt" (Figure 22

& Figure 23).

Figure 22 - Initiated FTP connection, Sending PwDump, gaining hashed password

41

Figure 23 - Upload pwdump.exe and hashing username/password successfully

Next, the author sent the text file to his FTP server (Figure 24 & Figure 25), and after that, he deleted both the pwdump.exe and hashed text file from the victim's C drive

(Figure 26). Then, the author closed his session by closing any window he opened, including the command prompt.

42

Figure 24 - Sends pass.txt to FTP server

Figure 25 - pass.txt retrieval success

43

Figure 26 - Remove Trace

Finally, he loaded the text file to Ophcrack/Cain to crack the password (Figure 27 &

Figure 28). It took Ophcrack 1minute 56 seconds to crack 9/14 passwords (Figure 29) and Cain 209.89seconds to crack 7/14 (Figure 30 & Figure 31). There were 4 users that were not registered by the owner, included for the cracking process, which were the

Administrator, Guest, HelpAssistant and SUPPORT_388945a0.

44

Figure 27 - Ophcrack load hashes from text file

Figure 28 - Cain import hashes from a text file

45

Figure 29 - Ophcrack Results

46

Figure 30 - Cain Results 1

Figure 31 - Cain Results 2

47

5.4 Research Data and Result Analysis (Alphabets Only)

The author conducts a test for cracking password containing alphabets only, and the alphabetic words are dictionary words which were partially taken from Figure 7 and from a list provided by one of the password cracking tool.

The formulas used are:

• Mean = x = ( Σ xi ) / n

2 • Standard Deviation = s = sqrt [ Σ ( xi - x ) / ( n - 1 ) ]

2 2 • Variance = s = Σ ( xi - x ) / ( n - 1 )

2 2 • Standard Error = SE = sqrt[(s1 /n1) + (s2 /n2)]

2 2 2 2 2 2 • Degrees of Freedom = DF = (s1 /n1 + s2 /n2) / { [ (s1 / n1) / (n1 - 1) ] + [ (s2 /

2 n2) / (n2 - 1) ] }

• T-test = t = [ (x1 - x2) - d ] / SE

Table 2 - Statistic table for alphabets only

Length Ophcrack Cain T-test Found Time (seconds) Found Time (seconds) 4 10 Mean = 4.48 10 Mean = 4.337 7.6548E-1 Var = 3.80571 Var = 7.61456 s.d. = 1.95082 s.d. =2.75945 5 10 Mean = 3.52 10 Mean = 6.8128 1.68216976398E-9 Var = 7.1696 Var = 4.843 s.d. = 2.677610875 s.d. = 2.20068 6 10 Mean = 5.7 10 Mean = 4.4616 1.9401E-1 Var = 31.76531 Var = 12.96052 s.d. = 5.63607 s.d. = 3.60007 7 10 Mean = 1.68 10 Mean = 1.7362 7.2497E-1 Var = 1.20163 Var = 0.06095 s.d. = 1.09619 s.d. = 0.24687 8 10 Mean = 2.88 10 Mean = 4.6914 3.4E-4 Var = 3.45469 Var = 8.30515 s.d. = 1.85868 s.d. = 2.88187

48

9 10 Mean = 2.82 10 Mean = 4.6674 3.9E-4 Var = 3.94653 Var = 8.55873 s.d. = 1.98659 s.d. = 2.92553 10 10 Mean = 2.84 10 Mean = 4.8672 4.40199665947E-5 Var = 2.30041 Var = 8.58477 s.d. = 1.51671 s.d. = 2.92998 11 10 Mean = 6.86 10 Mean = 7.4176 6.1064E-1 Var = 30.28612 Var = 29.29407 s.d. = 5.50328 s.d. = 5.4124 12 10 Mean = 4.26 10 Mean = 3.2352 3.234E-2 Var = 8.60449 Var = 2.43638 s.d. = 2.93334 s.d. = 1.56089 13 10 Mean = 7.64 10 Mean = 3.084 4.50068284555E- Var = 17.13306 Var = 0.85168 10 s.d. = 4.13921 s.d. = 0.92287 14 10 Mean = 12.08 10 Mean = 4.6182 6.97384112681E- Var = 29.21796 Var = 15.46989 12 s.d. = 5.40536 s.d. = 3.93318

5.5 Research Data and Result Analysis (Alphabets and a Special Character)

The author conducts a test for cracking password containing alphabets and a special character, and the alphabetic words are dictionary words which were partially taken from Figure 7 and from a list provided by one of the password cracking tool.

The formulas used are:

• Mean = x = ( Σ xi ) / n

2 • Standard Deviation = s = sqrt [ Σ ( xi - x ) / ( n - 1 ) ]

2 2 • Variance = s = Σ ( xi - x ) / ( n - 1 )

2 2 • Standard Error = SE = sqrt[(s1 /n1) + (s2 /n2)]

2 2 2 2 2 2 • Degrees of Freedom = DF = (s1 /n1 + s2 /n2) / { [ (s1 / n1) / (n1 - 1) ] + [ (s2 /

2 n2) / (n2 - 1) ] }

• T-test = t = [ (x1 - x2) - d ] / SE

49

Table 3 - Statistic table for alphabets and a special character

Length Ophcrack Cain T-test Found Time (seconds) Found Time (seconds) 4 10 Mean = 7.16 0 Mean = 33.8314 2.39468945016E- Var = 4.05551 Var = 0.07353 58 s.d. = 2.01383 s.d. = 0.27117 5 0 Mean = 44.14 0 Mean = 36.9318 9.36869014996E- Var = 4.04122 Var = 1.09993 35 s.d. = 2.01028 s.d. = 1.04877 6 0 Mean = 39.86 0 Mean = 36.5376 4.26701573269E- Var = 5.02082 Var = 6.40074 10 s.d. = 2.24072 s.d. = 2.52997 7 0 Mean = 39.2 0 Mean = 38.2094 4.85E-2 Var = 3.22449 Var = 8.99874 s.d. = 1.79569 s.d. = 2.99979 8 10 Mean = 1.98 0 Mean = 36.4222 1.81673893455E- Var = 0.46898 Var = 0.70351 130 s.d. = 0.68482 s.d. = 0.83876 9 10 Mean = 3 0 Mean = 38.4134 7.1936884387E-94 Var = 2.4898 Var = 4.27239 s.d. = 1.57791 s.d. = 2.06698 10 10 Mean = 3.14 0 Mean = 42.071 1.2521137269E-79 Var = 3.10245 Var = 8.29653 s.d. = 1.76138 s.d. = 2.88037 11 10 Mean = 7.44 0 Mean = 40.5632 1.08567317727E- Var = 2.53714 Var = 3.92749 93 s.d. = 1.59284 s.d. = 1.98179 12 0 Mean = 42.12 0 Mean = 45.5726 5.2E-4 Var = 21.94449 Var = 24.33547 s.d. = 4.68449 s.d. = 4.9331 13 0 Mean = 40.28 0 Mean = 38.6036 1.42149730494E- Var = 1.51184 Var = 0.44537 12 s.d. = 1.22957 s.d. = 0.66736 14 0 Mean = 39.4 0 Mean = 38.5034 6.67894422053E-5 Var = 1.34694 Var = 0.96319 s.d. = 1.16058 s.d. = 0.98142