Password Cracking Foundations

00:02

Hi. My name is Dustin Perry. And welcome to password cracking

00:08

in this module. We're going to be going over cracking passwords. And I just wanted to remind you that this course is for learning purposes only. What we show you here is intended to expand your knowledge and help you. We're not responsible if you decide to break the law.

00:25

So you're working in your first pen testing gig? You've been sniffing the network for an hour or so, and you've gathered quite a few password hash is that were flying around the network.

00:33

But what can you do with these houses? You've got a few options, like pass the hash. But one of the first things I like to try and do is to start cracking a few.

00:43

In this lesson, we're going to learn about passwords and some common things that may or may not be done to help protect them. Then we're gonna go over. Um what? Cracking passwords is into the most popular tools to do. Pastor cracking John the Ripper and Cain and Abel. Let's go ahead and get started

01:03

before we get into cracking passwords. We need to know a little bit about how passwords could be protected in both the Windows and UNIX environments. You've probably heard of ah, giant pastor databases being stolen from the latest breach. But not to worry, they were hashed.

01:17

So what does this mean? Are your passwords safe? What to use the user do after a breach, we're going to discuss all of this. But first we need to go over our little bit of terminology in order to understand how pastors may or may not have been protected.

01:32

So the most basic form of storing any password is in a clear text or plain text form, and this is exactly what it sounds like. The passwords are stored and human readable format, like the text on the screen. There is zero security with a plain text password. If you can read the clear text database of passwords, you now have

01:52

all the passwords.

01:55

Hashing protects a passer by taking the password and using a mathematical formula, literally chopping it up in producing an output of a specific length. One common hash type that you may have heard of is MD five hashing

02:07

with hashing. You cannot go backwards from a hash to a password, but you can work out the password by brute forcing

02:15

using brute forcing methods. You're continuously hashing new passwords until the resulting hash matches the original one or the one you know,

02:25

salting makes securing hashes ah, lot more secure by adding a unique random string of characters to the front of each password. You can salt and hash password more than once each time increasing the security of that password

02:43

peppering is kind of a new terminology. It's not used everywhere. Kenny's interchangeably with salting, but it is very similar to salting hashes. But the value of random strings are typically added to the end of a password instead of the beginning, so they're two main versions of pepper.

03:00

The first is unknown secret value added to each password.

03:05

This works as long as the attacker doesn't know or can't guess that secret value. The second is a value that is randomly generated, but it's never stored. This isn't used much because of the time it try. It takes to try all the values every time a user attempts to log in.

03:23

Encrypting passwords is similar to hashing, but it can be reversed by decrypting. There are many different forms of encryption, including A S, Triple D S and R S. A.

03:37

Hashing is a pretty decent way to keep password safe. But not every form of hashing is created equal.

03:44

The first hashing algorithm we're going to talk about is MD five. It uses 128 bit hash values, which are quite easy to produce. MD five has many known weaknesses, though, which makes it pretty unsuitable for hashing passwords.

04:00

Typically, you'll see MD five hashes Thio use to verify file integrity. So if you download a file from the Internet, you can verify that that file is exactly what it is. And someone didn't try and, like, sneak malware in there or anything.

04:15

Shaw One or the secure hashing algorithm one was designed by the NSA in 1993. It generates a 160 bit hash, which is much more secure than MD five.

04:27

But increases in computing power made even the Shaw one not a secure and relatively easy to crack

04:33

shot, too, was a successor to show one. It was also developed by the NSA in this time in 2001. It's a family of hash functions that produce much longer. Hash values like Shot 2 24 shot to 56 shot 3 84 or shot 5 12

04:53

This is one of the recommended forms for secure hashing.

04:58

Be crypt is based on the Blowfish cipher and includes salt it was designed to protect against brute forcing by being purposely slow.

05:05

There are many more forms of hashing available out there, but these are some of the most widely used in common ones.

05:15

So what is password cracking?

05:17

Password cracking is a process of recovering passwords. Typically, using software known as password crackers is typically done by both I T technicians and Attackers. In order to identify an unknown password,

05:30

password crackers used two different methods in order to crack passwords, brute forcing and dictionary attacks.

05:38

Brute forcing runs through a combination of characters within a predetermined length until it finds the correct combination.

05:45

This can be extremely successful in instances where characters are limited or you know the exact character account of a password.

05:53

Because brute forcing tries every single combination, it can take long amounts of time, depending on how it's configured to run. So it's usually kind of a last ditch attempt not usually your 1st 1

06:05

Dictionary attacks are only a successful as their dictionary,

06:10

so these type of attacks have a pre built word list and check each entry in the dictionary. Typically, these types of attacks are much quicker, and because of this there use first when attacking passwords. You confined pre built Dictionary's online based on topics previous known breach passwords. Because people

06:29

tend to reuse passwords,

06:30

you can even use dictionaries that contain top passwords being used. There's really no end to the variety of dictionaries available.

06:42

One thing I like to do is use some of these top known passwords and then combine them. Depending on some of the re kon, you've done

06:50

combination attacks to use both of brute force and dictionary methods. For example, it could use a password and then pass or 01 then password 02 and so on.

07:01

This can be really helpful when users have been instructed to include a number or a specific character.

07:09

You can also use substitution like at symbol for a a one for an eye or a zero for Oh,