lab3 - fgdump)-Linux shadow file (unshadow) Memory Dump...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Mark Shtern
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Passwords are the most common authentication method They are inherently insecure
Background image of page 2
Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Physical Access Offline password cracking Online password cracking
Background image of page 4
Boot using Linux bootable CD Mount system drive Reset Administration Password (Windows: chntpwd; Linux modify shadow file)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Collect password hashes Crack passwords
Background image of page 6
Eavesdropping (Sniffing) Password file - Windows – SAM,NTDS.dit file (pwdump[ 2-6 ] and
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 8
Background image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: fgdump)-Linux shadow file (unshadow) Memory Dump (debug tools: WinDgb, gdb), System calls (APImonitor, strace) SQL database, configuration file Source code Types-Brute Force -Dictionary-Hybrid-Rainbow The most popular crackers-Windows: Ophcrack, Cain & Abel, LCP-Linux: John the Ripper (john) Eavesdropping: Encrypt the channel, e.g. using SSL or SSH Offline dictionary attacks: Limit access to password hashes, strong passwords, password lifetime, use salt Online dictionary attacks: Delayed answers, strong passwords, account lockouts...
View Full Document

This note was uploaded on 02/13/2012 for the course CSE 1520 taught by Professor Kemeny during the Fall '08 term at York University.

Page1 / 9

lab3 - fgdump)-Linux shadow file (unshadow) Memory Dump...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online