SlideShare una empresa de Scribd logo

Password Cracking

Descargar como PPTX, PDF
Sina Manavi
Sina Manavi

Password Cracking , Password Penetration Testing , Website Login Cracking , Router Login Cracking , Windows Login Cracking , Gmail Pasword extraction

Educación
1 de 26
Password Attacks Instructor : Sina Manavi 13th March 2014
About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com Twitter:@sinamanavi
Agenda • What is Password? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Password Cracking Tools • Hardening the password • Demo
What is Password • String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life  • Comprises: [a-zA-z, 0-9, symbols , space]
Password Characteristics • No short length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes  ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
Password Security • Don’t use your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
Password Cracking Concept • guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
Password Cracking Concept • Password Cracking is illegal purpose to gain unauthorized access • To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
Type of Password Attacks • Dictionary Attack • Brute Force Attack • Rainbow table attack • Phishing • Social Engineering • Malware • Offline cracking • Guess
Password Cracking Types • Brute Force, Dictionary Attack, Rainbow Table
Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
Password Cracking Types: (Phishing)
Password Cracking Types:(Social Engineering) • sometimes very lazy genius non-IT Geeks can guess or find out your password
Application Password Cracking: (Malware)
Password Cracking Types:(Offline Cracking) • We have enough time to break the password • Usually take place for big data • Or very strong and complicated password • After attack • Forensics investigation
Password Cracking Tools • Brutus ▫ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking. • RainbowCrack ▫ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version • Wfuzz ▫ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection • Cain and Able *** ▫ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator, • John the Ripper ▫ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker • THC Hydra ▫ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc) • Medusa • AirCrack-NG ▫ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools • OphCrack • L0phtCrack
Password hardening
Password Hardening • Techniques or technologies which put attacker, cracker or any other malicious user in difficulties • Brings password policy • Increase the level of web,network , application and physical access of to the company or organization. • Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
Password Hardening • All the Security solution just make it more difficulte. Harder but possible
Lets get hands dirty
Demo: • Cracking the zipped File • Windows Login Cracking • Router login password Cracking 192.168.0.1 • Gmail Password hacking ( Dumping Physical Memory)
Cracking Zip password Protected File Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • Having Password-list and Username-list for brute forcing • A Zip password protected File • And poor file owner 
Windows Login Cracking Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for bruteforcing • Your target windows
Router login password Cracking Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for brute forcing • Find the nearest Starbucks 
Gmail Password hacking ( Dumping Physical Memory) • Dumpit (free Windows tool) • Strings and Grep
Password Cracking Depends on • Attacker's strengths • Attacker's computing resources • Attacker's knowledge • Attacker's mode of access [physical or online] • Strength of the passwords • How often you change your passwords? • How close are the old and new passwords? • How long is your password? • Have you used every possible combination: alphabets, numbers and special characters? • How common are your letters, words, numbers or combination? • Have you used strings followed by numbers or vice versa, instead of mixing them randomly?

Recomendados

Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 

Recomendados

Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolMd. Raquibul Hoque
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Hacking
HackingHacking
Hackingpranav patade
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 

Más contenido relacionado

La actualidad más candente

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolMd. Raquibul Hoque
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 

La actualidad más candente (20)

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
System hacking
System hackingSystem hacking
System hacking
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Hacking
HackingHacking
Hacking
 
User authentication
User authenticationUser authentication
User authentication
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking
HackingHacking
Hacking
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Footprinting
FootprintingFootprinting
Footprinting
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Port scanning
Port scanningPort scanning
Port scanning
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 

Similar a Password Cracking

password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Cyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxCyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxVASUOFFICIAL
 
Web defacement
Web defacementWeb defacement
Web defacementstudent
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxFarhanaMariyam1
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPrasad Pawar
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Paul Yang
 

Similar a Password Cracking (20)

password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Cyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxCyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptx
 
Web defacement
Web defacementWeb defacement
Web defacement
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass ProtocolPassword Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & Anywhere
 
Password Pusher Media Resources
Password Pusher Media ResourcesPassword Pusher Media Resources
Password Pusher Media Resources
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
 

Más de Sina Manavi

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Sina Manavi
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Sina Manavi
 

Más de Sina Manavi (9)

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media Forensics
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi
 

Último

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 

Último (20)

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 

Password Cracking

  • 1. Password Attacks Instructor : Sina Manavi 13th March 2014
  • 2. About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com Twitter:@sinamanavi
  • 3. Agenda • What is Password? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Password Cracking Tools • Hardening the password • Demo
  • 4. What is Password • String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life  • Comprises: [a-zA-z, 0-9, symbols , space]
  • 5. Password Characteristics • No short length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes  ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
  • 6. Password Security • Don’t use your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
  • 7. Password Cracking Concept • guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
  • 8. Password Cracking Concept • Password Cracking is illegal purpose to gain unauthorized access • To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
  • 9. Type of Password Attacks • Dictionary Attack • Brute Force Attack • Rainbow table attack • Phishing • Social Engineering • Malware • Offline cracking • Guess
  • 10. Password Cracking Types • Brute Force, Dictionary Attack, Rainbow Table
  • 11. Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
  • 13. Password Cracking Types:(Social Engineering) • sometimes very lazy genius non-IT Geeks can guess or find out your password
  • 15. Password Cracking Types:(Offline Cracking) • We have enough time to break the password • Usually take place for big data • Or very strong and complicated password • After attack • Forensics investigation
  • 16. Password Cracking Tools • Brutus ▫ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking. • RainbowCrack ▫ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version • Wfuzz ▫ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection • Cain and Able *** ▫ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator, • John the Ripper ▫ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker • THC Hydra ▫ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc) • Medusa • AirCrack-NG ▫ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools • OphCrack • L0phtCrack
  • 18. Password Hardening • Techniques or technologies which put attacker, cracker or any other malicious user in difficulties • Brings password policy • Increase the level of web,network , application and physical access of to the company or organization. • Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
  • 19. Password Hardening • All the Security solution just make it more difficulte. Harder but possible
  • 20. Lets get hands dirty
  • 21. Demo: • Cracking the zipped File • Windows Login Cracking • Router login password Cracking 192.168.0.1 • Gmail Password hacking ( Dumping Physical Memory)
  • 22. Cracking Zip password Protected File Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • Having Password-list and Username-list for brute forcing • A Zip password protected File • And poor file owner 
  • 23. Windows Login Cracking Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for bruteforcing • Your target windows
  • 24. Router login password Cracking Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for brute forcing • Find the nearest Starbucks 
  • 25. Gmail Password hacking ( Dumping Physical Memory) • Dumpit (free Windows tool) • Strings and Grep
  • 26. Password Cracking Depends on • Attacker's strengths • Attacker's computing resources • Attacker's knowledge • Attacker's mode of access [physical or online] • Strength of the passwords • How often you change your passwords? • How close are the old and new passwords? • How long is your password? • Have you used every possible combination: alphabets, numbers and special characters? • How common are your letters, words, numbers or combination? • Have you used strings followed by numbers or vice versa, instead of mixing them randomly?

Notas del editor

  1. from stored locations or from data transmission system.
  2. Using Fake pages or application