Why Use Password Recovery and Keylogging? Mark Denice

1
Why Use Password Recovery and Keylogging?Mark
Denice
2
Overview

• Password Recovery
• Keyloggers

3
Password Recovery Tools

• What they are/arent
• Why do need them
• Software Packages

4
Software

• Mail Passview
• Asterwin IE
• MD5 Password

5
Mail PassView

• This utility is a standalone executable.
• You can also save the email account information
• Notice If the filename contains one or more
  space characters, you must enclose it with quotes
  ("").

6
Mail PassView

• Mail PassView allows you to easily translate all
  dialog-boxes, menus, and strings to other
  language.
• If you want to run Mail PassView without the
  translation, simply rename the language file, or
  move it to another folder

7
AsterWin IE

• AsterWin IE was written in Visual Basic language
  and requires the Visual Basic runtime files in
  order to run properly.
• If Visual Basic (version 5.0 or 6.0) is installed
  on your computer, you can easily run this utility
  as executable file or in the Visual Basic
  environment (by using the source code).
• After the installation is completed, you'll be
  able run and use the "AsterWin IE" utility

8
AsterWin IE

• Open Internet Explorer, and go to the login page
  of the web site that you want to recover the
  password for
• Type your login name. If the password is stored
  on your computer

9
Asterwin IE

• Run the asterie.exe and click the "Show Internet
  Explorer Passwords" button. The utility will scan
  all opened Internet Explorer windows, and the
  password will be revealed after a few seconds

10
MD5 Password

• For security professionals
• Used to recover a password if its MD5 hash is
  known
• Industry standard hash algorithm used to store
  passwords

11
Methods

• Brute Force
• Dictionary
• Smart Force
• Smart Table Recovery
• Rainbow Crack

12
Brute Force Attack

• Most widely known password cracking method
• Uses every possible character combination as a
  password
• If the password is case sensitive, it becomes
  harder to crack

13
Brute Force Attack

• There are three options
• Assume that the password was typed in lower case
  (this is most likely)
• Attempt all combinations
• The most probable combinations are taken into
  consideration

14
Dictionary Attack

• Password crackers will try every word from the
  dictionary
• Usually quite fast.
• There is a variant of this method called Hybrid
  Dictionary Attack

15
Smart Force Attack

• Assumes the password being recovered consists of
  letters only and this combination of letters is
  meaningful
• The effectiveness can be compared to that of
  Dictionary Attack with a very large dictionary

16
Smart Table Recovery

• Can be used in a number of situations. It is
  particularly good for recovering Windows
  NT/2000/XP/2003 passwords
• Based on special precomputed recovery tables.  

17
Smart Table Recovery

• The recovery time required depends on the number
  of passwords you want to recover
• The recovery time depends on a number of factors
  
• The success rate is over 99
• Recovery tables take a lot of disk space, about
  40 Gb

18
Rainbow Crack

• Time-Memory Trade-Off Technique
• Uses pre-calculated tables consisting of every
  possible combination of characters in a Windows
  password
• The result is password cracking up to 12 times
  faster.

19
Keyloggers

• What
• Why
• Types
• Example Output

20
Keyloggers

• Is something that records keystrokes
• Stores it in a file
• Can be viewed in real-time or at a later date.

21
Why use a keylogger?

• It is easier to intercept important information
• Before, or as soon as, it enters the computer
  system
• Some keystrokes are immediately hidden or
  encrypted

22
Types of Keyloggers

• Hardware
• Software

23
Hardware Keyloggers

• 3 types
• Added to keyboard
• Built-in
• Inline

24
Hardware Keyloggers

• The KeyGhost is a completely self contained
  hardware unit
• Simply plugs into the keyboard line of any PC.
• record and retrieve keystrokes without any
  software

25
Hardware Keylogers

• Hardware keyloggers also come in 2 categories
• Unsecured onboard memory
• Encrypted (secured) onboard memory

26
Software Keyloggers

• Programs that run in the background of a PC
• Can be broken down into 2 sub-categories.
• Visible in the task manager
• Invisible and stealth keyloggers

27
Keyloggers

• Choosing the right
• decide on the level of security that you will
  require during the monitoring process.

28
Sample Text

• ltPWRgtltctrl-alt-delgtAdministratorlttabgtfabelj68ltentgt
  ltentgtwww.yahoo.comltentgtltentgthttp//www.badbarbie.
  com/ltentgt
• ltPWRgtltctrl-alt-delgtJameslttabgttinna12ltentgt
  ltlftgtltlftgtltpgugtltentgt adrian.cambell_at_hotmail.com
  ltentgtI'm uploading the design files to the public
  web server now, could you get them for me? Its
  the one we used last time but I changed the
  password to atlanta69. I hope they don't have a
  keylogger installed.
• ltentgtmike.dobson_at_jameco.comltentgtHi, I calculated
  the sales figures that are projected for the next
  year. I have put them up on our web server, under
  http//www.jamecop.com/nonpublic/sales.htm.
• ltPWRgtltctrl-alt-delgtAdministratorlttabgtfabelj68ltentgt
  ltentgtltlftgt davidcoy_at_jameco.com ltentgtHey, one
  more thing, ltbksgtI got hold of some more files
  for the design team, I put them up on the web
  server under http//www.jamecop.com/design/nonpub
  lic/
• ltPWRgtltctrl-alt-delgtMacolttabgtfisher95ltentgtltentgtwww.
  hotmail.comltentgtMaco3421lttabgtsdur54ltentgthttp//ww
  w.l0pht.com/ltentgt

29
Keyloggers

• http//www.spyarsenal.com/
• http//www.widestep.com/download-keylogger-free-qu
  ick

30
Summary

• Password Recovery
• Key Loggers