Royal Military College of Canada Department of Electrical and Computer Engineering

EEE404 - Cyber Defence

Dr G.S. Knight [email protected] Rm S5108 6470

Capt Stephen McKeon [email protected] Rm S4206 3802

Exercise 4

Introduction

In this exercise, students will explore password cracking under Windows. Students will create user accounts on their virtual machines, and assign to these passwords of different strengths. The students will then use a password cracking program called ophcrack, along with two small rainbow tables, to crack passwords.

Part 1 - Setting Up User Accounts under Windows

• Start your Windows VM, and add user accounts using the Windows User Account Wizard. • To do this click Start -> Control Panel -> User Accounts and Family Safety -> User Accounts -> Manage another account -> Create a new account. • Type in Ron for a user name and give him a Standard account type. Click Create Account. • Click on the newly created account, and create a new password. Give Ron the password Teddy; no need to use a password hint. (See photo of Teddy below.)

• Repeat the process, creating the following accounts (Name : Password) : o Scott : Scott987 o Steve : SigProf!! - Steve is obviously security conscious with a nice strong password! • Create one more account named Testy (no more than one because too many user accounts interferes with the functioning of samdump), and set a password for it that is strong and longer than 8 characters. Be careful not to use a password that you use as credentials on any real system. • Close the New Account window and the Control Panel.

Part 2 - Cracking Windows Passwords

• We will crack these Windows passwords using ophcrack. • Start ophcrack by right-clicking the icon on the desktop of your Windows VM and selecting Run as administrator. o This part of the exercise will closely follow the "HowTo" described under the Help menu. • The passwords for all the users just created, as well as other passwords, have been saved in the local SAM database. We must now load this database into ophcrack. o In ophcrack, click Load -> Local SAM with samdump2. You will now see a list of the users on the machine as well as their associated NT hashes. o Do any of these include an associated Lanman (LM) hash? o Do you notice anything after that load? Has ophcrack already reported something interesting? o To speed things up, skip every account except Administrator, Scott, Ron, eee404, Sly and any others that you created. You do this by selecting the entry, and pressing the Delete button. • In order to crack passwords ophcrack requires a . Click Tables. o Highlight the XP free fast tables and click Install. § Tell ophcrack where to find the tables by browsing to Favorites\Desktop\Resources\Rainbow_Tables and selecting tables_XP_free_fast. ClickSelectFolder o Highlight the Vista probabilistic free tables (be careful; there are three Vista probabilistic choices) and click Install § Tell ophcrack where to find the tables by browsing to Favorites\Desktop\Resources\Rainbow_Tables and selecting vista_proba_free. ClickSelectFolder o In the Table Selection dialog click OK. • Expand the XP free fast and Vista probabilistic free tables to see detailed progress when you begin cracking. • Start the cracking operation by pressing the Crack button. o How successful was ophcrack?

• Do you notice any difference for a password that is longer than 8 characters?

• Do you notice any difference for a password that contains special characters?

Conclusion

In this exercise, you have explored password cracking in Windows. You may have noticed that the lack of Lanman representations in this installation makes password cracking more difficult than previously reported for Windows based systems. In the next exercise you will explore what happens when the Lanman hashes for Windows passwords are available.