NOTE Beating your head against the wall to stealcrack passwords in Windows may

NOTEBeating your head against the wall to steal/crack passwords in Windows may bepointless in the long run. Skip Duckwall and Chris Campbell’s presentation at Black Hat in 2012on “passing the hash” (-Slides.pdf) points out some serious failures in security regarding password hashes and systemprivileges in Microsoft Windows.Password cracking offline can be done in one of three main ways: dictionary attack, hybridattack, and brute-force attack. Adictionary attackis the easiest and by far the fastest attackavailable. This attack uses a list of passwords in a text file, which is then hashed by the samealgorithm/process the original password was put through. The hashes are compared, and if amatch is found, the password is cracked. Technically speaking, dictionary attacks are supposedto work only on words you’d find in a dictionary. They can work just as well on “complex”passwords too; however, the word list you use must have the exact match in it. You can’t getclose; it must be exact. You can create your own dictionary file or simply download any of thethousands available on the Internet.A hybrid attack is a step above the dictionary attack. In the hybrid attack, the cracking tool issmart enough to take words from a list and substitute numbers and symbols for alpha characters—perhaps a zero for anO, an @ for ana. Hybrid attacks may also append numbers and symbolsto the end of dictionary file passwords. Bet you’ve never simply added a “1234” to the end of apassword before, huh? By doing so, you stand a better chance of cracking passwords in acomplex environment.EXAM TIPECC absolutely loves rainbow tables. Arainbow tableis a huge compilation ofhashes of every password imaginable. This way, the attacker simply needs to compare a stolenhash to a table and—ta-dah!—cracked. The amount of time it takes a cracker to work isdramatically decreased by not having to generate all these hashes over and over again. In the real

world, GPU systems can brute-force passwords in a manner of minutes or hours, so rainbowtables aren’t really all that valuable. If you wish to make one, though, you can use tools such asrtgen and Winrtgen.The last type is called a brute-force attack, and it’s exactly what it sounds like. In a brute-force attack, every conceivable combination of letters, numbers, and special characters iscompared against the hash to determine a match. Obviously, this is very time consuming,chewing up a lot of computation cycles and making this the longest of the three methods.However, it is your best option on complex passwords, and there is no arguing its effectiveness.Given enough time,everypassword can be cracked using brute force. Granted, we could betalking about years here—maybe even hundreds of years—but it’s always 100 percent effectiveover time.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 43 pages?

Upload your study docs or become a

Course Hero member to access this document

Term

One

Professor

NoProfessor

Note beating your head against the wall to stealcrack

Share this link with a friend:

Other Related Materials

Newly uploaded documents

Newly uploaded documents