Password cracking - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Password cracking

Description:

Use a Live Bootable OS CD (Knoppix) to by-pass user login and change directory ... Use Live Bootable OS CD (Knoppix) Password Salting. Salts help strengthen the ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 11
Provided by: wak67
Category:

less

Transcript and Presenter's Notes

Title: Password cracking


1
Password cracking
  • Patrick Sparrow, Matt Prestifillipo, Bill
    Kazmierski

2
Overview
  • Who uses password crackers?
  • List of programs needed
  • Gain access to password list
  • Password Salting
  • Installing John the Ripper
  • How to use PwDump2 and John the Ripper
  • How to make a strong password

3
Who uses password crackers?
  • System Administrators
  • Test the strength of the users password
  • Hackers
  • Gain access to the users account

4
List of programs needed
  • Pwdump2
  • Retrieves user accounts and passwords in Windows
    and puts the information into a hash table (not
    needed in Unix)
  • John the Ripper
  • Uses hash table from pwdump2 and cracks password

5
John the Ripper cont.
  • Runs against various encrypted password formats
    including Unix (based on DES, MD5, or Blowfish),
    Kerberos AFS, and Windows NT/2000/XP/2003 LM hash
  • It operates by the so-called dictionary attack.
    It takes text string samples (usually from a file
    containing words found in a dictionary),
    encrypting it in the same format as the password
    being examined, and comparing the output to the
    encrypted string.
  • It also can operate by the incremental attack.
    Where JTR tries every possible character
    combination as passwords.
  • Several thousand possibilities can be tried per
    second
  • Most sufficient way of cracking passwords in the
    past several decades

6
Gain Password List
  • Windows
  • Use Pwdump2 to get SAM file when logged into
    account
  • Use a Live Bootable OS CD (Knoppix) to by-pass
    user login and change directory to the Windows
    SAM File and dump to disk
  • Unix
  • Unshadow password in /etc/passwd
  • ./unshadow /etc/passwd /etc/master.passwd gt
    pass.txt
  • ypcat passwd when NIS is used
  • Use Live Bootable OS CD (Knoppix)

7
Password Salting
  • Salts help strengthen the password list
  • The salt is suffixed with random values to the
    password before encrypting it the salt is stored
    along with the encrypted password in the hash
  • Salts are different for each user, the attacker
    can no longer use a single encrypted version of
    each candidate password.
  • Makes for longer time of cracking passwords
  • More difficult for dictionary attack

8
Installing Pwdump2 and JTR
  • Simply extract both programs to separate
    directories, no install needed for Windows
  • For Unix
  • CD to ./src of the JTR dir after extraction.
  • make
  • make clean generic

9
How to use Pwdump2 and JTR
10
How to make a strong password
  • Do not use single dictionary words
  • Use a combination of words with a punctuation
    mark in between each word, along with a mix of
    upper and lower case letters for each word
Write a Comment
User Comments (0)
About PowerShow.com