1 / 10

Module 4 Password Cracking

Presented by Heorot.net. Module 4 Password Cracking. Objectives. Understand abilities and limitations of password cracking Identify different password encryption methods Identify and use password cracking tools. Abilities and Limitations.

orsin
Download Presentation

Module 4 Password Cracking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by Heorot.net Module 4 Password Cracking

  2. Objectives • Understand abilities and limitations of password cracking • Identify different password encryption methods • Identify and use password cracking tools

  3. Abilities and Limitations • Your ability to crack the password is only as good as your password list • Complex passwords require more time to crack • Remote cracking is slow and very noisy

  4. Identify Encryption Methods • Passwords are one-way encryptions • *nix uses DES (wait!!! DES is NOT a hash!!!) • /etc/shadow • Windows uses MD5 • %systemroot%system32%config • Example (pw=“password”): • Linux: $1$3I90ScF1$rSx/Pn/jQq12DMvMoUwbB0 • Windows: 5f4dcc3b5aa765d61d8327deb882cf99

  5. Identify Encryption Methods • Passwords are used within applications as well • Salt (pw = “password”) • Linux: (both are the same) • $1$3I90ScF1$rSx/Pn/jQq12DMvMoUwbB0 • $1$7TKzgLz8$2NXCd7bIwF6lAV/wvejm.

  6. Identify Encryption Methods • Different Encryptions: • WEP: 70617373776f7264 • MD5: 5f4dcc3b5aa765d61d8327deb882cf99 • SHA1: 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 • SHA256: • b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 • ROT13: cnffjbeq • So many other implementations

  7. Password Tools • How to crack passwords • Brute Force • Lookup

  8. Password Tools • How to crack passwords • Brute Force • Online: Hydra • Offline: JTR • Lookup • Rainbow Tables • Google • Default passwords • Hash Values

  9. Password Tools • Dictionaries • Ability to crack passwords is only as good as your dictionary • Try to concentrate on commonly used words • Sports teams (especially winning ones) • Industry terminology • Be ready to give up • Complex passwords are difficult • Remember, this isn’t the movies • Best luck is with default passwords

  10. Conclusion • Understand abilities and limitations of password cracking • Identify different password encryption methods • Identify and use password cracking tools

More Related