Password Attacks/Cracking
What is passwords?
A password, sometimes called a passcode, is a memorized secret used to confirm the identity of a user. Using the terminology of the NIST Digital Identity Guidelines, the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier.
Password Cracking....
(The theory!behind!password!attacks!is!simple!to!comprehend.)
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.
Types of Password Cracking
Password “dictionary files” are usually text files that contain a large number of common passwords in them. These passwords are often used in conjunction with password cracking tools, which can accept these password files, then attempt to authenticate to a given service with the passwords contained in the password files.
In Kali Linux includes a number of these dictionary files in the following directory:
root/usr/share/wordlists/
- Windows Credential Editor (WCE):
Windows Credentials Editor (WCE) 68 is a security tool that allows one to perform several attacks to obtain clear text passwords and hashes from a compromised Windows host. Among other things, WCE can steal NTLM credentials from memory and dump cleartext passwords stored by Windows authentication packages installed on the target system such as msv1_0.dll, kerberos.dll, and digest.dll. Itks quite interesting to note that WCE is able to steal credentials either by using DLL injection or by directly reading the LSASS processm emory. The second method is more secure in terms of operating system stability, as code is not being injected into a highly privileged process.
One way to customize our dictionary file and make it more potent against a specific target is by using password profiling techniques.This involves using words and phrases taken from the specific organization you are targeting and including them in your wordlists with thaim of improving your chances of finding a valid password.
Using a tool like cewl, we can scrape the megacorpone.com webservers to generate a password list from words found on the web pages.
Cewl has retrieved the string “nanobots” from the megacorpone.com website and that password is now present in a custom dictionary file, specific to megacorpone.com
Password Mutating
Users most commonly tend! to mutate! their passwords in various ways. This could include adding a few numbers at the end of the password, swapping out lowercase for capital letters changing certain letters to numbers, etc. We can now take our minimalistice password list generated by cewl&and add common mutation sequences to these passwords. A good tool for doing this is John the Ripper. John comes with an extensive configuration file where password mutations can be defined.
Once the john.conf configuration file is updated, we mutate our dictionary containing 331 entries that were generated by cewl. The resulting file has minimum 50,000 passwords entries due to the multiple mutations performed on the passwords, and one of the passwords is “nanobots93”.
To Be continue Like Online Password Attacks and Offline Password Attacks
