Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4 Password Cracking

Published byMatthew Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 4 Password Cracking"— Presentation transcript:

1 Module 4 Password Cracking
Presented by Heorot.net Module 4 Password Cracking

2 Objectives Understand abilities and limitations of password cracking
Identify different password encryption methods Identify and use password cracking tools

3 Abilities and Limitations
Your ability to crack the password is only as good as your password list Complex passwords require more time to crack Remote cracking is slow and very noisy

4 Identify Encryption Methods
Passwords are one-way encryptions *nix uses DES (wait!!! DES is NOT a hash!!!) /etc/shadow Windows uses MD5 %systemroot%system32%config Example (pw=“password”): Linux: $1$3I90ScF1$rSx/Pn/jQq12DMvMoUwbB0 Windows: 5f4dcc3b5aa765d61d8327deb882cf99

5 Identify Encryption Methods
Passwords are used within applications as well Salt (pw = “password”) Linux: (both are the same) $1$3I90ScF1$rSx/Pn/jQq12DMvMoUwbB0 $1$7TKzgLz8$2NXCd7bIwF6lAV/wvejm.

6 Identify Encryption Methods
Different Encryptions: WEP: f7264 MD5: 5f4dcc3b5aa765d61d8327deb882cf99 SHA1: 5baa61e4c9b93f3f b6cf8331b7ee68fd8 SHA256: b109f3bbbc244eb ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 ROT13: cnffjbeq So many other implementations

7 Password Tools How to crack passwords Brute Force Lookup

8 Password Tools How to crack passwords Brute Force Lookup Online: Hydra
Offline: JTR Lookup Rainbow Tables Google Default passwords Hash Values

9 Password Tools Dictionaries Be ready to give up
Ability to crack passwords is only as good as your dictionary Try to concentrate on commonly used words Sports teams (especially winning ones) Industry terminology Be ready to give up Complex passwords are difficult Remember, this isn’t the movies Best luck is with default passwords

10 Conclusion Understand abilities and limitations of password cracking
Identify different password encryption methods Identify and use password cracking tools

Download ppt "Module 4 Password Cracking"

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
Peak Support Services Ltd Connecting & protecting your business...

Peak Support Services Ltd Connecting & protecting your business...
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.

1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352.

Secure Password Storage JOSHUA SMALL LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Testing of Password Policy Anton Dedov ZeroNights 2013.

Testing of Password Policy Anton Dedov ZeroNights 2013.
Password cracking.

Password cracking.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Intruders.

1 Ola Flygt Växjö University, Sweden Intruders.
Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9

Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9
Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

Similar presentations

Ads by Google