Transcript Lecture 2 Cracking Passwords, Sniffing, Man-in

Password Cracking, Sniffing and
Man-in-the Middle
• Agenda







Storing Passwords on the system
Password Cracking on Windows and Linux
Defenses against Password cracking
Address Resolution Protocol (ARP)
Sniffing
Defenses against Sniffing
Man in the Middle
ECE 4112 - Internetwork Security
1
Cracking Passwords
• Passwords that can be guessed easily are
a problem
• Lots of tools available to figure out
passwords
• L0phtcrack windows password cracker
• “John the Ripper” Unix password cracker
• Default passwords remaining on a system
are a typical vulnerability
ECE 4112 - Internetwork Security
2
Password storage
• Password files have passwords stored in a hashed or
encrypted form
• Hash algorithm example is message digest 4 (MD4)
• Encrypted algorithm example is Data Encryption
Standard (DES)
• When you use your password, it is hashed or encrypted
and then compared to the stored value
• Crackers use a downloaded local copy of password file
on their own machine
ECE 4112 - Internetwork Security
3
Storing Passwords
• Systems have a file with all hashed/encrypted
passwords
 Windows – SAM (Security Accounts Manager) database
 UNIX - /etc/passwd or /etc/shadow
• Access to these files can make it easy for a
hacker to break in
ECE 4112 - Internetwork Security
4
Windows Passwords
• Security Accounts Manager (SAM) has two versions for each
password
• LanMan (LM) password version for backward compatibility with
windows workgroups
• NT Hash – cryptographic hash for windows NT/2000 (Uses MD4)
• SAM file is in \WINNT\system32\config\ directory which is a binary
file that is hard to read
• Back up copy stored in \WINNT\repair
ECE 4112 - Internetwork Security
5
Using Passwords
• System has a hashed/encrypted version of the password stored
in a file
• On login attempt–
 system hashes/encrypts the password typed in by using for
example crypt() function in linux
 Compares hashed/encrypted value to stored
hashed/encrypted value
 Idea behind password cracking is to get a copy of the
hashed/encrypted passwords and then make guesses,
hash/encrypt the guess and compare
ECE 4112 - Internetwork Security
6
Password Cracking
• Dictionary Attack
 Hackers steal a copy of the stored password file
 Guess a password (may use a dictionary)
 Find hash/encrypted value of the guess
 Compare hash to entries from stored file
 Continue this until success or out of options for password
guesses.
• Brute Force – Guess every possible combination of characters
• Hybrid – Use dictionary but add characters to dictionary entries
ECE 4112 - Internetwork Security
7
Password retrieval on Windows
• Sniff the network for passwords being
transmitted
• From Administrator’s emergency repair disk
• From back-up directory
ECE 4112 - Internetwork Security
8
Password Cracking on Windows
• L0phtCrack – lc4 (Windows)
 Available at [email protected]/research/lc/
 Password Auditing and Recovery Application
 Default English dictionary 50,000 words
 Does “hybrid” attacks
 Our free trial version does not allow brute force (for $350 can purchase
with that capability)
 Works on weaker LanMan (LM) as well as NT hashes
 Can sniff a network for LanMan hashed passwords
 Can download from a local machine or remote computer the hashed
password file
ECE 4112 - Internetwork Security
9
L0phtCrack (lc4)
• Some statistics (from the website)
 L0phtCrack obtained 18% of the passwords in 10
minutes
 90% of the passwords were recovered within 48
hours on a Pentium II/300
 The Administrator and most Domain Admin
passwords were cracked
ECE 4112 - Internetwork Security
10
ECE 4112 - Internetwork Security
11
Password Cracking on UNIX
•
•
•
•
•
•
•
•
John the Ripper
Available at http://www.openwall.com/john/
Supports six hashing schemes including XP
Old Unix used /etc/passwd to store passwords
Password is stored after cryptographically altered
Various algorithms (hash/encrypted) used by various Unix platforms
/etc/password is readable by everyone
Some Unix store in a shadow password file thus /etc/passwd does not
contain the passwords since they are instead in /etc/shadow or /etc/secure,
only root can access these files
• If shadow file used, must have root to copy
ECE 4112 - Internetwork Security
12
Password retrieval on Linux
• List of login names and usernames in
/etc/passwd
• List of encrypted passwords in /etc/shadow
• Only /etc/shadow is enough to crack the
passwords.
• Having both files makes it easier
ECE 4112 - Internetwork Security
13
John the Ripper
• Combine information from /etc/passwd and
/etc/shadow into one file
• Use this file as input for John the Ripper
• John can create guesses by
 Using built-in dictionary
 Using account information
 Using brute-force guessing algorithm
ECE 4112 - Internetwork Security
14
John the Ripper
• Scrambling used for each guess
• When a password is cracked, result displayed
on screen
• During execution of this tool, hitting any key
will give current guess and status
• Password complexity determines time needed
for cracking them
ECE 4112 - Internetwork Security
15
Defenses against Password Cracking
•
•
•
•
•
•
•
Select good passwords (not dictionary based)
Change regularly
Use tools to prevent easy passwords
Use password cracking tests against own systems
Protect system back ups that have password files
Unix: activate password shadowing
Windows: disable weaker LM authentication if no
windows 95/98 machines on network
ECE 4112 - Internetwork Security
16
Agenda
Storing Passwords on the system
Password Cracking on Windows and Linux
Defenses against Password cracking
• Address Resolution Protocol (ARP)
• Sniffing
• Defenses against Sniffing
• Man in the Middle
ECE 4112 - Internetwork Security
17
What is ARP?
• Address Resolution Protocol
 Used to convert IP addresses to MAC
addresses
 Low-Level Protocol
 Essential for inter-network communication
 Used in networks with broadcast capabilities;
usually Ethernet
ECE 4112 - Internetwork Security
18
How does ARP work?
•
Internetwork Example
 A forwards packet to Gateway
 Gateway checks to see if it has
the IP address in the cache
 If so, change the address and
format packet appropriately and
forward on the network
 Otherwise broadcast a request
on the network. B will respond
with MAC address. Format
packet and forward to B.
ECE 4112 - Internetwork Security
19
How does ARP work?
• LAN Example
 A sends ARP request packet
on LAN
 Only the machine with
matching IP responds with
MAC
 B caches the IP & MAC pair
 Forwards all packets for
same IP to the cached MAC
ECE 4112 - Internetwork Security
20
Example of ARP in Use
The figure shows the
use of ARP when a
computer is trying to
contact another
computer on the
same LAN using
ping:
ECE 4112 - Internetwork Security
21
Four Types of ARP Messages
ARP request
ARP reply
RARP request
RARP reply
ECE 4112 - Internetwork Security
22
Reverse Address Resolution
Protocol (RARP)
• Physical address of host machine is able to
request its IP from a gateway server’s ARP table
• A router maps the MAC address to
corresponding Internet Protocol addresses
• RARP client program requests from the RARP
server on the router to be sent its IP address
• RARP then returns the IP address to the
machine which can store it for future use
ECE 4112 - Internetwork Security
23
Format of ARP Message
The ARP request includes:
-target machine (TARGET IP)
-IP address of the sender
machine
(SENDER IP)
-physical address of the sender
(SENDER HA)
-physical address of target
machine
(TARGET HA)
ECE 4112 - Internetwork Security
24
ARP Poisoning
Note: ARP is stateless
The malicious computer
(Machine C) can send an
ARP Reply to A and cause
A to associate B’s IP with
C’s MAC address.
This will cause all
messages from A to B to go
to C
Do the same to B
ECE 4112 - Internetwork Security
25
ARP Poisoning
C can now act as middle
man for all communications
between A and B.
C can decide which packets
are forwarded and which
are discarded.
C can also alter
communications packets
between A and B.
This attack can act as a
doorway.
ECE 4112 - Internetwork Security
26
Agenda
Storing Passwords on the system
Password Cracking on Windows and Linux
Defenses against Password cracking
Address Resolution Protocol (ARP)
• Sniffing
• Defenses against Sniffing
• Man in the Middle
ECE 4112 - Internetwork Security
27
Sniffing
• Collect information being transmitted on the
network
• Attacker must be either on source, destination
or intermediate network
• Sniffed information can be stored/logged
ECE 4112 - Internetwork Security
28
Sniffing traditional LANS
• Traditional networks
 Broadcast medium – easy to sniff
Data A
H
U
B
attacker
Data A
ECE 4112 - Internetwork Security
29
Sniffing Switched LANS
• Switched LANS
 Difficult to do, but possible
 Address Resolution Protocol Cache Poisoning Attacker must inject packets into the network to
redirect traffic
 Attacker lies about the MAC address intercepts
traffic
– ARP tells which MAC address corresponds to which IP
address
ECE 4112 - Internetwork Security
30
Sniffing Switched LANS
attacker
Data A
S
W
I
T
C
H
Data A
ECE 4112 - Internetwork Security
31
Sniffit
• Easy to use sniffer
• Available at:
http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
• Can be run in interactive mode
• Can be used to sniff traditional LANS
• For Switched LANS, must be used with ARP
Cache Poisoning tools
ECE 4112 - Internetwork Security
32
Sniffit
• Conditions (from the Sniffit web page):
 You should be ROOT on your machine
 The machine has to be connected to a network
 You have to be allowed to sniff (ethical condition)
ECE 4112 - Internetwork Security
33
Sniffit – Interactive mode
• All TCP traffic can be viewed in main screen
• Traffic from each system and port to each
system and port can be seen
• Has option to see data in a particular stream
flow
ECE 4112 - Internetwork Security
34
ethereal
• From http://www.ethereal.com/
• Ethereal is a free network protocol analyzer for Unix and
Windows.
• It allows you to examine data from a live network or
from a capture file on disk.
• You can interactively browse the capture data, viewing
summary and detail information for each packet.
• Ethereal has several powerful features, including a rich
display filter language and the ability to view the
reconstructed stream of a TCP session.
ECE 4112 - Internetwork Security
Source: www.ethereal.com
35
Source: www.ethereal.com
ECE 4112 - Internetwork Security
36
Defense against Sniffing
•
•
•
•
•
Transmit encrypted data across a network
Don’t use telnet, rsh,rlogin
Use Secure Shell
Use VPNs to encrypt data between systems
Use switches instead of hubs – makes sniffing
more difficult
ECE 4112 - Internetwork Security
37
Defense against Sniffing
• For critical systems
 MAC address filtering on switches
 Restrict MAC addresses that can send and receive
data on specific switch connectors (plugs)
 Hard code ARP tables on critical systems
ECE 4112 - Internetwork Security
38
Agenda
Storing Passwords on the system
Password Cracking on Windows and Linux
Defenses against Password cracking
Address Resolution Protocol (ARP)
Sniffing
Defenses against Sniffing
• Man in the Middle
ECE 4112 - Internetwork Security
39
Man in the Middle:Sniffing
• It is the easiest attack to launch since all
the packets transit through the attacker.
• All the “plain text” protocols are
compromised (the attacker can sniff user
and password of many widely used
protocol such as telnet, ftp, http)
ECE 4112 - Internetwork Security
40
Man in the Middle: Hijacking
• Easy to launch
• It isn’t blind (the attacker knows exactly
the sequence numbers of the TCP
connection)
ECE 4112 - Internetwork Security
41
Man in the Middle: Injecting
• Possibility to add packets to an already established
connection (only possible in full-duplex MITM)
• The attacker can modify the sequence numbers and
keep the connection synchronized while injecting
packets.
• If the MITM attack is a “proxy attack” it is even easier to
inject (there are two distinct connections)
ECE 4112 - Internetwork Security
42
Attacks examples (1)
Command injection
• Useful in scenarios where a one time
authentication is used (e.g. RSA token). In such
scenarios sniffing the password is useless, but
hijacking an already authenticated session is
possible
• Injection of commands to the server
• Emulation of fake replies to the client
ECE 4112 - Internetwork Security
43
Attacks examples (2)
Malicious code injection
• Insertion of malicious code into web
pages or mail (javascript, trojans, virus,
etc)
• Modification on the fly of binary files
during the download phase (virus,
backdoor, etc)
ECE 4112 - Internetwork Security
44
Attacks examples (3)
Payload modification
• The attacker can modify the payload of the
packets by recalculating the checksum
• The length of the payload can also be changed
but only in full-duplex (in this case the seq
number has to be adjusted)
ECE 4112 - Internetwork Security
45
The Lab Exercise – Set up
ECE 4112 - Internetwork Security
46
The Exercise - Tools
• Address Resolution Protocol
• Ettercap to passively sniff a connection
• Ettercap to actively disrupt a
connection
• Hunt to hijack a connection
ECE 4112 - Internetwork Security
47
Exercise – Investigating ARP
• Check ARP Table on all machines
• Observe changes to the ARP table using Ethereal as
unknown IP addresses are pinged
• Get a better feel for ARP by making manual changes
to the ARP table
• Observe effects of making incorrect entries into the
ARP table
ECE 4112 - Internetwork Security
48
Exercise – Using Ettercap
ECE 4112 - Internetwork Security
49
The Lab - Introduce Ettercap
ECE 4112 - Internetwork Security
50
Exercise – Using Ettercap
• Use Ettercap passively for sniffing
 Use Redhat 8.0 machine to ARP poison both 7.2 machines
 Start an FTP communication between the two 7.2 machines
 Observe traffic between the two 7.2 machines
• Use Ettercap actively for disruption
 Start a telnet connection between the two 7.2 machines
 Use filters to disrupt the connection between the two
machines
ECE 4112 - Internetwork Security
51
Exercise – Using Hunt
• Hijack a connection between the two 7.2
machines
 ARP poison the 7.2 machines
 Start an active connection between the two 7.2
machines
 Use Hunt to hijack the connections
ECE 4112 - Internetwork Security
52
Session hijack example
From http://staff.washington.edu/dittrich/talks/qsm-sec/
This demonstration involves three hosts: attacker, victim, and target.
•attacker is the system used by the attacker for the hijack.
•victim is the system used by the victim for telnet client connections to the target system.
•target is the target system that the intruder wants to compromise. It is where the telnetd
daemon is running.
A simple diagram of the network shows the attacker and victim hosts are on the same network
(which may use an ethernet switch and the attack will still work), while the target system can be
anywhere. (Actually, either victim or target can be on the same network as attacker: it doesn't
matter.)
For the attack to succeed, the victim must use telnet, rlogin, ftp, or any other non-encrypted
TCP/IP utility. Use of SecurID card, or other token based secondary authentication is useless as
protection against hijacking, as the attacker can simply wait until after the user authenticates, then
hijack the session.
ECE 4112 - Internetwork Security
53
ECE 4112 - Internetwork Security
54
Session hijack example
From http://staff.washington.edu/dittrich/talks/qsm-sec/
The attack scenario can be as simple as:
1. Attacker: Spends some time determining the IP addresses of target and victim
systems. Determining trust relationships can be easily done with utilities like
SATAN, finger, systat, rwho or running who, ps, or last from previously stolen (or
wide open "guest" style) accounts.
2. Attacker: Runs hunt as root on attacking host. Waits for hunt to indicate a
session has been detected (hunt will note a new session by changing its prompt
from "->" to "*>").
3. Attacker: Starts ARP relay daemon, prepares RST daemon entry for use later,
sets option to enable host name resolution (for convenience).
4. Victim: Logs in to target using telnet. Runs pine to read/compose email.
ECE 4112 - Internetwork Security
55
Session hijack example
From http://staff.washington.edu/dittrich/talks/qsm-sec/
5.
Attacker: Sees new connection; lists active connections to see if this one is
potentially "interesting." If it is, attacker can either watch the session (packet
sniffing) or hijack the session. Decides to hijack.
6.
Victim: Sees strange new prompt. Tries pressing RETURN and doesn't know what
to think. Tries web browser and notices that it still works fine (not a network
problem). Not sure what to think.
7.
Attacker: Finds this is a user session and decides to give it back (resynchronizes
TCP/IP stream).
8.
Victim: Sees prompt for keystrokes, follows request, gets session back. Puzzled,
decides to log in to root account to take a closer look.
9.
Attacker: Turns on RST daemon to prevent new connections, waits to hijack root
session.
10.
Victim: Runs ssu to get SecurID protected root shell.
ECE 4112 - Internetwork Security
56
Session hijack example
From http://staff.washington.edu/dittrich/talks/qsm-sec/
11.
Attacker: Completes hijack after seeing root login.
12.
Victim: Sees strange prompt. Tries pressing RETURN again. Same result as
before. Tries web browser again. Same thing. Tries getting a new telnet session.
Fails. Tries ftp. Fails.
13.
Attacker: Sets up backdoor, disables command history, resets session, turns off
RST daemon.
14.
Victim: Finally gets a new session. Original session is now gone. Assumes
network outage or Windows TCP/IP stack corruption. Reboots system and
everything is back to "normal").
15.
Attacker: Waits for admin's sessions to all disappear (gone home for the night),
then logs in using new backdoor. Installs rootkit (more backdoors, sniffer), cleans
log files.
ECE 4112 - Internetwork Security
57
References
• http://alor.antifork.org/talks/MITMBHeu03.ppt
• http://www.csc.vill.edu/~fsalandr/netclass
/cassel.ppt
• http://staff.washington.edu/dittrich/talks/
qsm-sec/script.html
ECE 4112 - Internetwork Security
58