Transcript Security Lab

Mark Shtern


Passwords are the most common
authentication method
They are inherently insecure
•
Human generated passwords
• Come from a small domain
• Easy to guess – dictionary attacks
•
Stronger passwords
• Computer generated or verified
• Not user friendly
• Hard to remember



Physical Access
Offline password cracking
Online password cracking



Boot using Linux bootable CD
Mount system drive
Reset Administration Password (Windows:
chntpwd; Linux modify shadow file)


Collect password hashes
Crack passwords


Eavesdropping (Sniffing)
Password file





Windows – SAM,NTDS.dit file (pwdump[2-6] and
fgdump)
Linux – shadow file (unshadow)
Memory Dump (debug tools: WinDgb, gdb), System
calls (APImonitor, strace)
SQL database, configuration file
Source code

Types





Brute Force
Dictionary
Hybrid
Rainbow
The most popular crackers


Windows: Ophcrack, Cain & Abel, LCP
Linux: John the Ripper (john)



Eavesdropping: Encrypt the channel, e.g.
using SSL or SSH
Offline dictionary attacks: Limit access to
password hashes, strong passwords, password
lifetime, use salt
Online dictionary attacks: Delayed answers,
strong passwords, account lockouts