password cracking n.
Skip this Video
Loading SlideShow in 5 Seconds..
Password cracking PowerPoint Presentation
Download Presentation
Password cracking

Loading in 2 Seconds...

play fullscreen
1 / 10

Password cracking - PowerPoint PPT Presentation

  • Uploaded on

Password cracking. Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski. Overview. Who uses password crackers? List of programs needed Gain access to password list Password Salting Installing John the Ripper How to use PwDump2 and John the Ripper How to make a strong password.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Password cracking

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
password cracking

Password cracking

Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski

  • Who uses password crackers?
  • List of programs needed
  • Gain access to password list
  • Password Salting
  • Installing John the Ripper
  • How to use PwDump2 and John the Ripper
  • How to make a strong password
who uses password crackers
Who uses password crackers?
  • System Administrators
    • Test the strength of the user’s password
  • Hackers
    • Gain access to the user’s account
list of programs needed
List of programs needed
  • Pwdump2
    • Retrieves user accounts and passwords in Windows and puts the information into a hash table (not needed in Unix)
  • John the Ripper
    • Uses hash table from pwdump2 and cracks password
john the ripper cont
John the Ripper cont.
  • Runs against various encrypted password formats including: Unix (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash
  • It operates by the so-called dictionary attack. It takes text string samples (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string.
  • It also can operate by the incremental attack. Where JTR tries every possible character combination as passwords.
    • Several thousand possibilities can be tried per second
    • Most sufficient way of cracking passwords in the past several decades
gain password list
Gain Password List
  • Windows
    • Use Pwdump2 to get SAM file when logged into account
    • Use a Live Bootable OS CD (Knoppix) to by-pass user login and change directory to the Windows SAM File and dump to disk
  • Unix
    • Unshadow password in /etc/passwd
      • ./unshadow /etc/passwd /etc/master.passwd > pass.txt
    • ypcat passwd when NIS is used
    • Use Live Bootable OS CD (Knoppix)
password salting
Password Salting
  • Salts help strengthen the password list
  • The salt is suffixed with random values to the password before encrypting it; the salt is stored along with the encrypted password in the hash
  • Salts are different for each user, the attacker can no longer use a single encrypted version of each candidate password.
    • Makes for longer time of cracking passwords
    • More difficult for dictionary attack
installing pwdump2 and jtr
Installing Pwdump2 and JTR
  • Simply extract both programs to separate directories, no install needed for Windows
  • For Unix:
    • CD to ./src of the JTR dir after extraction.
    • make
    • make clean generic
how to make a strong password
How to make a strong password
  • Do not use single dictionary words
  • Use a combination of words with a punctuation mark in between each word, along with a mix of upper and lower case letters for each word