Information Assurance Day Course

Information Assurance Day Course Cracking Passwords

Outline • Introduction • Passwords & Hashes • How do you get them? • How can you abuse them? • The Exercises • Obtaining Hashes • LiveCD • Exploit • Passive Sniffing • Cracking Passwords

Introduction – Passwords & Hashes Passwords are used everywhere. The recommended best practice for storing them is to store them as a salted hash. Unix: $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ Windows LM: 855c3697d9979e78ac404c4ba2c66533 Windows NTLM: $NT$7f8fe03093cc84b267b109625f6bbf4b Salts are used to prevent cracking using precomputed hashes (rainbow tables) and bulk cracking.

Introduction – Obtaining Hashes In order to obtain password hashes, you must know where they are stored and how they are used. Hashes are usually stored locally on disk and are sometimes transmitted over the network. It follows then, that if we can somehow gain access to the disk or sniff some network traffic, we should be able to grab some password hashes.

Introduction – Abusing Hashes You now have some hashes. What can you do with them? • Pass the Hash Attack (Windows) • Crack them! • John the Ripper • Ophcrack • rcracki

Information Assurance Day Course

Information Assurance Day Course

Presentation Transcript

Information assurance club

NATO Information Assurance

Quality Assurance Officer Course

Quality Assurance Course Portfolio

CyberDefenses Information Assurance

Quality Assurance Course Portfolio

Information Assurance Services

Information Assurance/Cyber Defense

Information Assurance Professional

Information Assurance and Information Sharing

Information Assurance Management

Information Assurance IATF

Information Assurance Day Course

Information Assurance Management

Information Assurance

Information Assurance

Information Assurance

Information Assurance

Information Assurance

Information Assurance

Information Assurance