This document summarizes recent advances in open-source password cracking tools. It discusses John the Ripper, a password cracking tool that now supports cracking passwords and hashes for many formats through community patches. It also discusses Ettercap, a tool for man-in-the-middle attacks that can intercept passwords on networks. Specific techniques are described for cracking passwords for protocols like Kerberos and attacking Microsoft Active Directory infrastructure through password cracking and decrypting encrypted files like PDFs. Future work is planned to expand password cracking abilities and create fake servers to enable additional attacks.
2. Agenda
John the Ripper
Ettercap
Attacks on M$ AD / Kerberos infrastructure
Misc. Stuff
Current and future work
3. John the Ripper
John the Ripper is a free open-source password
cracking software tool (http://www.openwall.com/)
Traditionally supports cracking hashes (LM, FreeBSD,
DES crypt etc.)
$ cat lm-hash
user:fda95fbeca288d44aad3b435b51404ee
$ john -format:lm lm-hash
Loaded 1 password hash (LM ...)
HELLO (user)
4. Jumbo patch
community-enhanced version of JtR, available in almost all
Linux distributions
Add tons of formats for cracking hashes as well as “non-
hashes”
Hashes: e.g. MD5, LM
“non-hashes” : e.g. PDF or other types of files
Can use GPU to accelerate cracking (Speedups > 150X
possible)
5. Jumbo patch supports cracking
1Password, Clipperz, Apple DMG images, EncFS, EPiServer, GPG
private keys, IKE PSK, Apple Keychain, GNOME Keyring, KDE
KWallet, KeePass, LastPass, Mozilla Master Passwords, MongoDB,
MS-CHAP, MySQL authentication protocol, M$ Office,
OpenOffice, PDF, O5LOGON, Password Safe, ZIP, RAR, Apple
10.8 hashes, GRUB 2, PFX, SSH keys, PuTTY keys, PostgresSQL,
M$ PST, RACF, etc
Above list *only* includes formats I have worked on
Lot of these formats are faster than commercial products.
Many formats are not even supported by commercial products
6. Example: cracking password protected
SSH keys
Two-step process
Use one of the many *2john utilities
$ sshng2john.py key-catch22 > ssh-hash
$ john ssh-hash
Loaded 1 password hash (ssh-ng ...)
catch22 (key-catch22)
7. Example: using GPU
Build GPU-enabled JtR (e.g. make linux-x86-64-opencl)
$ john -fo:keychain -t
Benchmarking: Mac OS X Keychain ...
Raw: 1331 c/s real, 1331 c/s virtual
$ john -fo:keychain-opencl -t # ATI 7970 GPU
OpenCL platform 1: AMD Accelerated Parallel Processing ...
Benchmarking: Mac OS X Keychain ...
Raw: 208537 c/s real, 92758 c/s virtual
Greater than 150X speedup
8. JtR community
http://www.openwall.com/lists/john-users/
Join “john-users” mailing list for general discussion and help
Join “john-dev” if you are interested in JtR development
#openwall channel on Freenode IRC network
Writing a plug-in (called format) is easy enough (start
contributing!)
https://github.com/magnumripper/JohnTheRipper
9. Ettercap
Ettercap is free, open source network security tool
for doing MiTM attacks.
Allows interception and modifications of packets
on the fly.
Can be extended by writing plug-ins
10. Example: Facebook password sniffing
Facebook loads login form over HTTP which
POSTs credentials to a HTTPS link.
Modified HTTP dissector (ec_http.c) to replace
“https” with “ http”.
Login form is now posted over HTTP
Ettercap filter functionality can be used to do the
same.
11. Example: Facebook password sniffing
Only 12 lines of code added to ec_http.c
6 lines to avoid gzip encoding and 6 lines to avoid
SSL
12. Example: works for Flipkart and
Rediffmail too
Ettercap automatically prints credentials sent over
HTTP
Don’t expose / load resources over HTTP
13. Ettercap: My contributions
MySQL v5 challenge-response
PostgreSQL challenge-response
VNC challenge-response
O5LOGON protocol (used by Oracle DB)
MongoDB challenge-response
Kerberos MiTM etype downgrade attack
MongoDB MiTM fixed salt attack
14. Ettercap community
https://github.com/Ettercap/
#ettercap-project channel on Freenode IRC
network
Writing a plug-in (called dissector) is easy once the
protocol is understood (use Wireshark)
15. Attacks on Kerberos and M$ AD
infrastructure
Popular network authentication protocol used to implement
SSO
Uses shared secret/symmetric keys (which don’t travel over
the network)
Uses timestamp pre-authentication in which timestamp is
encrypted with a key (derived from the user password)
We capture encrypted timestamp and mount offline brute-
force attack
16. Kerberos: Key Derivation
The “string-to-key” function used to convert a user
password to a secret key in Kerberos is dependent
upon the encryption type (called etype) being used.
etype functions differ in cost
etype negotiation process can be attacked to
downgrade etype (and make offline attacks faster)
17. Kerberos: etype downgrade attacks
Downgrade etype 18 (aes256-cts-hmac-sha1-96, very
expensive) to etype 23 (rc4-hmac, very fast)
etype 18 brute-force attack, 380 tries per second on
CPU, 125K on ATI 7970 GPU
etype 23 brute-force attack, 728K tries per second on
CPU
Speedup > 1900X
18. Kerberos: etype downgrade attacks
These attacks have been talked about previously
but tools were not published (maybe not even
made).
My Ettercap plug-in is the first public tool to make
these attacks practical.
Only 16 lines of code.
19. Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
RC4 40-bit is still popular among banks and
income tax department.
https://github.com/kholia/RC4-40-brute-pdf
https://github.com/kholia/qpdf
Should take less than 2 days on AMD FX-8120 (8-
core Bulldozer)
20. Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
Three-step process
$ npdf2john test.pdf
test.pdf:$npdf$1*2*40*4*1*16*c56b…
$ RC4-40-brute ‘test.pdf:$npdf$1*2*40*4…’
Key is : 9296c944ee
$ qpdf --key=9296c944e --decrypt test.pdf output.pdf
21. Current and future work
Dropbox account “hijacker”
Metasploit post script for doing the same
Offline attacks on LastPass password manager
Fake VMware vCenter (and ESX) server for Metasploit
project
Fake LDAP server for Metasploit project