Seek and Ye shall Find - Password and Providence
30
Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence
description
Seek and Ye shall Find - Password and Providence. Mano ‘dash4rk’ Paul October 11, 2013. whois. w en u c me, tweet #/@HackFormers. [ Querying whois.org ] Name : manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990 - PowerPoint PPT Presentation
Transcript of Seek and Ye shall Find - Password and Providence
Mano ‘dash4rk’ PaulOctober 11, 2013
Seek and Ye shall Find-
Password and
Providence
2
whois[Querying whois.org]Name: manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990
[TECHNICAL] Advisor: Software Assurance Book: The 7 Qualities of Highly Secure Software; Official (ISC)2 Guide to CSSLP CEO: SecuRisk Solutions
[OTHER] Researcher: Shark Biology (dash4rk) Credz: CSSLP, CISSP, MCSD, MCAD, CompTIA Network+, ECSA
Record created on 03-03-19.. Record expires on tbd Database last updated on 10-11-2013
www.hackformers.org
wen u c me, tweet #/@HackFormers
3
Agenda• Teach Security • Teach Christ• Teach Security In Christ
www.hackformers.org
4
What is the topic/series about?• Seek and Ye shall Find– Passwords (Teach Security)– Providence (Teach Christ)
• Part of the Kali OS series– Pentesting processes from r3c0n to r00t– Intro to security tools in the Kali Linux
OS• Password Attack Tools
www.hackformers.org
Seek and Ye shall Find-- passwords --
Teach Security
6
What is a password?
• A credential/claim• Used in combination with a username• For validation of an identity – Authentication
• Used to gain admission/accesswww.hackformers.org
7
I AM that I AM• Authentication– Something you know
• Passwords, PINs– Something you have
• Badges, Certs, Fobs– Something you are
• Biometrics
www.hackformers.org
In scope for this talk!
8
Cracking• Discovering • Can it be legit?
– Attest password policy
– Attest password strength
– Determine if the passwords are cryptographically protected• Hashed• Encrypted
www.hackformers.org
To crack for the right reasons is being wise; To crack for the wrong
reasons is being a wisecracker!
9
wisecracker
www.hackformers.org
10
A note about ‘strong’ passwords• Characteristics– Particular length– Alpha– Numeric– Mixed Case– Special Characters
• Change– Periodically
changed
www.hackformers.org
So is your password ‘strong’ enough?
11
Strong but psychologically acceptable
• Make it too complex– Users seek to find a
way around it• Make it too simple
– Hackers seek to find it and often do
• Is your password – Strong?– Psychologically
acceptable?
www.hackformers.org
13
Tools, Tools, and more Tools
www.hackformers.org
14
Humans – The weakest link• Why hack when you can just ask– Ask and you shall receive (Matthew 7:7)
• Social Engineering (Toolkit) – Credential Harvesting
• You are the weakest link, Goodbye!– Anne Robinson, Gameshow Host
• You are the weakest link, Hacked Guy!
– Mano Paul, HackFormers Host
www.hackformers.org
15
Password Attack Tools
www.hackformers.org
16
john (the ripper)without wordlists
www.hackformers.org
17
john (the ripper)with wordlist
www.hackformers.org
18
johnny
www.hackformers.org
19
Seeking Wordlists! • Download existing wordlists
– http://packetstormsecurity.com/Crackers/wordlists/ (free)– http://www.outpost9.com/files/WordLists.html (free)– http://www.openwall.com/wordlists/ (paid ~$30)
• Create your own i.e., Crunch It
www.hackformers.org
20
mimikatz• Tool to grab windows
passwords from memory
• Benjamin Delphy (@gentilkiwi) oui oui
• How to?– Upload libraries and
run commands[virustotal flags it]– Meterpreter
Extension
www.hackformers.org
21
Disclaimer• Do NOT hack to
crack unless you are authorized to …
• Demo – Seek and Ye shall
Find
www.hackformers.org
22
Demo < Seek and Ye shall Find• 1. Social Engineering Toolkit– Credential Harvesting attack
• 2. Meterpreter– Migrate to winlogon process– Keylog
• Meterpeter – Get password hashes (hashdump)– Crack (john without/with wordlists)
• 4. Mimikatz www.hackformers.org
Seek and Ye shall Find -- Providence --
Teach Christ
24
Humans – The weakest link• Humans are frail made from the dust of the earth
– the weak link• The devil tries to social engineer us to death
• We need to ask for it is written
7 Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you:
– Matthew 7:7-11
• Ask and ye shall receive > But who do you ask for?
www.hackformers.org
25
Who do you say I AM?- Jesus’ Question
• God said– I AM that I AM– I AM the God of your
fathers (Abraham, Isaac and Jacob)
• Jesus said– Before Abraham was, I AMÞ Jesus is God (Providence)i.e., God’s provision for our Salvation … without Jesus, no one can be granted access to God … no other way!
• Jesus said > I AM– The bread of life– From above– I am the true vine– The Light of the world– The door – The good shepherd– The Son of God– The Resurrection and
the life– The way, the truth, and
the life
www.hackformers.org
26
Who is Jesus Christ?- HackFormers Style
• Jesus is – The credential/claim– To be used in combination with a Your name– For validation of your identity
• Authentication – Needed to gain admission/access
• Jesus is THE PASSWORD to all the questions of life – He is strong and psychologically acceptable, never changes, and UNCRACKABLE
www.hackformers.org
27
If you seek Jesus, you will find him
• 7 Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you:8 For every one that asketh receiveth; and he that seeketh findeth; and to him that knocketh it shall be opened.
– Matthew 7:7-8
• 13 And ye shall seek me, and find me, when ye shall search for me with all your heart.14 And I will be found of you, saith the Lord:
– Jeremiah 29:13-14a
www.hackformers.org
28
If you seek Jesus, you will find him
• 6 Seek ye the Lord while he may be found, call ye upon him while he is near:7 Let the wicked forsake his way, and the unrighteous man his thoughts: and let him return unto the Lord, and he will have mercy upon him; and to our God, for he will abundantly pardon.
– Isaiah 55:6-7
www.hackformers.org
Points to Ponder
Teach Security In Christ
30
Discussion Points• You need to know the password to get access to a privileged resource• You need to know Jesus (THE password) to get access to God
– And this is life eternal, that they might know thee the only true God, and Jesus Christ, whom thou hast sent.
• John 17:3– Know him NOT JUST as a cool guy, but as Savior and Lord!
• Is Jesus your password? ********– Is he your Savior and Lord i.e., Have you believed or do you still doubt?
• Seek Jesus while he may still be found!
All who call on the name of the Lord Jesus Christ shall be saved(Joel 2:32)
[i.e., all who know Jesus Christ as their password shall be granted access to the presence of God to live eternally]
www.hackformers.org
31
Closing Thoughts
www.hackformers.org
try {if (uLikedThisPresentationAndMtg) {
subscribeViaEmail();followAndTweet(); // @hackformersgetLinkedIn();emailUs(); // [email protected]
} else {
giveFeedback(); // [email protected] }
} catch(Temptations t) {
Seek(God’sProvidence > JesusChrist);} finally {
ThankUandGodBless(); }
