Fundamentals

Introduction

• Passwords: Strings of characters that are encrypted and used to authenticate digital resources
• Hashes: Identifiers calculated by applying mathematical functions to given values
• Combinations: Passwords and hashes are often used together to protect data.

Attack Methodologies

• Guessing Passwords
• Default Passwords
• Cracking
• Phishing

Password Weaknesses

• Weak Passwords: Easy-to-remember passwords are the first hackers will try.
• Reused Passwords: Using the same password in multiple accounts.
• Hash Weakness: Cracking old hash algorithms over time.

One-Way Functions

• A value is hashed by a hashing algorithm and can be compared for identification.
• Using two different algorithms for the hashing process will make the value harder to identify.

Hash Types

• The main differences among the functions are the length of the resulting hash value and the parameters and process of each algorithm.

• MD5

  • 128-bit cryptographic hash. Considered vulnerable since 2012.

• SHA-1

  • 160-bit cryptographic hash. Collision attack was performed in 2017.

• SHA-256

  • 256-bit cryptographic hash. Used mainly is SSH and SSL.

• NTLM

  • Re-encoded text hashed with MD4. Used in Windows OS.

• NetNTLM

  • Improved version of NTLM. Uses salting and timestamps against PTH.

• RSA

  • Considered very strong. Uses asymmetrical digital signature.

Password Attack Types

• Dictionary
• Brute-Force
• Mutated Dictionary
• Rainbow Table
• RAR / ZIP Cracking

Defensive Measures

• Strong Password: Complex and uncommon passwords
• Login Attempt Limitation: Can prevent brute-force attacks
• Fail2Ban: Examines system logs and failed login attempts and allows filtration

Offline Password Cracking

John

• A widely used Linux tool for password cracking
• Supports various attack options, including hybrid attacks
• Supports hash types used in modern systems that can be automatically detected

John the Ripper

• John the Ripper was originally CPU-based.
• John-Jumbo was created to allow GPU-based computations.
• Jumbo is an improved version with support for many more hash types.

Rar2John

• Uses brute-force to crack RAR, PDF, and ZIP files
• It creates or uses a wordlist file for its cracking attempts.
• Rar2john [filename] > hast.txt
• Zip2John [filename] > hash.txt

HashCat

• Cross-platform tool claimed to be the fastest password cracking utility
• Supports both CPU and GPU
• It supports around 210 different hash types and 5 attack modes.

Crunch

• Password list generator that forms passwords based on length and charsets
• Useful when partial knowledge of the victim was obtained
• Can be used to generate lists of passwords according to templates

Cupp

• Creates a wordlist based on words victims may use
• Social engineering on the victim may help the attacker build the list.
• The victim may use an easy-to-remember password based on personal information.

Online Password Attacks

Online Cracking Services

• Common and weak passwords are listed in public databases.
• Applications like CrackStation can examine lists of passwords in a matter of milliseconds.
• Some password recovery services can crack passwords using powerful, dedicated servers.

Hydra

• A tool that supports many remote protocols and web format logins
• It continuously attacks while the server sends an access denied response.
• Hydra’s basic flags include:
  • -l [user name]
  • -P [path to wordlist] [IP]:[Port]

Medusa

• A thread-based remote authentication cracking tool
• Supports parallel connections
• Supports the same protocols as Hydra but operates more slowly

Ncrack

• The fastest and most reliable tool for remote authentication
• Has built-in support for Nmap output formats and other advantages