Forensics Book 2: Investigating Hard Disk and File and Operating Systems

Forensics Book 2: Investigating Hard Disk and File and Operating Systems

Forensics Book 2: Investigating Hard Disk and File and Operating Systems Chapter 7: Application Password Crackers Objectives Understand password terminology Use a password cracker Implement various cracking methods Perform system-level password cracking Perform application software password cracking Use default password databases Use password-cracking tools Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Introduction This chapter: Deals with password crackers and the tools used in password recovery Covers concepts such as ways to bypass BIOS passwords, methods for removing CMOS batteries, and Windows XP/2000/NT keys Discusses BIOS password crackers and explains the Passware Kit, default password databases, and distributed network attacks Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password Terminology Passwords Gateway to most computer systems One of the easiest and most common ways to improve security: adopt good password procedures Passwords can be classified as weak or strong Strength of passwords can be calculated mathematically by the length of time it would take for a brute force cracker to discover them Strong passwords would take years to crack, while weak passwords could be broken in less than a second. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password Terminology Strength of a password is not the only thing determining its quality Good password must also be easy for the creator to remember or it may need to be written down, which adds another vulnerability Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited What Is a Password Cracker? Password cracker Used to identify an unknown or forgotten password to a computer or network resource Used to obtain unauthorized access to resources Primary methods to discover passwords: Brute force Dictionary searches A brute force cracker runs through combinations of characters of a predetermined length until it finds a combination accepted by the system. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited What Is a Password Cracker? When conducting a dictionary search, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variety of topics, including politics, movies, and music groups. Some password crackers search for hybrids of dictionary entries and numbers. For example, ants01, ants02, ants03, and so on for word of ants. A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer’s memory, the program may be able to decrypt it. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? In order to understand how a password cracker works, it is important to understand how a password generator works. Most password generators use some form of cryptography to encrypt the passwords. In table, below each letter is a corresponding number. Thus, A=7, C=2, and so forth. This is a code of sorts. But it can be easily decoded. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? Figure 7-1 This is a simple cryptographic cipher. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Another example of cryptography is ROT-13, where each letter is replaced by a substitute letter. Moving 13 letters ahead derives the substitute letter. This is, of course, fairly ineffective because there are programs that quickly identify this pattern. Software is available on the Internet that can create strong, difficult-to-crack passwords. In addition, users should change their passwords frequently. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-2 ROT-13 is another simple cryptography method. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-3 shows how password cracking takes place. The word list is sent through the encryption process, generally one word at a time. Rules are applied to the word and the word is again compared to the target password, which was encrypted using the same rules. If no match occurs, the next word is sent through the process. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited How Does a Password Cracker Work? (continued) Figure 7-3 This shows how password cracking occurs. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Most password crackers use one or more of the following methods: Brute force attack Dictionary attack Syllable attack Rule-based attack Hybrid attack Password guessing Rainbow attack Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Brute force attack Attacker tries every possible combination of characters until the correct password is found Slow method and takes a large amount of time against longer passwords Program will usually follow a sequence, example: 1. aaaaa 2. aaaab 3. aaaac The difficulty depends on the following factors: • How long can the password be? • How many possible values can each component of the password have? • How long will it take to attempt each password? Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Dictionary attack Dictionary file is loaded into the cracking application that runs against user accounts Program uses every word present in the dictionary to find the password Considered more useful than brute force attacks Does not work against systems that use passphrases This attack can be applied under two situations: 1. In cryptanalysis, it is used to find out the decryption key for obtaining the plaintext from the ciphertext. 2. In computer security, it can be used to guess passwords. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods Dictionary attack In order to improve the success of a dictionary attack, the attacker may do the following: • Use a number of dictionaries, such as technical dictionaries and foreign dictionaries • Use string manipulation on the dictionary, meaning if a dictionary contains the word system, then the cracker would also try using metsys and other variations Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Syllable attack Combination of both a brute force attack and a dictionary attack Often used when the password is a nonexistent word Attacker takes syllables from dictionary words and combines them in every possible way to try to crack the password Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Rule-based attack Used when an attacker already has some information about the password Attacker writes a rule so that the cracking software will generate only passwords that meet this rule For example, if the attacker knows that all passwords on a system consist of six letters and three numbers, he or she can craft a rule that generates only these types of passwords. Considered the most powerful attack, because the cracker can narrow down the possibilities considerably. This technique combines brute force, dictionary, and syllable attacks. Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Hybrid attack This type of attack is based on the dictionary attack Often, people change their passwords by just adding numbers to their old passwords In this attack, the program adds numbers and symbols to the words from the dictionary. For example, if the old password is “system”, the user may have changed it to “system1” or “system2.” Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Password guessing Sometimes users set passwords that can be easily remembered, such as a relative’s or a pet’s name Can make the password easy to guess Guessing requires only physical access or an open network path to a machine running a suitable service Common weak passwords include the following: Words password, passcode, admin, and their derivatives The user’s name or login name; A relative’s name The user’s birthplace or date of birth; • A pet’s name Automobile license plate number; • A row of letters from the qwerty keyboard, such as “qwerty,” “asdf,” or “qwertyuiop” Copyright © by EC-Council Press All rights reserved. Reproduction is strictly prohibited Password-Cracking Methods (continued) Rainbow attack Based on the cryptanalytic time-memory trade-off technique Requires less time for cryptanalysis Uses already calculated information stored in memory to crack a code, such as a password Rainbow table Table of password hashes created by hashing every possible password and variation thereof to be used in a rainbow attack to recover a plaintext password from a captured ciphertext Copyright © by EC-Council Press All rights reserved. Reproduction

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    124 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us