System Hacking- Password

Cracking

By Paul Mutinda

System Hacking. By P. Mutinda 1

 System Hacking
System hacking is the ability for an unauthorized
intruder to gain access to a device for which the
intruder does not have an account or a password.
Entering or accessing systems to which one does not
have access usually involves running a hack, script, or
tool that exploits a known vulnerability of the system
or application being attacked.

System Hacking. By P. Mutinda 2

 System Access Techniques
 as System Hacking (also know as System Access ) follows:
foot printing / Reconnaissance phase.
 System-hacking phase in a single pass - It involves using a
methodical approach that includes:
◦ cracking passwords,
◦ escalating privileges,
◦ executing applications,
◦ hiding files,
◦ covering tracks,
◦ concealing evidence, and then
◦ pushing into a more involved attack.

System Hacking. By P. Mutinda 3

 System Access/Hacking Techniques

 The major system hacking techniques includes:

◦ Password Cracking/Hacking
◦ SQL Injections
◦ Cross site scripting
◦ Phishing
◦ Denial of Service(DOS)
◦ Worms, Viruses and Trojan horses

System Hacking. By P. Mutinda 4

 Password Cracking
 password cracking involves obtaining the credentials of a given
account with the intention of using the account to gain
authorized access to the system under the guise of an authentic
user.
 password cracking is the process of recovering passwords from
transmitted or stored data.
 Typically, the hacking process starts with assaults against
passwords.
 Passwords may be cracked or audited using manual or
automated techniques designed to reveal credentials.

System Hacking. By P. Mutinda 5

 Password Cracking : Nature of passwords

 A password is designed to be something an individual can

remember easily but at the same time not something that can be
easily guessed or broken.
 The problem: Human beings tend to choose passwords that are
easy to remember, which can make them easy to guess.
 Examples of Weak passwords easy for passwords cracking:
◦ Passwords that use only numbers
◦ Passwords that use only letters
◦ Passwords that are all upper- or lowercase
◦ Passwords that use proper names
◦ Passwords that use dictionary words
◦ Short passwords (fewer than eight characters)

System Hacking. By P. Mutinda 6

 Password policy creation
 therules for creating a strong password are a good line of
defense against the attacks.
 Password Policy: Examples:
◦ Must not contain any part of the user’s account name
◦ Must have a minimum of eight characters
◦ Must contain characters from at least three of the following categories:
 Nonalphanumeric symbols ($,:”%@!#)
 Numbers
 Uppercase letters
 Lowercase letters

System Hacking. By P. Mutinda 7

 Password Cracking Techniques
 There are special techniques are used to recover passwords.
 They include:

1. Dictionary Attacks
◦ An attack of this type takes the form of a password-cracking application
that has a dictionary file loaded into it.
◦ The dictionary file is a text file that contains a list of known words up to
and including the entire dictionary.
◦ The application uses this list to test different words in an attempt to
recover the password.
◦ Systems that use pass phrases typically are not vulnerable to this type of
attack.

System Hacking. By P. Mutinda 8

 Password Cracking Techniques

2. Brute-force Attacks
◦ In this type of attack, every possible combination of
characters is attempted until the correct one is uncovered.
◦ According to RSA Labs, “Exhaustive keysearch, or brute-
force search, is the basic technique for trying every possible
key in turn until the correct key is identified.”

System Hacking. By P. Mutinda 9

 Password Cracking Techniques
3. Hybrid Attack
◦ This form of password attack builds on the dictionary attack, but with
additional steps as part of the process.
◦ In most cases, this means passwords that are tried during a
dictionary attack are modified with the addition and
substitution of special characters and numbers, such as
P@ssw0rd instead of Password.
4. Syllable Attack
◦ This type of attack is a combination of a brute-force and a
dictionary attack.
◦ It is useful when the password a user has chosen is not a
standard word or phrase.
System Hacking. By P. Mutinda 10
 Password Cracking Techniques
6. Rule-based Attack
◦ This could be considered an advanced attack.
◦ It assumes that the user has created a password using
information the attacker has some knowledge of ahead of
time, such as phrases and digits the user may have a tendency
to use.

System Hacking. By P. Mutinda 11

Classification of Password attacks
Techniques
 A hacker may use different types of attacks in order to identify a password
and gain further access to a system. These types of password attacks are
classified as:
◦ Passive Online attacks: sniffing, man-in-the-middle, and replay attacks
◦ Active Online attacks: automated password guessing.
◦ Offline attacks: Dictionary, hybrid, and brute-force attacks.
◦ Non electronic attacks: Shoulder surfing, keyboard sniffing, and social
engineering.

System Hacking. By P. Mutinda 12

 Passive Online Attack
 A passive online attack is also known as sniffing the password
on a wired or wireless network.
 A passive attack is not detectable to the end user.
 The password is captured during the authentication process
and can then be compared against a dictionary file or word
list.
 Normally, User account passwords are commonly hashed or
encrypted when sent on the network to prevent unauthorized
access and use.
 If the password is protected by encryption or hashing, special
tools in the hacker’s toolkit can be used to break the algorithm.

System Hacking. By P. Mutinda 13

 Passive Online Attack
 man-in-the-middle (MITM): Another passive online attack is
known as man-in-the-middle (MITM).
◦ In a MITM attack, the hacker intercepts the authentication
request and forwards it to the server.
◦ By inserting a sniffer between the client and the server, the
hacker is able to sniff both connections and capture
passwords in the process.

System Hacking. By P. Mutinda 14

System Hacking. By P. Mutinda 15
 Passive Online Attack
 A replay attack is also a passive online attack;
◦ it occurs when the hacker intercepts the password en route to the
authentication server and then captures and resends the
authentication packets for later authentication.
◦ In this manner, the attacker captures the password and reuses
the password-authentication packets later to authenticate as
the client.

System Hacking. By P. Mutinda 16

 Active Online Attacks
 The easiest way to gain administrator-level access to a system
is to guess a simple password assuming the administrator used
a simple password.
 Password guessing is an active online attack.
 It relies on the human factor involved in password creation and
only works on weak passwords.

System Hacking. By P. Mutinda 17

 Active Online Attacks
 Defending Against Password Guessing
 Two options exist to defend against password guessing and
password attacks.
◦ Both smart cards
 biometrics - Biometrics use physical characteristics such as
fingerprints, hand geometry scans, and retinal scans as
credentials to validate users.

System Hacking. By P. Mutinda 18

System Hacking. By P. Mutinda 19
 Offline Attacks
 Offlineattacks are performed from a location other than the
actual computer where the passwords reside or were used.
 Offline attacks usually require physical access to the computer
and copying the password file from the system onto removable
media.
 The hacker then takes the file to another computer to perform
the cracking.
 Several types of offline password attacks exist.

System Hacking. By P. Mutinda 20

 Offline Attacks

Table Offline attacks

System Hacking. By P. Mutinda 21

 Non-electronic Attacks
 Non-electronic—or non technical attacks—are attacks that do
not employ any technical knowledge.
 This kind of attack can include social engineering, shoulder
surfing, keyboard sniffing, and dumpster diving.

System Hacking. By P. Mutinda 22

 Non-electronic Attacks
 Social engineering
◦ Is the art of interacting with people either face to face or over the
telephone and getting them to give out valuable information such
as passwords.
◦ Social engineering relies on people’s good nature and desire to
help others.
◦ Many times, a help desk is the target of a social-engineering
attack because their job is to help users—and recovering or
resetting passwords is a common function of the help desk.
◦ The best defense against social-engineering attacks is security-
awareness training for all employees and security procedures for
resetting passwords.

System Hacking. By P. Mutinda 23

 Non-electronic Attacks
 Shoulder surfing
◦ involves looking over someone’s shoulder as they type a
password.
◦ This can be effective when the hacker is in close proximity to
the user and the system.
◦ Countermeasures:
 Special screens that make it difficult to see the computer screen from
an angle can cut down on shoulder surfing.
 In addition, employee awareness and training can virtually eliminate
this type of attack.

System Hacking. By P. Mutinda 24

Shoulder surfing : Example

System Hacking. By P. Mutinda 25

 Dumpster diving
 Dumpster diving hackers look through the trash for information
such as passwords, which may be written down on a piece of
paper.
◦ Countermeasure: security awareness training on shredding important
documents can prevent a hacker from gathering passwords by dumpster
diving.

System Hacking. By P. Mutinda 26

 Cracking a Password - Manual
 Manual password cracking involves attempting to log on with
different passwords.
 The hacker follows these steps:
1. Find a valid user account (such as Administrator or Guest).
2. Create a list of possible passwords.
3. Rank the passwords from high to low probability.
4. Key in each password.
5. Try again until a successful password is found.

 A hacker can also create a script file that tries each password in
a list.
 This is still considered manual cracking, but it’s time
consuming and not usually effective.
System Hacking. By P. Mutinda 27
 Cracking a Password – Automated tools

Hashkiller - https://hashkiller.co.uk
Md5hashgenerator - http://www.md5hashgenerator.com/
Ophcrack - from http://ophcrack.sourceforge.net/.
Rainbow Crack - used to recover a password
NTInfoScan - is a security scanner for NT 4.0
L0phtCrack - is a password auditing and recovery package
distributed by @stake software,

System Hacking. By P. Mutinda 28

 Other Options for Obtaining Passwords

Default Passwords
One of the biggest potential vulnerabilities is also one of the easiest to
resolve: default passwords.
Default passwords are set by the manufacturer when the device or system is
built.
 They are documented and provided to the final consumer of the product and
are intended to be changed.
Hackers can look up your default password at any of the following sites:
 http://cirt.net
 http://default-password.info
 www.defaultpassword.us
 www.passwordsdatabase.com
 https://w3dt.net
 www.virus.org
 http://open-sez.me
 http://securityoverride.org
 www.routerpasswords.com

www.fortypoundhead.com

System Hacking. By P. Mutinda 29

 Other Options for Obtaining Passwords

USB Password Theft

This method entails embedding a password-stealing application
on a USB drive and then physically plugging the drive into a target
system.
Because many users store their passwords for applications and
online sites on their local machine, the passwords may be easily
extracted

System Hacking. By P. Mutinda 30

USB Password Theft : Example

System Hacking. By P. Mutinda 31

 Privilege Escalation
 When you obtain a password and gain access to an account,
next is to perform privilege escalation.
 The account hacked could be lower-privileged and less-
defended one.
 If this is the case, you must perform privilege
 The goal should be to gain a level where fewer restrictions exist
on the account and you have greater access to the system
 One way to escalate privileges is to identify an account that has
the desired access and then change the password.

System Hacking. By P. Mutinda 32

 Privilege Escalation
 One way to escalate privileges is to identify an account that has
the desired access and
 then change the password.

System Hacking. By P. Mutinda 33

 Privilege Escalation
 There are two defined types of privilege escalation, each of
which approaches the problem of obtaining greater privileges
from a different angle:
 Horizontal Privilege Escalation An attacker attempts to take
over the rights and privileges of another user who has the same
privileges as the current account.
 Vertical Privilege Escalation The attacker gains access to an
account and then tries to elevate the privileges of the account. It
is also possible to carry out a vertical escalation by
compromising an account and then trying to gain access to a
higher-privileged account.

System Hacking. By P. Mutinda 34

 Privilege Escalation
Several tools that offer this ability, including the
following:
◦ Active@ Password Changer
◦ Trinity Rescue Kit
◦ ERD Commander
◦ Windows Recovery Environment (WinRE)
◦ Password Resetter

System Hacking. By P. Mutinda 35

 Password-Cracking Countermeasures

 A system administrator can implement the following security precautions to

decrease the effectiveness of a brute-force password-cracking attempt:
◦ Never leave a default password.
◦ Never use a password that can be found in a dictionary.
◦ Never use a password related to the hostname, domain name, or anything
else that can be found with Whois.
◦ Never use a password related to your hobbies, pets, relatives, or date of
birth.
◦ Use a word that has more than 21 characters from a dictionary as a
password.
◦ Passwords should expire after a certain amount of time so that users are forced to
change them.
◦ Monitoring Event Viewer Logs -to recognize any intrusion attempts

System Hacking. By P. Mutinda 36