Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.

Published bySherman Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski."— Presentation transcript:

1 Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski

2 Overview Who uses password crackers? List of programs needed Gain access to password list Password Salting Installing John the Ripper How to use PwDump2 and John the Ripper How to make a strong password

3 Who uses password crackers? System Administrators –Test the strength of the user’s password Hackers –Gain access to the user’s account

4 List of programs needed Pwdump2 –Retrieves user accounts and passwords in Windows and puts the information into a hash table (not needed in Unix) John the Ripper –Uses hash table from pwdump2 and cracks password

5 John the Ripper cont. Runs against various encrypted password formats including: Unix (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash It operates by the so-called dictionary attack. It takes text string samples (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string. It also can operate by the incremental attack. Where JTR tries every possible character combination as passwords. –Several thousand possibilities can be tried per second –Most sufficient way of cracking passwords in the past several decades

6 Gain Password List Windows –Use Pwdump2 to get SAM file when logged into account –Use a Live Bootable OS CD (Knoppix) to by-pass user login and change directory to the Windows SAM File and dump to disk Unix –Unshadow password in /etc/passwd./unshadow /etc/passwd /etc/master.passwd > pass.txt –ypcat passwd when NIS is used –Use Live Bootable OS CD (Knoppix)

7 Password Salting Salts help strengthen the password list The salt is suffixed with random values to the password before encrypting it; the salt is stored along with the encrypted password in the hash Salts are different for each user, the attacker can no longer use a single encrypted version of each candidate password. –Makes for longer time of cracking passwords –More difficult for dictionary attack

8 Installing Pwdump2 and JTR Simply extract both programs to separate directories, no install needed for Windows For Unix: –CD to./src of the JTR dir after extraction. –make –make clean generic

9 How to use Pwdump2 and JTR

10 How to make a strong password Do not use single dictionary words Use a combination of words with a punctuation mark in between each word, along with a mix of upper and lower case letters for each word

Download ppt "Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
The Cain Tool Presented by: Sagar Chivate CS 685F.

The Cain Tool Presented by: Sagar Chivate CS 685F.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9

Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9
MIS 5212.001 Week 13 Site:

MIS Week 13 Site:
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.

Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.
Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Information Security and Cybercrimes

Information Security and Cybercrimes
A Comparison of the Security of Windows NT and UNIX Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third.

A Comparison of the Security of Windows NT and UNIX Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)

Similar presentations

Ads by Google