Password Cracking
-
Upload
jenette-foley -
Category
Documents
-
view
26 -
download
0
description
Transcript of Password Cracking
![Page 1: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/1.jpg)
Password Cracking
COEN 252 Computer Forensics
![Page 2: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/2.jpg)
Social Engineering
Perps trick Law enforcement, private
investigators can ask.
Look for clues: Passwords frequently use SSN, names
of boyfriend, girlfriend, dog, sled, …
![Page 3: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/3.jpg)
![Page 4: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/4.jpg)
Dictionary Attacks
Passwords need to be memorizable. Most Passwords based on actual words. Dictionary attacks uses a dictionary:
Try all words in dictionary. Try all words in dictionary with slight
changes. Typically very fast.
![Page 5: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/5.jpg)
Brute Force
Just try out all combinations. 2568 possibilities for a UNIX
password. But only if all letters are equally
likely. Not feasible on a single machine. But possibly in a P2P system.
Using Seti@home technology.
![Page 6: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/6.jpg)
Keystroke logging / sniffing
Surveillance of suspect can yield passwords.
Keystroke loggers can be set up to automatically reveal typed in passwords.
Same for network sniffers.
![Page 7: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/7.jpg)
Default Passwords Many applications come with a default
password. VMS used to have a default super-user
password. Often, the default password is the same as
the default user name. In principle, the sys-ad changes the default
password. Recently, applications are no longer shipped
with default passwords.
![Page 8: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/8.jpg)
Bios Password
Stored in CMOS Remove power from CMOS and CMOS
is reset. Looses valuable forensic data such as the
system clock. Some BIOS can be programmatically
cleaned. Looses valuable forensic data such as the
system clock.
![Page 9: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/9.jpg)
Windows 9x
Windows 9x stores the login password in .pwl file in the c:\windows directory in encrypted form.
Obtain the password from the file. Use an offline password cracker
that attacks the weak encryption.
![Page 10: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/10.jpg)
Windows 9x
Windows screen saver password is stored in user.dat file in c:\windows.
Password is in simple ASCII encryption.
The screen saver password is very often the system password.
![Page 11: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/11.jpg)
Windows NT and upUnix
Only hash of password is stored. Computationally impossible to
calculate password from the hash. Can use the hash for a dictionary
or brute force attack.
![Page 12: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/12.jpg)
Various Applications
Some applications store the password in clear text in a hidden location. Registry in Windows. Some file attached to the application.
Or using easily breakable encryption of password in known place.
![Page 13: Password Cracking](https://reader035.fdocuments.us/reader035/viewer/2022071715/56812f69550346895d94f3f5/html5/thumbnails/13.jpg)
Multiple Passwords
Since few users can remember many passwords, any password for a given application might also unlock other passwords.