Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password cracking.

Published byBryan Junior Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "Password cracking."— Presentation transcript:

1 Password cracking

2 Password cracking From the cryptanalysis and computer security point of view, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system The purpose of password cracking might be Help a user to recover a forgotten password Gain unauthorized access to a system Preventive measurement of password strength

3 Password strength Is a measure of the effectiveness of a password in resisting guessing and brute-force attacks There are two factors to consider in determining password strength The average number of guesses the attacker must test to find the correct password Length of the password Size of the character and/or symbol set The ease with which an attacker can check the validity of each guessed password How is the password stored and used

4 Password strength A way to reduce this risk is to store only a cryptographic hash of each password instead of the plain-text password

5 Hash functions A cryptographic hash function is a hash function which is considered practically impossible to invert Invert means to recreate the input data from its hash value alone The input data is often called the message, and the hash value is often called the message digest or simply the digest

6 Hash function Digest Hash function Message password passwOrd MD5
5f4dcc3b5aa765d61d8327deb882cf99 505162a3e704d0d0fa2197e0c1dada38

7 Hash function The ideal cryptographic hash function properties are:
It is easy to compute the hash value for a given message It is infeasible to generate a message that has a given hash It is infeasible to modify a message without changing the hash It is infeasible to find two different messages with the same hash A minor change in the input message causes significantly different hash

8 Hash function Algorithm Output size [bits] Max message size Operations
MD5 128 264 − 1 add mod 232, and, or, xor, rot SHA-1 160 SHA-256 256 add mod 232, and, or, xor, shr, rot SHA3-512 512 and, xor, not, rot

9 Password cracking – Brute force
Ordinary desktop computers can test over a hundred million passwords per second using password cracking tools that run on a CPU And billions of passwords per second using GPU-based password cracking tools A user-selected eight-characters long password with numbers, mixed case, and symbols, reaches an estimated 30-bit strength 230 is only one billion permutations and would take an average of 35 minutes to crack

10 Password cracking – Brute force
Numerals Length Combinations Home PC Work station Botnet 2 100 Instant 3 1000 4 10,000 5 100,000 6 1 Million 7 10 Million 8 100 Million 10 Seconds 9 1000 Million 1½ Mins

11 Password cracking – Brute force
Upper Case Alpha ABCDEFGHIJKLMNOPQRSTUVWXYZ Lower Case Alpha abcdefghijklmnopqrstuvwxyz Length Combinations Home PC Work station Botnet 2 676 Instant 3 17,576 4 456,976 5 11.8 Million 6 308.9 Million 30 Secs 3 Secs 7 8 Billion 13 Mins 1¼ Mins 8 Secs 8 200 Billion 348 Mins 35 Mins 3½ Mins 9 5.4 Trillion 6¼ Days 15 Hours 1½ Hours 10 141 Trillion 163 Days 16 Days 39¼ Hours 12 95 Quadrillion 302 Years 30 Years 3 Years 15 1.6 Sextillion 5 Million years 531,855 Years 53,185 Years 20 19.9 Octillion 63.1 Trillion years 6.3 Trillion years 631 Billion years

12 Password cracking – Brute force
Mixed Alpha, Numerals & Symbols AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz Length Combinations Home PC Work station Botnet 2 9,216 Instant 3 884,736 4 85 Million 8½ Secs 5 8 Billion 13½ Mins 1¼ Mins 8 Secs 6 782 Billion 22 Hours 2 Hours 13 Mins 7 75 Trillion 87 Days 8½ Days 20 Hours 8 7.2 Quadrillion 23 Years 2¼ Years 83½ Days

13 Password cracking – Brute force

14 Password cracking – Dictionary attack
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (pre-arranged list of words) In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed Dictionary attacks succeed because many people chooses short passwords (7 characters or fewer), such as single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit

15 Password cracking – Dictionary attack
To speed up the attack it is useful to pre-compute a list of hashes as a key from the dictionary The pre-computed dictionary (Rainbow table) need only be generated once (password hashes can be looked up almost instantly at any time to find the corresponding password)

16 Password cracking – Dictionary attack
Rainbow tables Character Set Length Table Size ABCDEFGHIJKLMNOPQRSTUVWXYZ 14 0.6 GB ABCDEFGHIJKLMNOPQRSTUVWXYZ 3 GB 24 GB 64 GB

17 Demo - Tools Hosted web application (DVWA) Kali linux – Hashcat
Password dictionary

18 Demo If you remember the SQL Injection tutorial, we have obtained a list of usernames and passwords form the DVWA application username: admin, password: 5f4dcc3b5aa765d61d8327deb882cf99 username: gordonb, password: e99a18c428cb38d5f e03 username: 1337, password: 8d3533d75ae2c3966d7e0d4fcc69216b username: pablo, password: 0d107d09f5bbe40cade3de5c71e9e9b7 username: smithy, password: 5f4dcc3b5aa765d61d8327deb882cf99

19 Demo – brute force Start Kali linux Open terminal and get hashcat help
hashcat –help Hashcat usage hashc at [options] hashfile [mask|wordfiles|directories] See available options --hash-type=NUM 0 = MD5 100 = SHA1 200 = MySQL

20 Demo – brute force --attack-mode=NUM --threads=NUM
0 = Straight 1 = Combination 2 = Toggle-Case 3 = Brute-force 4 = Permutation 5 = Table-Lookup --threads=NUM --pw-min=NUM , --pw-max=NUM

21 Demo – brute force --custom-charset1=CS (usable in mask ?1?2?3)
?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = ?s = ?a = ?l?u?d?s e.g. --custom-charset1=?l?d --outfile=FILE

22 Demo – brute force Before we begin the attack itself, start CPU meter conky conky Create input text file with password hashes gedit /root/Desktop/hashes.txt

23 Demo – brute force Hashcat example 1
hashcat --hash-type=0 --attack-mode=3 --threads=32 /root/Desktop/hashes.txt ?l?l?l --outfile=/root/Desktop/hashes_cracked.txt --hash-type=0 means that source hashes are of MD5 type --attack-mode=3 means brute force attack threads=32 means that brute force will use 32 threads /root/Desktop/hashes.txt is source files with hashes ?l?l?l means password mask (we are looking for 3 characters long password consisting of lowercase letters) --outfile=/root/Desktop/hashes_cracked.txt is output file

24 Demo – brute force Hashcat example 2
hashcat –m 0 –a 3 –n 32 /root/Desktop/hashes.txt --custom-charset1=?l?d ?l?l?l?d?d?1 –o /root/Desktop/hashes_cracked.txt --custom-charset1=?l?d defines custom charset (?1) consisting of lower case characters (?l) and numbers (?d) l?l?l?d?d?1 this mask means that we are looking for passwords consisting of 3 lower case letters (3x?l) followed by 2 numbers (2x?d) and the last character (1x?1) is from set defined by --custom-charset1

25 Demo – brute force Hashcat example 2

26 Demo – brute force Hashcat example 3
hashcat –m 0 –a 3 –n 32 /root/Desktop/hashes.txt -–pw-min=7 ?l?l?l?l?l?l?l –o /root/Desktop/hashes_cracked.txt -–pw-min=7 means that we will start with 7 characters long passwords (we will skip 1-6 characters long passwords) ?l?l?l?l?l?l?l – this mask means that we are looking for passwords consisting of 7 lower case letters

27 Demo – brute force Hashcat example 3

28 Demo – dictionary attack
We will use the rockyou.txt dictionary cp /root/rockyou.txt /root/Desktop/dic.txt vim /root/Desktop/dic.txt To close vim type :q<ENTER>

29 Demo – dictionary attack
Hashcat example 4 hashcat –m 0 –a 0 /root/Desktop/hashes.txt /root/Desktop/dic.txt –o /root/Desktop/hashes_cracked.txt –a 0 means that we will do straight (dictionary) attack /root/Desktop/dic.txt is text file containing word list using by dictionary attack

30 Demo – dictionary attack
Hashcat example 4

31 References DVWA - http://www.dvwa.co.uk/ http://www.sha1-online.com/
HACKING EXPOSED (ISBN: ) Penetration testing (ISBN-10: ) Principles of Computer Security (ISBN: )

32 Warning Hacking is illegal because it is getting into a system another person owns. If you wanted to do legal hacking then you would have to own the system.

Download ppt "Password cracking."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
Use of a One-Way Hash without a Salt

Use of a One-Way Hash without a Salt
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.

1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.
Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.

Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.

History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.

Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.

Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.

Similar presentations

Ads by Google