advances in open source password cracking
TRANSCRIPT
![Page 2: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/2.jpg)
Agenda
John the Ripper
Ettercap
Attacks on M$ AD / Kerberos infrastructure
Misc. Stuff
Current and future work
![Page 3: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/3.jpg)
John the Ripper
John the Ripper is a free open-source password cracking software tool (http://www.openwall.com/)
Traditionally supports cracking hashes (LM, FreeBSD, DES crypt etc.)
$ cat lm-hash
user:fda95fbeca288d44aad3b435b51404ee
$ john -format:lm lm-hash
Loaded 1 password hash (LM ...)
HELLO (user)
![Page 4: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/4.jpg)
Jumbo patch
community-enhanced version of JtR, available in almost all Linux distributions
Add tons of formats for cracking hashes as well as “non-hashes”
Hashes: e.g. MD5, LM
“non-hashes” : e.g. PDF or other types of files
Can use GPU to accelerate cracking (Speedups > 150X possible)
![Page 5: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/5.jpg)
Jumbo patch supports cracking
1Password, Clipperz, Apple DMG images, EncFS, EPiServer, GPG private keys, IKE PSK, Apple Keychain, GNOME Keyring, KDE KWallet, KeePass, LastPass, Mozilla Master Passwords, MongoDB, MS-CHAP, MySQL authentication protocol, M$ Office, OpenOffice, PDF, O5LOGON, Password Safe, ZIP, RAR, Apple 10.8 hashes, GRUB 2, PFX, SSH keys, PuTTY keys, PostgresSQL, M$ PST, RACF, etc
Above list *only* includes formats I have worked on
Lot of these formats are faster than commercial products.
Many formats are not even supported by commercial products
![Page 6: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/6.jpg)
Example: cracking password protected
SSH keys
Two-step process
Use one of the many *2john utilities
$ sshng2john.py key-catch22 > ssh-hash
$ john ssh-hash
Loaded 1 password hash (ssh-ng ...)
catch22 (key-catch22)
![Page 7: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/7.jpg)
Example: using GPU
Build GPU-enabled JtR (e.g. make linux-x86-64-opencl)
$ john -fo:keychain -t
Benchmarking: Mac OS X Keychain ...
Raw: 1331 c/s real, 1331 c/s virtual
$ john -fo:keychain-opencl -t # ATI 7970 GPU
OpenCL platform 1: AMD Accelerated Parallel Processing ...
Benchmarking: Mac OS X Keychain ...
Raw: 208537 c/s real, 92758 c/s virtual
Greater than 150X speedup
![Page 8: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/8.jpg)
JtR community
http://www.openwall.com/lists/john-users/
Join “john-users” mailing list for general discussion and help
Join “john-dev” if you are interested in JtR development
#openwall channel on Freenode IRC network
Writing a plug-in (called format) is easy enough (start contributing!)
https://github.com/magnumripper/JohnTheRipper
![Page 9: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/9.jpg)
Ettercap
Ettercap is free, open source network security tool
for doing MiTM attacks.
Allows interception and modifications of packets
on the fly.
Can be extended by writing plug-ins
![Page 10: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/10.jpg)
Example: Facebook password sniffing
Facebook loads login form over HTTP which
POSTs credentials to a HTTPS link.
Modified HTTP dissector (ec_http.c) to replace
“https” with “ http”.
Login form is now posted over HTTP
Ettercap filter functionality can be used to do the
same.
![Page 11: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/11.jpg)
Example: Facebook password sniffing
Only 12 lines of code added to ec_http.c
6 lines to avoid gzip encoding and 6 lines to avoid SSL
![Page 12: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/12.jpg)
Example: works for Flipkart and
Rediffmail too
Ettercap automatically prints credentials sent over
HTTP
Don’t expose / load resources over HTTP
![Page 13: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/13.jpg)
Ettercap: My contributions
MySQL v5 challenge-response
PostgreSQL challenge-response
VNC challenge-response
O5LOGON protocol (used by Oracle DB)
MongoDB challenge-response
Kerberos MiTM etype downgrade attack
MongoDB MiTM fixed salt attack
![Page 14: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/14.jpg)
Ettercap community
https://github.com/Ettercap/
#ettercap-project channel on Freenode IRC
network
Writing a plug-in (called dissector) is easy once the
protocol is understood (use Wireshark)
![Page 15: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/15.jpg)
Attacks on Kerberos and M$ AD
infrastructure
Popular network authentication protocol used to implement SSO
Uses shared secret/symmetric keys (which don’t travel over the network)
Uses timestamp pre-authentication in which timestamp is encrypted with a key (derived from the user password)
We capture encrypted timestamp and mount offline brute-force attack
![Page 16: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/16.jpg)
Kerberos: Key Derivation
The “string-to-key” function used to convert a user
password to a secret key in Kerberos is dependent
upon the encryption type (called etype) being used.
etype functions differ in cost
etype negotiation process can be attacked to
downgrade etype (and make offline attacks faster)
![Page 17: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/17.jpg)
Kerberos: etype downgrade attacks
Downgrade etype 18 (aes256-cts-hmac-sha1-96, very expensive) to etype 23 (rc4-hmac, very fast)
etype 18 brute-force attack, 380 tries per second on CPU, 125K on ATI 7970 GPU
etype 23 brute-force attack, 728K tries per second on CPU
Speedup > 1900X
![Page 18: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/18.jpg)
Kerberos: etype downgrade attacks
These attacks have been talked about previously
but tools were not published (maybe not even
made).
My Ettercap plug-in is the first public tool to make
these attacks practical.
Only 16 lines of code.
![Page 19: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/19.jpg)
Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
RC4 40-bit is still popular among banks and income tax department.
https://github.com/kholia/RC4-40-brute-pdf
https://github.com/kholia/qpdf
Should take less than 2 days on AMD FX-8120 (8-core Bulldozer)
![Page 20: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/20.jpg)
Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
Three-step process
$ npdf2john test.pdf
test.pdf:$npdf$1*2*40*4*1*16*c56b…
$ RC4-40-brute ‘test.pdf:$npdf$1*2*40*4…’
Key is : 9296c944ee
$ qpdf --key=9296c944e --decrypt test.pdf output.pdf
![Page 21: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/21.jpg)
Current and future work
Dropbox account “hijacker”
Metasploit post script for doing the same
Offline attacks on LastPass password manager
Fake VMware vCenter (and ESX) server for Metasploit project
Fake LDAP server for Metasploit project
![Page 22: Advances in Open Source Password Cracking](https://reader034.vdocuments.net/reader034/viewer/2022050613/58f34a971a28ab8a6b8b4567/html5/thumbnails/22.jpg)
Questions