exploit: password cracking

19
Exploit: Password Cracking

Upload: signa

Post on 29-Jan-2016

111 views

Category:

Documents


1 download

DESCRIPTION

Exploit: Password Cracking. An Overview on Password Cracking. Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password. Introduction. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Exploit: Password     Cracking

Exploit: Password Cracking

Page 2: Exploit: Password     Cracking

An Overview on Password Cracking

Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password

Page 3: Exploit: Password     Cracking

Introduction

System vulnerabilities with passwords Strong passwords Vs Weak

Examples of vulnerabilities Applications

FTP, HTTP, Telnet Password Cracking Tools

Tools in Common Brutus Password Cracker

Page 4: Exploit: Password     Cracking

Experiment on Password Cracking Platform : Windows. Setting up of machines with

services Target Machine (Server) Client

Page 5: Exploit: Password     Cracking

Setting up of Machines

DHCP/Switch

Client FTP-Serv-U Brutus Ethereal. 192.168.1.3 (Word List) 192.168.1.2 (Word List) 192.168.0.172 (BruteForce) 192.168.0.125(BruteForce)

Page 6: Exploit: Password     Cracking

About Brutus Password Cracker: Supported Applications

Telnet, FTP, HTTP Methods used to engage with

Remote machine Word List Combo BruteForce

Page 7: Exploit: Password     Cracking

A Quick Look On Brutus Password Cracker

Page 8: Exploit: Password     Cracking

Engaging Remote Machine Using “Word List”The Method:

- Creates many number of combinations of Possible System passwords from two separate files“users” and “word”.

- Engages remote machine

enter word after word, at high speed, until a match is found.

Page 9: Exploit: Password     Cracking

Engaging Remote Machine using “Word List”

Sample Entries for File “users”statlerwaldorfadminadministrator

Sample Entries for File “word”aaaabc123academiaacademic

Page 10: Exploit: Password     Cracking

Engaging Remote FTP Server Using “Word List”

Page 11: Exploit: Password     Cracking

“Word List”: A Failed attempt

Page 12: Exploit: Password     Cracking

Sample Trace for the Method - “Word List”

Page 13: Exploit: Password     Cracking

Engaging Remote Server using “Combo” The Method:

- Similar to “Word List”- Uses “combo” file to generate

combinations passwords for each users of the remote system.

- Uncertain; Needs more guessing

Sample “combo” file Entries admin:admin1 admin:admin12 admin:admin123

Page 14: Exploit: Password     Cracking

Engaging Remote Server using “BruteForce”The Method:

- Guaranteed to some extent- Relies purely on power and repetition - Need very high processing speed- Produces many number of passwords for a particular user using permutations and combinations- May take months years to crack the password

Page 15: Exploit: Password     Cracking

Examples of Generated passwords: aaa, aab, aac... aaA, aaB, aaC...

aa0, aa1, aa2, aa3... aba, aca, ada..

Each of the combinations of characters and symbols is fed through the appropriate cryptographic algorithm and compared to the stored password until a match is found.

Page 16: Exploit: Password     Cracking

Engaging Remote Machine Using “BruteForce”

A sample display on initial settings just before engaging.

Page 17: Exploit: Password     Cracking

Engaging Remote Machine Using “BruteForce”

A sample display on initial settings just before engaging.

Page 18: Exploit: Password     Cracking

Engaging Remote Machine Using “BruteForce”Sample display on cracked password

Page 19: Exploit: Password     Cracking

Questions? Comments?