Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Exploiting I: Password Cracking

Published byHarold Weaver Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Testing Exploiting I: Password Cracking"— Presentation transcript:

1 Penetration Testing Exploiting I: Password Cracking
CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou

2 Acknowledgement Content from the book:
“The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”, Second Edition

3 Prepare Windows VM On Win7 VM (and all Win VM from Microsoft):
Username: IEUser Password: Passw0rd! You can change the account password in “control panel” “user account” section Create another target account for exploitation Such as account: cis6395 Give it a simple password for password cracking exploitation Such as: abc123, 1234, 1024, abc123, secret, hello, …..

4 Prepare Windows VM By default, the Windows VM has enabled “remote desktop assistance” Then, if we know an account name/password on the Windows, we can remote log in it. Add the “cis6395” account to the remote desktop” user list Right click “my computer” Click “properties”  “remote” tab  “select remote users…” “add…”

5 Prepare Windows VM On your Kali Linux VM:
Suppose your Win VM IP is: On Kali: #rdesktop You will be able to see the GUI of Windows! For Win7 VM, you need to logout any user account on the Win7 in order for the rdesktop to login without further asking permission!

6 Hydra: Remote Online Password Cracking
Offline password cracking Online password cracking Hydra is included in Kali Linux Give it a discovered user name, give it a password dictionary, hydra could be very effective to find out an account password Goal: Gain access to remote services opened on some machines SSH: by Unix or Mac OS; VNC (virtual network computing): Linux Remote desktop: by Windows OS Password dictionary included in Kali Linux: A dictionary directory: /usr/share/wordlists/ John the Ripper: /usr/share/john/password.lst (a small list)

7 Hydra: Remote Online Password Cracking
Suppose the Win7 VM remote desktop is open, and has IP of , we attack the account “cis6395”: #hydra -t 1 -V -l cis6395 -P /usr/share/john/password.lst rdp -t 1: only use one connection (no parallel sessions since rdp does not like concurrent connection requests) -V: show each attempt -l: usename -P: password list file rdp: service name (remote desktop, tcp 3389) Note: We need to make the Win7 target logging out all user accounts in order for this rdesktop to work!

8 Ncrack: Remote Online Password Cracking
#ncrack -p v -user cis6395 -P /usr/share/john/password.lst It does not show the process of passwords attempted but failed, so be patient with the list

9 Hydra and Ncrack: Remote Online Password Cracking
A good Youtube tutorial on hydra and Ncrack: Another webpage shows how to use a few more password crackers: with-ncrack-hydra-and-medusa/

10 User Password Selection against Password Cracking
Password dictionary included in Kali Linux: A dictionary directory: /usr/share/wordlists/ A big notorious list: rockyou.txt John the Ripper: /usr/share/john/password.lst (a small list) If you are IT security staff: Ask each of your employee checking his/her own password against the above password list $ cat rockyou.txt |grep user_password If above command returns results, then the user’s password exists in the password list and should never be used!

Download ppt "Penetration Testing Exploiting I: Password Cracking"

Similar presentations

Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Remote Desktop Access Novell at Home. Remote desktop access Works on Broadband Computer at work must.

Remote Desktop Access Novell at Home. Remote desktop access Works on Broadband Computer at work must.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Panasonic Computer Products Europe CF-08 Live Set up.

Panasonic Computer Products Europe CF-08 Live Set up.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.

Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Proprietary & Confidential How to enable Windows Remote Desktop Connection.

Proprietary & Confidential How to enable Windows Remote Desktop Connection.
UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.

UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.

COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.
CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.
bWAPP – Bee Bug – Installation

bWAPP – Bee Bug – Installation
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.

VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
PC Maintenance: Preparing for A+ Certification Chapter 23: Using a Windows Network.

PC Maintenance: Preparing for A+ Certification Chapter 23: Using a Windows Network.

Similar presentations

Ads by Google