Passwords (part 2) Online Password Cracking

00:04

So now that we're all set up for off one password attacks, war will take our has your stand London thers cracking software And only when we've gotten the correct answer for weeks log in Thio a service

00:18

we will now try something different is just gonna be online Password cracking show If I could possibly confuse you more but getting the houses and then doing online 1000 crashing I'm in doing all flying password cracking because see where I'm going here. We want to try something a little bit different Sometimes we may not be able to get past Word has just

00:37

We may just want to guess usernames and passwords. We may be able to find valid user names, like with our information gathering or we tell that verify verb for SMTP that could find a valid use Your name my theme going cross the wire.

00:54

Things like that may just be able to guess.

00:58

Maybe defaults, like most people really hasn't as they account

01:03

like that. I'm so

01:06

we can guess. There are tools for that one is hydra with the many headed water serpent so well named there since we're basically going to send out many gases. So you think of those is the heads. So this is loud and those have a tendency to lock out accounts and get noticed. You might even get your I p blocked.

01:26

It's like, uh,

01:26

lots of password attempts. Someone's trying to break in

01:30

That might get you

01:30

called, but in our case, we don't have that problem.

01:34

So what you could do is hydra and then little l you just give it one use your name could use a big L to specify a list of Use your name so you can guess user names and passwords lists,

01:48

Felder said. The user is Georgia little P. One path. We're Big P

01:53

is a list of passwords,

01:55

so I just made a really good taste stupid password list because it only has what, five entries. And they're all based on the word path word. When we do our offline password cracking, we'll see some better word lists that we have in

02:08

Callie. And, of course, you can always

02:10

download some other password list. There's, you know, a whole

02:15

form of security research where people spend all their time working on password cracking. It's been said that the way you get into systems. It's worthwhile way. That's been your time. So there are lots of password lists out there that you can use the We'll see a couple that are already in

02:30

Callie,

02:34

but this is just kind of a dummy password list so we can see it work again. We want Hydra

02:39

little l future Georgia

02:43

Big P path Words Stop text

02:46

I p address that we won't attack. So we're gonna go out there pee and then the service. So actually, instead of saying port 21 I can actually say FTP,

02:57

and it will sort that out for us.

02:59

Sure enough, as we found out previously in our traffic capture section,

03:04

we see that George's password is password so that it will allow us to law again as Georgia

03:10

essentially see something interesting

03:17

credit cards don't take.

03:20

We've already seen it.

03:25

Just just a credit card numbers or something. Yeah, fake credit card numbers. They're not too terribly exciting there.

03:32

And we also don't think in the previous section we actually went and grabbed

03:38

passwords dot text from anonymous FTP, which we could have done. We saw that

03:44

previously as well. But that's not really a password attack. So I should have done in the lawsuit of a edge. But these things happen.

03:51

Um, so that's just an example of an online password attack. There are many other particles that Hydra knows how to talk to.

04:01

Um,

04:03

I should say so. Here's all the service is so lots of different things that knows how to talk to begin. This is loud and is likely to lock out accounts and possibly even get your i p address

04:15

blocked. So it's generally not something I go for right off the top of my head, but

04:23

it can be useful if I am going to do things like this. I usually do things that are

04:30

more of an educated gas rather than sending it like thousands of passport attempt,

04:34

unless it specifically no, it's not gonna walk me out, or

04:39

the client specifically asked for the sort of thing I'm much more often find myself doing these offline attacks like Well, do you often have to dump the password? Hash is out of the domain controller

04:49

and then d'oh

04:51

the password

04:53

test. So I'll do something similar to what we're gonna do in the next video.

04:58

We're cracking the Hodges with a very strong

05:01

password cracking system with some good industry standard, wordless and rule sets, and see how many of the passwords I can crack and a certain amount of hours. So that kind of shows, What if attacker who's doing the same thing would be able to d'oh.

05:16

But