Password cracking. IN Ethical Hacking. Bruvoll & Sørby. Department of Informatics 1 / 46

Similar documents
CNIT 124: Advanced Ethical Hacking. Ch 9: Password Attacks

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

O/S & Access Control. Aggelos Kiayias - Justin Neumann

Network Security Fundamentals

Fundamentals of Linux Platform Security

Hands-On Network Security: Practical Tools & Methods. Hands-On Network Security. Roadmap. Security Training Course

Hands-On Network Security: Practical Tools & Methods

Goals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Lecture 14 Passwords and Authentication

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

n Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems

User Authentication. Modified By: Dr. Ramzi Saifan

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

CIT 380: Securing Computer Systems

Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

Analysis of Password Cracking Methods & Applications

Password retrieval. Mag. iur. Dr. techn. Michael Sonntag

CNT4406/5412 Network Security

Identity, Authentication, and Access Control

CS530 Authentication

Chapter 3: Hashing. Prof Bill Buchanan OBE

BTEC Level 3. Unit 32 Network System Security Password Authentication and Protection. Level 3 Unit 32 Network System Security

Information Security CS 526

Exercises with solutions, Set 2

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Frontline Information Protection

Introduction to Cyber Security Week 2: Cryptography. Ming Chow

User Authentication. Modified By: Dr. Ramzi Saifan

Sumy State University Department of Computer Science

CSE 565 Computer Security Fall 2018

PASSWORDS & ENCRYPTION

Information Security CS 526

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Computer Security: Principles and Practice

Passwords. CS 166: Introduction to Computer Systems Security. 3/1/18 Passwords J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.

Computer Security 3/20/18

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

ETHICAL HACKING LAB SERIES. Lab 7: Breaking Windows Passwords

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B

COMPUTER PASSWORDS POLICY

L3: Password Cracking

Lecture 4: Hashes and Message Digests,

Session objectives. Identification and Authentication. A familiar scenario. Identification and Authentication

Authentication CHAPTER 17

Computer Security 4/12/19

Pgcrypto Avast! A study in Django's password hashers. Drew tomatohater.com

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

Authentication and passwords

Keys and Passwords. Steven M. Bellovin October 17,

5/13/2015 2:54 PM. All your passwords are belong to us. Authorities dig through prescription med databases thanks to pre-digital age precedent.

Chapter 3: User Authentication

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Information Security in Systems and Networks

User Authentication Protocols Week 7

Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 7 Application Password Crackers

CSCI 667: Concepts of Computer Security

L5: Basic Grammar Based Probabilistic Password Cracking

TABLE OF CONTENTS. Lakehead University Password Maintenance Standard Operating Procedure

Authentication. Administrative VM login credentials. September 8, CentOS-6.4 root

Worksheet - Reading Guide for Keys and Passwords

Hashcat versions are available for Linux, OS X, and Windows and can come in CPU based or GPU based variants. You can download hashcat here.

Authentication System

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

CYB 610 Project 1 Workspace Exercise

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

Processes are subjects.

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

Information Security & Privacy

Authentication. Tadayoshi Kohno

CPSC 467b: Cryptography and Computer Security

Password Management. Eugene Davis UAH Information Security Club January 10, 2013

Topics. Authentication System. Passwords

CS 161 Computer Security

Authentication. Steven M. Bellovin January 31,

Password authentication How passwords are compromised How to protect and choose passwords Other types of authentication Biometrics

User Authentication and Passwords

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13

Lecture 3 - Passwords and Authentication

Overview. Terminology. Password Storage

EasyChair Preprint. Cryptanalysis of Secure Hash Password Technique (CSHPT) in Linux

Lecture 9 User Authentication

Faculty of Engineering of the University of Porto. Informatics System Security. Password Cracking Techniques

MODULE NO.28: Password Cracking

Authentication. Murat Kantarcioglu

CS 161 Computer Security

CONTENTS. Professional part. Paradigm shift Virtual world real security Old rules, howto-s: good for re-thinking Passwords

Controlling Website Account Information. A recent survey done by Privacy Rights Clearinghouse shows that in the past five years

Operating systems and security - Overview

Operating systems and security - Overview

User Authentication. Daniel Halperin Tadayoshi Kohno

Processes and authentication

Security: Cryptography

Transcription:

Password cracking IN5290 - Ethical Hacking Bruvoll & Sørby Department of Informatics 2018 1 / 46

Agenda About passwords Cracking passwords 2 / 46

About passwords 3 / 46

Passwords as authentication Providing a user name and a password is still the most common form of logging on to computer systems. This can be seen as a two step process: 1. Identification who you are (user name) 2. Authentication proving that you are who you claim to be (password) 4 / 46

Other ways of authenticating Passwords belong to one of three categories of user authentication: knowledge-based authentication something you know passwords, passphrases ownership-based authentication something you have tokens (bank id OTP calculators, yubikeys) inherence-based authentication something you are/do biometrics (fingerprints, iris scan,... ) Multi-factor authentication (MFA) requires the use of multiple authentication mechanisms, typically from two or more of the above categories. Two-factor authentication (2FA) is the most common type of MFA, combining two different mechanisms. 5 / 46

Cracking passwords There are two major approaches for guessing passwords: Exhaustive search Trying all possible combinations Often called brute force Intelligent search The idea is to reduce the search space Guess based on personal information (names of friends, birthdays... ) Try generally popular passwords Guess based on words in a dictonary (a dictionary attack) 6 / 46

Password strength The strength of a truly random password is a function of the size of the set of symbols allowed in the password, and the length of the password. Example How many passwords are possible when the set of symbols are all alphanumerical characters (upper and lower case), and the password length is 6? 7 / 46

Password strength The strength of a truly random password is a function of the size of the set of symbols allowed in the password, and the length of the password. Example How many passwords are possible when the set of symbols are all alphanumerical characters (upper and lower case), and the password length is 6? The size of the set is 62 (A-Za-z0-9), and the possible combinations are: 62 6 = 56800235584 7 / 46

Storing passwords Storing passwords in cleartext is obviously a bad idea. Storing passwords encrypted might seem like a good idea, but: anyone with access to the keys and the encrypted passwords can impersonate any user the keys must be protected from attackers Storing the hash value of the password is the preferred method for storing passwords: the hash function is one-way, we cannot deduce the password from the hash similar passwords have totally different hashes the authentication function first computes hash of received password, then compares against stored hash value but there still are issues... 8 / 46

Lookup and Rainbow table attacks What if the attacker precomputes and stores the hash of probable passwords in a lookup table? Used to be infeasible due to the storage requirements. A rainbow table is a precomputed table of passwords and their hashes, using clever methods for reducing the storage space required. Using rainbow tables, the attacker can just lookup the stored password hash in the table and get back the password. 9 / 46

Salting the password To defend against attacks using precomputed hash tables, we can salt the password. Prepend or append random data (salt) to the password before hashing it Store the salt together with the password hash Now two instances of the same password will get different hashes, and the attacker will have to crack each and every password. Example Password Salt Hashing function call What is stored secret None sha1( secret ) e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 secret asdf sha1( asdfsecret ) ( asdf, aaba62303a3ec7983406aff8602ffbda9d346424 ) secret qwer sha1( qwersecret ) ( qwer, 038fbd19069cacc6865a66c25c0f39a663f70b8d ) 10 / 46

Bruteforcing password hashes Cryptographic hashes are designed to be fast to compute, and modern day GPUs can compute billions of hashes per second. Thus, slowing the attacker down becomes necessary. This can be done by key stretching making a weak key more secure against brute force attacks by increasing the time it takes to test each candidate key. Some popular algorithms that uses key stretching are PBKDF2 and bcrypt. Simplistically, they do several rounds of hashing, using the output of one round as the input for the next. The number of rounds are given as a parameter, and recommended number of rounds are several thousand. 11 / 46

Password policies Choosing good random passwords is hard, and analyses of password dumps have shown that people often do choose poor passwords. Password policies try to mitigate this by setting rules for: password length and complexity requiring at length of 8 or more requiring both upper-case and lower-case letters, one or more numeric digits requiring special characters, such as #,!, %, ;,... password duration changing every 180 days password history remembering and denying the use of old passwords password blacklisting passwords containing patterns as qwerty, password etc... passwords containing the user s personal information 12 / 46

Password policies Helping the user choose strong passwords is a good thing, but: remembering dozens of strong, random passwords doesn t scale users will be tempted to reuse their password on other systems users will be tempted to write down the password on a piece of paper the use of password managers can be problematic does the password leave the organization? what if the password manager gets compromised? users might create simple rules that technically follow the password policy, but make future passwords highly predictable given knowledge of the current one 13 / 46

Passphrases Passphrases can be a good alternative to traditional passwords, provided the words really are chosen randomly. 14 / 46

Cracking passwords 15 / 46

Password cracking tools Kali comes with several tools for password cracking: John the Ripper multiple modes, customizable, easy to get running hashcat multiple modes, can use GPUs for cracking Johnny a GUI for John the Ripper RainbowCrack for creating and using rainbow tables 16 / 46

Cracking with John the Ripper We will be cracking passwords from a Linux system. On modern systems, the relevant information is stored in two files: /etc/passwd stores user account information, but not the password hashes. Is world-readable as many programs require data from user accounts. /etc/shadow stores the password hashes, and password meta-information. Can only be accessed by root. 17 / 46

/etc/passwd $ cat / etc / passwd Ole :x :502:502::/ home / Ole :/ bin / bash Dole :x :504:504::/ home / Dole :/ bin / bash Contents of the file: User name: up to eight characters long Password: x means a shadow file is used for storing the password hash User ID (UID): user identifier for access control Group ID (GID): user s primary group ID string: user s full name Home directory: location of the user s home directory Login shell: program started after successful log in 18 / 46

/etc/shadow $ cat / etc / shadow Ole : $1$zPawRL. R$l8n1emmkWk2QJB5FEPzxI1 :14152:0:99999:7::: Dole : $1$. L9uWK48$nwAScuNaqpNuicVdwGHx10 :14152:0:99999:7::: Contents of the file: username encrypted password, really a hash days since password was changed days left before user may change password days left before user is forced to change password days to change password warning days left before password is disabled days since the account has been disabled reserved 19 / 46

/etc/shadow Ole :$1$zPawRL.R$l8n1emmkWk2QJB5FEPzxI1: 14152: 0: 99999: 7::: The password is stored on the form $id$salt$hash, where id is the hashing algorithm used (1: MD5, 5: SHA-256, 6: SHA512) 20 / 46

unshadow John provides the unshadow command for combining passwd and shadow files so John can use them. $ unshadow passwd shadow > workfile $ cat workfile Ole : $1$zPawRL. R$l8n1emmkWk2QJB5FEPzxI1 :502:502::/ home / Ole :/ bin / bash Dole : $1$. L9uWK48$nwAScuNaqpNuicVdwGHx10 :504:504::/ home / Dole :/ bin / bash 21 / 46

Single mode In single mode, John will try to crack the password using the login information as passwords. $ john -- single workfile Using default input encoding : UTF -8 Loaded 8 password hashes with 8 different salts ( md5crypt, crypt (3) $1$ [ MD5 128/128 AVX 4x3 ]) Press q or Ctrl -C to abort, almost any other key for status Borgund ( linebo ) langbein12 ( Langbein ) 2g 0:00:00:00 DONE (2018-11 -17 10:25) 11.11 g/s 30983 p/s 31055 c/s 31055 C/s dole1905.. dole1900 Use the " -- show " option to display all of the cracked passwords reliably Session completed 22 / 46

Wordlist mode In wordlist mode, John will use a file with a list of words to crack the passwords. If the option --rules is specified, John will modify or mangle word according to specified rules. $ john -- wordlist -- rules workfile Using default input encoding : UTF -8 Loaded 8 password hashes with 8 different salts ( md5crypt, crypt (3) $1$ [ MD5 128/128 AVX 4x3 ]) Remaining 6 password hashes with 6 different salts Press q or Ctrl -C to abort, almost any other key for status coffee ( Ole ) eeffoc ( Doffen ) coffee6 ( Dole ) 3g 0:00:00:14 DONE (2018-11 -17 10:32) 0.2042 g/s 10662 p/s 36788 c/s 36788 C/s Qwerting.. Sssing Use the " -- show " option to display all of the cracked passwords reliably 23 / 46

Incremental mode Incremental mode is the most powerful cracking mode, as John will try all possible character combinations as passwords. This mode does not terminate on itself (unless you configure a small search space), but will continue cracking until interrupted. We can define mode definitions for Incremental mode in John s configuration file 1 what symbols to use minimum and maximum lengths 1 On Kali: /etc/john/john.conf 24 / 46

Managing the search space Successful password cracking is mostly about managing and reducing the search space. Knowledge of your targets username, full name language and culture password requirements/policy Relevant dictionaries customized with target specific information Good rules customized with target specific information 25 / 46

Additional resources John comes with extensive documentation: on Kali it is located under /usr/share/doc/john/ (use zless to read) online documentation: https://www.openwall.com/john/doc/ The John wiki: https://openwall.info/wiki/john A nice John cheat sheet: https://countuponsecurity.files.wordpress.com/2016/09/ jtr-cheat-sheet.pdf 26 / 46

Passwords in Windows 27 / 46

How are passwords stored in Windows? Passwords are stored in the SAM: The registry: \HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users SAM in file on disk: C:\Windows\System32\config 28 / 46

Passwords in the registry Command line to open regedit as SYSTEM: Psexec.exe s i regedit.exe Psexec is part of the SysInternals suite. 29 / 46

Passwords in the registry 30 / 46

Extract password hashes from the file on disk The SAM in file on disk, C:\Windows\System32\config, is not readable while Windows is running To extract the file, boot the machine from Linux on USB (or CD), if possible Linux USB and physical access 31 / 46

Extract the password hashes from the registry Use a tool to extract the hashes. Possible if you are admin user. Extract them manually by learning the format of the registry values. Read more: http://www.beginningtoseethelight.org/ntsecurity/index.htm 32 / 46

Possible tool: fgdump 33 / 46

Possible tool: fgdump 34 / 46

Extracted password hashes User name:number:lm hash:ntlm hash 35 / 46

LM hash LM hashes are insecure and out of date. Capitalize Pad with zeros to length of 14 Divide into two parts of length 7 Each part used as DES key to encrypt KGS!@#$% Concatenate https://en.wikipedia.org/wiki/lan_manager#lm_hash_details 36 / 46

NTLM hash MD4 of the little endian UTF-16 Unicode password More secure than LM hash Not of much use as long as LM hashes were stored as well Now normally only NTLM hashes are stored 37 / 46

Why crack passwords if you are already admin? Passwords may be reused. Access to other files. Step by step towards more access. 38 / 46

Which users are present on the machine? wmic useraccount 39 / 46

Recommended reading A good article on salted password hashing: https://crackstation.net/hashing-security.htm A series of articles from Ars Technica: https://arstechnica.com/information-technology/2012/08/ passwords-under-assault/ https://arstechnica.com/information-technology/2013/03/ how-i-became-a-password-cracker/ https://arstechnica.com/information-technology/2013/05/ how-crackers-make-minced-meat-out-of-your-passwords/ 40 / 46

Exercise Task Part 1: Password length Assume that a password can only contain the 26 characters from the alphabet. How many different passwords are possible if a password is at most n, n = 4,6,8, characters long and there is no distinction between upper case and lower case characters? How many different passwords are possible if a password is at most n, n = 4,6,8, characters long and passwords are case sensitive? 41 / 46

Exercise Task Part 2: Brute force Assume that passwords have length six and all alphanumerical characters, upper and lower case, can be used in their construction. How long will a brute force attack take on average if: it takes one tenth of a second to check a password? it takes a microsecond to check a password? 42 / 46

Exercise Task Part 3: Hashes and salts 1. What is the advantage of storing password databases as hash values instead of in plaintext? 2. What is the advantage of storing passwords as salted hash values instead of just as hash values? 43 / 46

Exercise Task Part 4: More hashes and salts Create a text file (c:\pw.txt) on your Windows 7 VM, and write a random string (without any linebreaks). Open a command prompt and use the command certutil to hash the file: certutil -hashfile c:\pw.txt SHA1. Make note of the hash value. Add a single character to the text file. Hash the file again, and note the hash value. Is it similar to the previous hash? Substitute the string with the word secret, and rehash the file. Do you get the same result as in the lecture slides? Try rehashing after appending the salt used in the slides. 44 / 46

Exercise Task Part 5: Crack passwords Crack the passwords 45 / 46

Questions? 46 / 46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback