cracking password

cracking passwords

types of password attacks:
online attacks(線上破解方式)
 passive online attacks(被動式線上破解方法)
  被動的監聽網路上的資料分析密碼
  若網路上沒有人送出密碼則無法取得分析,若密碼在網路上加密也無法分析
 active online attacks(主動式線上破解方法)
  最傳統破解方式,需直接與目標接觸
  會不斷嘗試密碼或利用認證漏洞猜測密碼
  因不斷在線上猜測密碼所以容易被偵測到
  解決方案:限制密碼錯誤次數
offline attacks(離線破解方法)
 將密碼檔偷回去做分析
 猜測密碼時不在線上,所以不容易被偵測到
non-electronic attacks

password attacks實做有以下:
passive online attacks
 wire sniffing:監聽網路資料
 man-in-the-middle:假裝成gateway監聽網路資料
 replay attacks
active online attacks
 password guessing
offline attacks
 dictionary attack:使用字典檔中的字串來嘗試正確的密碼
 brute-force attack:把所有可能字元組合起來嘗試正確的密碼
 hybrid attack:dictionary+brute-force attack:先用dictionary attack在用brute-force attack

 pre-computed hashes:預先算出hash值放進工具裡嘗試密碼
non-electronic attacks
 shoulder surfing:在後面偷看密碼的輸入
 keyboard sniffing:鍵盤側錄
 social engineering:社交工程

syllable attack:音節攻擊
rule-base attack:用某種己知的規則嘗試密碼
distributed network attack:使用多台機器嘗試密碼
rainbow attack:用rainbow table嘗試密碼
ps:
rainbow table是一个庞大的、针对各种可能的字符组合预先计算好的哈希值的集合

ps:
預設密碼網站
www.defaultpassword.com
www.cirt.net/cgi-bin/passwd.pl
www.virus.org/default-password

ps:
文件破解
破解pdf工具與破解word,excel...等之類的工具不太一樣
word,excel破解是將密碼解開
pdf破解是將密碼移掉
pdf tool有abcom pdf password cracker

....

password risks mitigation方法
biometrics:使用生物技術
smart card:

administrator password guessing
1assuming that netbios tcp139 is open
2attempting to connect to an enumerated share and trying user name/password
3default admin$,c$,%systemdrive% shares are good starting points

manual password cracking algorithm
automatic password cracking algorithm

bruteforce password寫法
for %%i in net use c$ %i /u:

ex:破解192.168.1.1的administrator的密碼
for %%i in net use 192.168.1.1c$ %i /u:administrator

tool
nat(netbios auditing tool)
smbbf(smb passive brute force tool):需在win2000下
smbcrack tool
l0phtcrack:也稱為lc4或lc5,強項在brute-force

........................................................................................................................................................

lm,ntlm v1,ntlm v2

lm弱點
a password of less than 8 characters的hash會如下
<...........................>AAD3B435B51404EE

...

hash tool
pwdump2:只能針對local的nt sam database,使用dll injection
pwdump3: 支援2000,remote
rainbowcrack:可用本身的或用別人的rainbow table
kerbcrack:破解kerberos,分為kerbsniff and kerbcrack,運作方式是先偷聽在做offline破解
john the ripper:unix經典工具,速度快執行程式小
hashcat:free password cracker 
http://systw.net/note/af/sblog/more.php?id=325

 

........................................................................................................................................................

sniffer password
ps:需設定網卡為promicous mode才可sniffer

sniff smb credentials
ex:
windump -nes 0 -w C:cehfile tcp[28]=0x72 or tcp[28]=0x73 or tcp[40]=0x72 or tcp[40]=0x73

sniffer password tool
l0phtcrack
scooplm

password hacking tool
lcp:可讀sam,lc,lcs,sniff file,pwdump file資料,可使用dictionary,brute-force,hybrid attack
sid&user:圖形 sid2user,可用在winnt/2000/xp/2003
ophcrack2:使用rainbow table做比對
crack
access passview
asterisk logger:非密碼破解,而是將asterisk移除
chaos generator:可算出密碼的hash做參考
asterisk key
ms access database password decoder

........................................................................................................................................................

protect password建議
never leave a default password
never use a password that can be found in a dictionary
never use a password relate to the hostname,domain name,or anything else that can be found with whois
never use a password related to your hobbies,pets,relatives,or date of birth

countermeasures
password 使用8-12 character
每30天換password
physically isolate and protect the server
use syskey utility to store hashes on disk
監控log是否有brute force attack
使用stanford srp或kerberos

不要使用數字密碼
數字密碼最簡單,最好記,最多人用
因為簡單所以較好破解,因為多人用所以成功率高

因sam database容易被取出,建議disable lm hash
method a:
by using group policy
1 in group policy:computer configuration > windows settings > security settings > local policies > security options
2 network security:do not store lan manager hash value on next password change > ok
method b:
by editing the registry

1 HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
2 add key,type NoLMHash
method c:
use a password that is at least 15 characters long
ps
sam file is located at %systemroot%system32config

tool:
password brute-force estimate tool:測試brute-force時間
lastbit.com/passwordestimation.asp:online tool,計算密碼強度
syskey utility:microsoft 建議使用
accountaudit:在網路上檢查帳號database之間的資料


2010-03-10 10:11:14發表 2017-03-19 16:49:02修改   

數據分析
程式開發
計算機組織與結構
資料結構與演算法
Database and MySql
manage tool
windows
unix-like
linux service
network
network layer3
network layer2
network WAN
network service
作業系統
數位鑑識
資訊安全解決方案
資訊安全威脅

Cisco security
Cisco network
Cisco layer3
Cisco layer2



  登入      [牛的大腦] | [單字我朋友] Powered by systw.net