Anti-Hacker Tool Kit

Chapter 9 Password CrackingPassword Cracking

Brute-Force ToolsBrute-Force Tools

Vicky

Introduction

“Password” is the key

About the password

One-way hash

Plain Text WZYxAM$5IGD3yl

Solaris DES from /etc/passwd Mandrake DES from /etc/shadow FreeBSD MD5 from /etc/shadow OpenBSD Blowfish from /etc/master.pass

wd Windows 2000 from \WINNT\repair\SAM

Where is the password ?Shadow Password

Encrypted Password

Start to Cracking

John the Ripper Pwdump2 Pwdump3 L0phtCrack

SMBGrind Nbaudit

John the Ripper

• Get the file

• Uncompress

• make

Benchmark

Start to cracking

1. Task Monitor

2. Find out PID

3. Get the hashs

Pwdump

Grab a text version of the SAM

Usage

Pwdump3

Pwdump2+remote access

Usage

L0phtCrack

Pwdump + Brute-Force Cracking

Removing the LanMan Hash

Why…

LanMan 69^7MD4 96^8

How to…

LaMan

LaMan LaMan

MD4

Lasdump

Dump the password from memory No cracking

SMBGrind

Nbaudit

SMBGrind+ Scan address range Specify put file

Usage

Windows may be more security

Run secpol.msc

Summary: Strong password

好膽！賣走long

numbers

A-Z

a-z

!@#$%^&