1 / 30

Seek and Ye shall Find - Password and Providence

Seek and Ye shall Find - Password and Providence. Mano ‘dash4rk’ Paul October 11, 2013. whois. w en u c me, tweet #/@HackFormers. [ Querying whois.org ] Name : manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990

addo
Download Presentation

Seek and Ye shall Find - Password and Providence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seek and Ye shall Find-Password and Providence Mano ‘dash4rk’ Paul October 11, 2013

  2. whois wen u c me, tweet #/@HackFormers [Querying whois.org] Name: manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990 [TECHNICAL] Advisor: Software Assurance Book: The 7 Qualities of Highly Secure Software; Official (ISC)2 Guide to CSSLP CEO: SecuRisk Solutions [OTHER]Researcher: Shark Biology (dash4rk) Credz: CSSLP, CISSP, MCSD, MCAD, CompTIA Network+, ECSA Recordcreated on 03-03-19.. Recordexpires on tbd Database last updated on 10-11-2013

  3. Agenda Teach Security Teach Christ Teach Security In Christ

  4. What is the topic/series about? • Seek and Ye shall Find • Passwords (Teach Security) • Providence (Teach Christ) • Part of the Kali OS series • Pentesting processes from r3c0n to r00t • Intro to security tools in the Kali Linux OS • Password Attack Tools

  5. Teach Security Seek and Ye shall Find -- passwords --

  6. What is a password? • A credential/claim • Used in combination with a username • For validation of an identity • Authentication • Used to gain admission/access

  7. I AM that I AM • Authentication • Something you know • Passwords, PINs • Something you have • Badges, Certs, Fobs • Something you are • Biometrics In scope for this talk!

  8. Cracking • Discovering • Can it be legit? • Attest password policy • Attest password strength • Determine if the passwords are cryptographically protected • Hashed • Encrypted To crack for the right reasons is being wise; To crack for the wrong reasons is being a wisecracker!

  9. wisecracker

  10. A note about ‘strong’ passwords • Characteristics • Particular length • Alpha • Numeric • Mixed Case • Special Characters • Change • Periodically changed So is your password ‘strong’ enough?

  11. Strong but psychologically acceptable • Make it too complex • Users seek to find a way around it • Make it too simple • Hackers seek to find it and often do • Is your password • Strong? • Psychologically acceptable?

  12. Tools, Tools, and more Tools

  13. Humans – The weakest link • Why hack when you can just ask • Ask and you shall receive (Matthew 7:7) • Social Engineering (Toolkit) • Credential Harvesting • You are the weakest link, Goodbye! • Anne Robinson, Gameshow Host • You are the weakest link, Hacked Guy! • Mano Paul, HackFormers Host

  14. Password Attack Tools

  15. john (the ripper)without wordlists

  16. john (the ripper)with wordlist

  17. johnny

  18. Seeking Wordlists! • Download existing wordlists • http://packetstormsecurity.com/Crackers/wordlists/ (free) • http://www.outpost9.com/files/WordLists.html (free) • http://www.openwall.com/wordlists/ (paid ~$30) • Create your own i.e., Crunch It

  19. mimikatz • Tool to grab windows passwords from memory • Benjamin Delphy (@gentilkiwi) ouioui • How to? • Upload libraries and run commands [virustotal flags it] • Meterpreter Extension

  20. Disclaimer • Do NOT hack to crack unless you are authorized to … • Demo • Seek and Ye shall Find

  21. Demo < Seek and Ye shall Find • 1. Social Engineering Toolkit • Credential Harvesting attack • 2. Meterpreter • Migrate to winlogonprocess • Keylog • Meterpeter • Get password hashes (hashdump) • Crack (john without/with wordlists) • 4. Mimikatz

  22. Teach Christ Seek and Ye shall Find -- Providence --

  23. Humans – The weakest link • Humans are frail made from the dust of the earth – the weak link • The devil tries to social engineer us to death • We need to ask for it is written 7Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you: • Matthew 7:7-11 • Ask and ye shall receive > But who do you ask for?

  24. Who do you say I AM?- Jesus’ Question • God said • I AM that I AM • I AM the God of your fathers (Abraham, Isaac and Jacob) • Jesus said • Before Abraham was, I AM • Jesus is God (Providence) i.e., God’s provision for our Salvation … without Jesus, no one can be granted access to God … no other way! • Jesus said > I AM • The bread of life • From above • I am the true vine • The Light of the world • The door • The good shepherd • The Son of God • The Resurrection and the life • The way, the truth, and the life

  25. Who is Jesus Christ?- HackFormers Style • Jesus is • The credential/claim • To be used in combination with a Your name • For validation of your identity • Authentication • Needed to gain admission/access • Jesus is THE PASSWORD to all the questions of life – He is strong and psychologically acceptable, never changes, and UNCRACKABLE

  26. If you seek Jesus, you will find him • 7 Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you:8 For every one that askethreceiveth; and he that seekethfindeth; and to him that knocketh it shall be opened. • Matthew 7:7-8 • 13 And ye shall seek me, and find me, when ye shall search for me with all your heart.14And I will be found of you, saith the Lord: • Jeremiah 29:13-14a

  27. If you seek Jesus, you will find him • 6 Seek ye the Lord while he may be found, call ye upon him while he is near:7Let the wicked forsake his way, and the unrighteous man his thoughts: and let him return unto the Lord, and he will have mercy upon him; and to our God, for he will abundantly pardon. • Isaiah 55:6-7

  28. Teach Security In Christ Points to Ponder

  29. Discussion Points • You need to know the password to get access to a privileged resource • You need to know Jesus (THE password) to get access to God • And this is life eternal, that they might know thee the only true God, and Jesus Christ, whom thou hast sent. • John 17:3 • Know him NOT JUST as a cool guy, but as Savior and Lord! • Is Jesus your password? ******** • Is he your Savior and Lord i.e., Have you believed or do you still doubt? • Seek Jesus while he may still be found! All who call on the name of the Lord Jesus Christ shall be saved (Joel 2:32) [i.e., all who know Jesus Christ as their password shall be granted access to the presence of God to live eternally]

  30. Closing Thoughts try { if (uLikedThisPresentationAndMtg) { subscribeViaEmail(); followAndTweet(); // @hackformers getLinkedIn(); emailUs(); // mano.paul@hackformers.org } else { giveFeedback(); // mano.paul@hackformers.org } } catch(Temptations t) { Seek(God’sProvidence > JesusChrist); } finally { ThankUandGodBless(); }

More Related