password cracking and live cdsweb.cse.msstate.edu/.../basic/password_cracking.pdf · password...
TRANSCRIPT
Mississippi State University Digital Forensics 1
Password Cracking and Live CDs
Alex Applegate
Mississippi State University Digital Forensics 2
Overview
• Passwords • Attacks Against Passwords • Defenses Against Password Attacks • Locations of Password Files • LiveCDs • Examples of LiveCDs
Mississippi State University Digital Forensics 3
Password Security
NOTE: Not my actual password!
Mississippi State University Digital Forensics 4
Passwords
• All major operating systems (that use password authentication) accepts a password from a user and applies some hash algorithm to store in a file
• When the password is given again, the hash is applied to the supplied password and compared against what is in the file (remember, a hash is a one-way operation)
Mississippi State University Digital Forensics 5
Attacks Against Passwords
• Brute Force – Try every character combination
• Social Engineering/Targeted – Birthday, Kids’ names, favorite food, etc.
• Rainbow Tables – Pre-generated hash tables
• Keystroke Capture – Intercept credentials as they are entered
Mississippi State University Digital Forensics 6
Defenses Against Password Attacks
• Longer Passwords – Particularly important in Windows systems – LanMan passwords are clipped at 14 characters and
broken into two 7-character parts – In newer versions, passwords over 14 characters do not
store a LanMan password, only NTLM – LanMan capability should be turned off in eligible
systems
• Increased Number of Valid Characters • Salting
Mississippi State University Digital Forensics 7
Salting
Mississippi State University Digital Forensics 8
Security Keyfob
Mississippi State University Digital Forensics 9
Cracking Statistics
Mississippi State University Digital Forensics 10
Cracking Statistics
Mississippi State University Digital Forensics 11
Locations of Password Files
• Windows XP and Later – %windows%\system32\config\SAM
• Unix and derivatives – /etc/passwd – /etc/shadow
Mississippi State University Digital Forensics 12
Live CDs
• A LiveCD is a media-based bootable environment – Usually on CD, but may also be on DVD or
thumb drives • Pre-configured with tools to perform a
specific task or set of tasks
Mississippi State University Digital Forensics 13
Examples
• Forensics and Incident Response – SIFT: SANS Integrated Forensics Tools – Helix – DEFT – Knoppix STD
• Penetration Testing – Backtrack – BlackBuntu
Mississippi State University Digital Forensics 14
SIFT 2.0
Mississippi State University Digital Forensics 15
Summary
• Passwords • Attacks Against Passwords • Defenses Against Password Attacks • Locations of Password Files • Examples of a Live CD
Mississippi State University Digital Forensics 16
Password Cracking and LiveCDs
QUESTIONS?