Page 68 - DCAP516_COMPUTER_SECURITY
P. 68
Computer Security
Notes Automated password guessing programs and crackers use several different approaches.
The most time consuming—and most successful—attack method is the brute-force attack,
in which the attacker tries every possible combination of characters for a password, given
a character set (e.g., abcd…ABCD…1234…!@#$) and a maximum password length.
Dictionary attacks work on the assumption that most passwords consist of whole words,
dates, or numbers taken from a dictionary. Dictionary attack tools require a dictionary
input list. You can download varying databases with specific vocabularies (e.g., English
dictionary, sports, even Star Wars trivia) free or commercially off the Internet.
Hybrid password guessing attacks assume that network administrators push users to
make their passwords at least slightly different from a word that appears in a dictionary.
Hybrid guessing rules vary from tool to tool, but most mix uppercase and lowercase
characters, add numbers at the end of the password, spell the password backward or
slightly misspell it, and include characters such as @!# in the mix. Both John the Ripper
(http://www.openwall.com/john) and Cain & Abel (http://www.oxid.it) can do hybrid
guessing.
2. Password Resetting: Attackers often find it much easier to reset passwords than to guess
them. Many password cracking programs are actually password resetters. In most cases,
the attacker boots from a floppy disk or CD-ROM to get around the typical Windows
protections. Most password resetters contain a bootable version of Linux that can mount
NTFS volumes and can help you locate and reset the Administrator’s password.
Notes A widely used password reset tool is the free Petter Nordahl-Hagen program
(http://home.eunet.no/~pnordahl/ntpasswd). Winternals ERD Commander 2005, one of
the tools in Winternals Administrator’s Pak (http://www.winternals.com/Products/
AdministratorsPak/#erdcommander2005) is a popular commercial choice. Be aware that
most password reset tools can reset local Administrator passwords residing only on local
SAM databases and can’t reset passwords in Active Directory (AD).
3. Password Cracking: Although password resetting is a good approach when all you need
is access to a locked computer, resetting passwords attracts unwelcome attention. Attackers
usually prefer to learn passwords without resetting them. Password cracking is the process
of taking a captured password hash (or some other obscured form of the plaintext password
or challenge-response packets) and converting it to its plaintext original. To crack a
password, an attacker needs tools such as extractors for hash guessing, rainbow tables for
looking up plaintext passwords, and password sniffers to extract authentication information.
Hash Guessing: Some password cracking tools can both extract and crack password hashes,
but most password crackers need to have the LM password hash before they can begin the
cracking process. (A few tools can work on NT hashes.) The most popular Windows
password hash extractor is the Pwdump family of programs. Pwdump has gone through
many versions since its release years ago, but Pwdump4 is the current version.
Many password cracking tools accept Pwdump-formatted hashes for cracking. Such tools
usually begin the cracking process by generating some guesses for the password, then
hashing the guesses and comparing those hashes with the extracted hash.
Common password crackers are John the Ripper and Cain & Abel. John the Ripper, which
comes in both Unix and Windows flavors, is a very fast command-line tool and comes
with a distributed-computing add-on. Cain & Abel can break more than 20 kinds of
password hashes, such as LM, NT, Cisco, and RDP.
62 LOVELY PROFESSIONAL UNIVERSITY
