Lecture04: Network Layer Security
Download
Report
Transcript Lecture04: Network Layer Security
Session Layer Security
Lecture 6
Supakorn Kungpisdan
[email protected]
Roadmap
Introduction
SYN Attack
Session Hijacking
DNS Poisoning
SSH Downgrade Attack
Authentication Techniques and Attacks
NETE4630 Advanced Network Security and Implementation
2
Introduction
Session layer provides a set of features that contributes to
the reliability and usefulness of modern network
communications
Session Checkpoint
Session Adjournment
Session Termination
Half- and Full-Duplex Operations
NETE4630 Advanced Network Security and Implementation
3
Session Checkpoint
TCP acknowledgement (ACK) packets are regularly passed
between hosts to identify the last packet that was received
TCP delays the transmission of an ACK packet until either a timeout
is reached or a number of packets equal to the TCP window size
have been sent
This delays increases the efficiency of the protocol and establishes
checkpoints
At any point, TCP can resume transmission from the previous
checkpoint if a delivery failure occurs
NETE4630 Advanced Network Security and Implementation
4
Session Adjournment
TCP sessions may be adjourned through setting the TCP
window to 0 byte.
This informs the sending host that no buffer is available to hold
transmitted data and halts communications without losing the
connection
NETE4630 Advanced Network Security and Implementation
5
Session Termination
TCP provides a means for both graceful and immediate session
terminations
Graceful termination occur by setting a finish (FIN) flag that is
subsequently acknowledged by the recipient
Immediate termination occur by using packets with the reset (RST)
flag set
Half- and Full-Duplex Operations
• While TCP operates at full duplex, the session layer allows for both
full- and half-duplex operations
NETE4630 Advanced Network Security and Implementation
6
Attacking the Session Layer
Rely primarily on abuses of the TCP and IP headers
Several behavior designed into the TCP specification allow a wide
variety of attacks
In particular, TCP flags and Sequence and Acknowledgement
numbers enable several methods of attack
Newer attacks may focus on higher layer protocol like Session
Description Protocol (SDP) and Session Initiation Protocol (SIP)
NETE4630 Advanced Network Security and Implementation
7
SYN (Flood) Attack
Use legitimate TCP functions permits attackers with a small number
of hosts to conduct DoS, which can completely saturate the
bandwidth of a corporation
In TCP three-way handshake, a new source port is selected on the
client host for each new connection that is opened to a particular
port on a server
The server has to allocate a number of resources to handle each
connection
A large number of hosts can use this to great effect when attacking
a web site
NETE4630 Advanced Network Security and Implementation
8
SYN Attack (cont.)
From an attacker’s perspective, this approach is less than
ideal:
1.
Creating multiple connections is extremely inefficient
Every established connection consumes a lot of resources on the server
and the attacking client
2.
3.
This kind of attack is not anonymous
Many servers limit the number of connections that they will
accept from a single host
NETE4630 Advanced Network Security and Implementation
9
Performing SYN (Flood) Attack
Our goal is to consume resources on the victim server but
not on the DoS client
We want to avoid using any system calls to open network
connections
NETE4630 Advanced Network Security and Implementation
10
SYN Attack with hping3
Hping2 tool provides a simple means for producing crafted packets
Executing a single SYN packet to port 6666 on the victim server
Packet
count
Dest port
SYN flag set
$ hping3 –c 1 –p 6666 –S 10.10.1.9
In this case, we use the attacking machine’s IP as source IP
NETE4630 Advanced Network Security and Implementation
11
SYN Attack with hping2 (cont.)
NETE4630 Advanced Network Security and Implementation
12
SYN Attack with hping2 (cont.)
However, the DoS client was stymied by attempts to circumvent its
resource consumption
Any TCP stack that meets an unsolicited SYN/ACK packet will
respond with an RST
The solution is to spoof a source IP address
$ hping –c 1 –a 10.12.250.250 –p 6666 –S 10.1.1.9
Spoofed IP address
NETE4630 Advanced Network Security and Implementation
13
SYN Attack with hping2 (cont.)
Target keeps sending SYN/ACK to the spoofed source
until reaching timeout
NETE4630 Advanced Network Security and Implementation
14
SYN Attack with hping2 (cont.)
The victim server attempts to reply to the non-existent host
with SYN/ACK
TCP tries to ensure reliable delivery and will continue to
complete the handshake until timeout
The DoS client can now produce packets as fast as it can
spoof them, while at the same time the victim server
attempts to complete handshakes in vain
NETE4630 Advanced Network Security and Implementation
15
Note on SYN Attack
Careful selection of the spoofed IP is necessary to conduct
a successful DoS attack
The most successful method to ensure delivery of a
spoofed packet is to select an unused IP on the same
subnet as the attacking host
NETE4630 Advanced Network Security and Implementation
16
Reflective Attack
A variation of SYN attack
Launched by sending a large number of SYN packets to a
web server but alters the source address so that it is to
match the address of the victim
The web server responds to the large number of SYN
packets by issuing a flood of traffic back to the spoofed
victim’s address
NETE4630 Advanced Network Security and Implementation
17
Session Hijacking
Session hijacking works by taking advantage of the fact
that most communications are protected (by providing
credentials) at session setup, but not thereafter.
These attacks generally fall into three categories:
Man-in-the-middle (MITM)
Blind Hijacking
Session Theft
Ref: http://technet.microsoft.com/en-us/magazine/cc160809(TechNet.10).aspx
NETE4630 Advanced Network Security and Implementation
18
MITM Attacks
Attacker intercepts all communications between two hosts.
With communications between a client and server now
flowing through the attacker, he or she is free to modify
their content.
Protocols that rely on the exchange of public keys to
protect communications are often the target of these types
of attacks
NETE4630 Advanced Network Security and Implementation
19
Blind Hijacking
An attacker injects data such as malicious commands into
intercepted communications between two hosts commands like
"net.exe localgroup administrators /add
EvilAttacker".
This is called Blind Hijacking because the attacker can only inject
data into the communications stream, but cannot see the response
to that data (such as "The command completed
successfully.")
Essentially, the blind hijack attacker is shooting data in the dark, but
this method is still very effective
NETE4630 Advanced Network Security and Implementation
20
Session Theft Attacks
Attacker neither intercepts nor injects data into existing
communications between two hosts.
Instead, the attacker creates new sessions or uses old
ones.
This type of session hijacking is most common at the
application level, especially Web applications.
NETE4630 Advanced Network Security and Implementation
21
Hijacking A TCP Session
Session
establishment
Data transfer
NETE4630 Advanced Network Security and Implementation
22
Hijacking A TCP Session (cont.)
If the attacker wanted to inject data into the TCP session as the
client, he or she would need to:
Spoof the client's IP address
Determine the correct sequence number that is expected by the server from
the client
Inject data into the session before the client sends its next packet
To achieve the third, the attacker could just send the data to inject
and hope it is received before the real client does
Or, the attacker could perform a DoS attack on the client, or use
ARP spoofing
NETE4630 Advanced Network Security and Implementation
23
Blind Injection
When the client receives the ACK packet, it will be confused, either
because it did not send any data or because the next expected
sequence is incorrect.
NETE4630 Advanced Network Security and Implementation
24
Hijacking A TCP Session (cont.)
Maybe the attacker can send something "nice" like "mv `which
emacs` /vmunix && shutdown –r now" and not just a single
character)
This confusion can cause a TCP ACK storm, which can disrupt a
network
Attackers can automate the session hijacking process with tools
such as Juggernaut, Hunt, and Ettercap
NETE4630 Advanced Network Security and Implementation
25
Hijacking A UDP Session
Attackers do not have to worry about the overhead of managing
sequence numbers and other TCP mechanisms.
Since UDP is connectionless, injecting data into a session without
being detected is extremely easy
DNS queries, online
games like the Quake
series and Half-Life, and
peer-to-peer sessions
are common protocols
that work over UDP; all
are popular targets for
this kind of session
hijacking
NETE4630 Advanced Network Security and Implementation
26
Determining Susceptibility
One way to check if your network is vulnerable to session hijacking
is to hijack actual network sessions using common attacker tools
e.g. Juggernaut or Hunt (now Ettercap)
Alternatively, try to find out if using transport protocols that do not
use cryptographic protection
Protocols such as Telnet and FTP are extremely susceptible to
hijacking when not protected inside encrypted tunnels
Countermeasure is to use SSL, SSH, and IPSec
NETE4630 Advanced Network Security and Implementation
27
Tricks and Techniques
TCP ACK Storm
ARP Table Modification
TCP Resynchronizing
Remotely Modifying Routing Table
NETE4630 Advanced Network Security and Implementation
28
TCP ACK Packet Storm
As the attacker injects
more and more data,
the size of the ACK
storm increases and
can quickly degrade
network performance.
If neither the attacker nor the client explicitly closes the session, the
storm will likely stop itself eventually when ACK packets are lost in
the storm.
NETE4630 Advanced Network Security and Implementation
29
ARP Table Modification
Finding owner of MAC address
NETE4630 Advanced Network Security and Implementation
Spoofed reply
30
ARP Table Modification (cont.)
Stopping TCP ACK Storm
NETE4630 Advanced Network Security and Implementation
31
TCP Resynchronizing
To hide his/her tracks, an attacker who is finished session
hijacking might want to resynchronize the communicating
hosts.
The problem is that, after the attack, the two hosts whose
session was hijacked will be at different points in the
session.
In other words, each host will be expecting different
sequence numbers.
For example, server might think that it is 40 bytes into the
session when the client might have sent only 29 bytes.
NETE4630 Advanced Network Security and Implementation
32
TCP Resynchronizing (cont.)
Since sequence numbers move in only a positive
direction, it's not possible to manipulate the server so that
its expected sequence number moves downward to
match the client's sequence number.
Tools like Hunt try to solve this problem by sending a
message to the client
msg from root: power failure – try to type 13 chars
NETE4630 Advanced Network Security and Implementation
33
Remotely Modifying Routing Table
Attacker who wants to hijack a session wants to route all
communications between a client and server through him or her
making it easy to monitor, modify, and inject data into the session,
as in MITM attacks.
Attacker modifies the routing table of the host is to forge ICMP
Redirect (type 5) packets and advertise them as the route to take
when sending data.
To protect Windows® hosts from forged ICMP redirect, set the
EnableICMPRedirect value to 0 under the registry key
HKLM\System\CurrentControlSet\Services\AFD\Paramet
ers
NETE4630 Advanced Network Security and Implementation
34
DNS Poisoning
A more common example of session hijacking is DNS
poisoning
DNS poisoning allows you to convince a DNS server that a
hostname resolves to an arbitrary IP
NETE4630 Advanced Network Security and Implementation
35
DNS Resolution
3 4
56
Client does not query the
canonical nameserver
because of the efficiency
provided by caching at the
local nameserver
1
2
NETE4630 Advanced Network Security and Implementation
36
DNS Poisoning (cont.)
34
6
5
7
Attacker’s
nameserver
Spoofed
web server
1
2
NETE4630
NETE4630 Advanced Network Security and Implementation
37
37
DNS Poisoning (cont.)
Implementing DNS poisoning is difficult
Each DNS query contains a 2-byte identification field that
allows responses to be matched to queries
An attacker has a 1 in 65,536 (2^16) chance of guessing
the correct identification value
Normally an attacker needs to sniff the identification
number of the query in order to successfully spoof a
response
NETE4630 Advanced Network Security and Implementation
38
DNS Poisoning with Ettercap
1
2
NETE4630 Advanced Network Security and Implementation
3
39
DNS Poisoning with Ettercap (cont.)
4
5
NETE4630 Advanced Network Security and Implementation
40
DNS Poisoning with Ettercap (cont.)
6
8
7
NETE4630 Advanced Network Security and Implementation
41
DNS Poisoning with Ettercap (cont.)
Ettercap.dns
9
10
NETE4630 Advanced Network Security and Implementation
42
SSL Spoofing with Ettercap
NETE4630 Advanced Network Security and Implementation
43
SSH Downgrade Attack
SSH is the most famous example of a downgrade attack where the
attacker forces the client and the server to use the insecure SSH1
protocol.
The client sends a request to establish a SSH link to the server and
asks it for the version it supports
The server answers either with:
ssh-2.xx The server supports only SSH2
ssh-1.99 The server supports SSH1 and SSH2
ssh-1.51 The server supports only SSH1
This attack occurs at the server that supports both SSH1 and SSH2
Ref: http://openmaniak.com/ettercap_filter.php
NETE4630 Advanced Network Security and Implementation
44
SSH Downgrade Attack (cont.)
NETE4630 Advanced Network Security and Implementation
45
SSH Downgrade Attack (cont.)
NETE4630 Advanced Network Security and Implementation
46
SSH Downgrade Attack with ettercap
1. Configure SSH server to support SSH1 and SSH2
#apt-get install openssh-server
#vim /etc/ssh/sshd_config
Protocol 1, 2
2. Create a SSH1 key pair
#ssh-keygen –t rsa1 –f /etc/ssh/ssh_host_key –N “”
3. Add the key path into sshd_config file:
HostKey /etc/ssh/ssh_host_key
4. Try to telnet to server to check if it has SSH1
Trying server_ip_address...
Connected to server_ip_address.
Escape character is '^]'.
SSH-1.99-OpenSSH_4.6p1 Debian-5ubuntu0.1
NETE4630 Advanced Network Security and Implementation
47
Client’s PuTTY Screen
Version 2 is preferred
but not restricted
NETE4630 Advanced Network Security and Implementation
48
Ettercap Filter
NETE4630 Advanced Network Security and Implementation
49
SSH Downgrade Attack Filter
/usr/share/ettercap/ettercap.filter.ssh
NETE4630 Advanced Network Security and Implementation
50
Compiling the Filter
NETE4630 Advanced Network Security and Implementation
51
Loading the Compiled Filter
NETE4630 Advanced Network Security and Implementation
52
SSH Downgrade Attack Result
NETE4630 Advanced Network Security and Implementation
53
Avoiding SSH Downgrade Attack
Never use SSH1 on both server and client
At /etc/ssh/sshd_config file
Protocol 2
#telnet server_ip_address 22
Trying server_ip_address…
Connected to server_ip_Address.
Escape character is ‘^’.
SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.1
NETE4630 Advanced Network Security and Implementation
54
Avoiding SSH Downgrade Attack
(cont.)
SSH Client
NETE4630 Advanced Network Security and Implementation
55
Authentication
Two main categories of authentication:
Synchronous and asynchronous authentication protocols
Synchronous authentication protocols provide credentials
at the start of the authentication process
Asynchronous authentication involves a challengeresponse model
NETE4630 Advanced Network Security and Implementation
56
Password Authentication Protocol
Password Authentication Protocol (PAP) is one of the least secure
authentication protocol
Password and username are sent in cleartext to the authentication
server after a connection has been established.
Some systems revert to PAP if they cannot agree on any other
authentication protocol.
Both entities will try to negotiate and agree upon the most secure
method of authentication
Start with EAP, CHAP, then PAP
NETE4630 Advanced Network Security and Implementation
57
Challenge Handshake Authentication Protocol
Enter password
Compare hash value
h(password, challenge)
NETE4630 Advanced Network Security and Implementation
58
NT Lan Manager v1 (NTLMv1)
Enter password
Compare hash value
R1, R2
NETE4630 Advanced Network Security and Implementation
59
NTLMv1 (cont.)
User password and challenge are used to calculate LANMAN hash
and MD4 hash
C = 8-byte random challenge
Hash1 = MD4(password)
{K1, K2, K3} = {Hash1, 5-byte-0s}
R1 = DES(K1, C), DES(K2, C), DES(K3, C)
Hash2 = LM-hash(password)
{K4, K5, K6} = {Hash2, 5-byte-0s}
R2 = DES(K4, C), DES(K5, C), DES(K6, C)
Client sends {R1, R2} as a response to the server
NETE4630 Advanced Network Security and Implementation
60
LM challenge/response
uppercase(password[1..7])
as KEY
magic word
DES
LM_hash[1..8]
uppercase(password[8..14])
as KEY
magic word
0000000000
DES
LM_hash[9..16]
LM_hash[17..21]
magic word is “KGS!@#$%”
[email protected], Cracking NTMLv2 Authentication
NETE4630 Advanced Network Security and Implementation
61
LM challenge/response (cont.)
LM_hash[1..7]
as KEY
challenge code
DES
LM_response[1..8]
LM_hash[8..14]
as KEY
challenge code
DES
LM_hash[15..21]
LM_response[9..16]
0000000000
as KEY
challenge code
DES
LM_response[17..24]
[email protected], Cracking NTMLv2 Authentication
NETE4630 Advanced Network Security and Implementation
62
NTLM 2 Authentication
unicode(password)
MD4
unicode(
uppercase(account name)
+domain_or_hostname)
as KEY
HMAC_MD5
as KEY
server_challenge
+client_challenge
HMAC_MD5
NTLMv2
Response
[email protected], Cracking NTMLv2 Authentication
NETE4630 Advanced Network Security and Implementation
63
LM, NTLMv1, NTLMv2
LM
NTLMv1
NTLMv2
Password case sensitive
No
Yes
Yes
Hash key length
56bit + 56bit
-
-
Password hash algorithm DES (ECB mode)
MD4
MD4
Hash value length
64bit + 64bit
128bit
128bit
C/R key length
56bit + 56bit + 16bit
56bit + 56bit + 16bit
128bit
C/R algorithm
DES (ECB mode)
DES (ECB mode)
HMAC_MD5
C/R value length
64bit + 64bit + 64bit
64bit + 64bit + 64bit
128bit
[email protected], Cracking NTMLv2 Authentication
NETE4630 Advanced Network Security and Implementation
64
Authenticating with Kerberos
Default authentication mechanism used by Windows 2000, XP, and
2003 hosts when part of an active directory
Strong protocol, relying on a central server (normally Active
Directory Controller) to grant access privileges to systems
The main weakness of Kerberos is that all authentication tokens
have a lifespan
Any network using Kerberos must synchronize clocks on all systems
using a protocol e.g. Network Time Protocol (NTP)
NETE4630 Advanced Network Security and Implementation
65
Attacks Against Password Hashes
Brute Force Attack
Iterate through every possible input and hashes it, comparing the output with
the hash value
Guaranteed to crack the hash if run long enough
Dictionary Attack
Iterate through possible passwords and common substitutions of these words
Not guaranteed to produce results
E.g. John The Ripper (or John The Ripper Pro for Commercial version)
available at http://www.openwall.com/john/
NETE4630 Advanced Network Security and Implementation
66
Attacks Against Password Hashes (cont.)
Rainbow Table Attack
Compute every hash ahead of time, allowing the attacker to
check his/her database of hashes just for one he/she is trying to
crack
Several tools can be used for password cracking including
windows password in SAM, LM, NTLM password hashes
Rainbow Crack, Ophcrack, John the Ripper, Cain and Abel
Rainbow Crack can be used to crack LM, MD5, Office hashes
NETE4630 Advanced Network Security and Implementation
67
Rainbow Table
Hash
function
Reduction
function
Hash
function
Reduction
function
Hash
function
Reduction
function
Rainbow table stores only the first and the last value of each chain
NETE4630 Advanced Network Security and Implementation
68
Rainbow Table (cont.)
NETE4630 Advanced Network Security and Implementation
69
Cracking LM Password with Rainbow Crack
1. Dump password hashes using samdump, pwdump,
fgdump
2. Install Rainbow Crack
3. Before cracking the password, generate the rainbow table
first:
LM Configuration#0 – #6
4. Sort the rainbow table using rtsort command
5. Crack the password using rcrack command
Ref: http://www.ethicalhacker.net/content/view/94/24/
NETE4630 Advanced Network Security and Implementation
70
Password Hashes from pwdump
testuser1:"":0F20048EFC645D0A179B4D5D6690BDF3:1120ACB74670C7DD46F
1D3F5038A5CE8:::
remote:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BD
D830B7586C:::
joeuser:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06B
DD830B7586C:::
averageguy:"":299CCF964D9A359BAAD3B435B51404EE:A5C07214487C87B584
E8877DE72DCA0B:::
harderpass:"":B75838F7A57EE67993E28745B8BF4BA6:EC50F8A8149C93EF45
AECB8AF96658E6:::
demouser:"":261A6631FE44BA4993E28745B8BF4BA6:371D5760453C1B000BCC
016F8E23A83C:::
randy:"":98B5AFEB67293D6AAAD3B435B51404EE:A9F34664151F6360757B316
44F37E025:::
Asmith:"":E165F0192EF85EBBAAD3B435B51404EE:E4EBE0E7EF708DC9FD2401
35D3D43D89:::
NETE4630 Advanced Network Security and Implementation
71
Generating Rainbow Table
To generate other configuration, use rtgen command
#
#
#
#
#
rtgen
rtgen
rtgen
rtgen
rtgen
lm
lm
lm
lm
lm
alpha-numeric
alpha-numeric
alpha-numeric
alpha-numeric
alpha-numeric
1
1
1
1
1
7
7
7
7
7
NETE4630 Advanced Network Security and Implementation
0
1
2
3
4
2400
2400
2400
2400
2400
40000000
40000000
40000000
40000000
40000000
all
all
all
all
all
72
Generating Rainbow Table (cont.)
“1” and “7” are our plaintext ranges. So we want passwords from “A” to
“ZZZZZZZ.”
If we had put plaintext length range "4-6", "AAAA" and "ZZZZZZ" would be among the
key space
0, 1, 2, 3, 4 are table numbers
2400 is chain length. Chain length increases the success rate per table but
does not increase table size.
It computes more hashes per chain but also takes longer to create and search the tab
“8000000” is chain count of each rainbow table.
Chain count is simply how many chains you want per table. Increasing this value
produces larger files with higher success rates, but the overall computation time isn’t
affected.
NETE4630 Advanced Network Security and Implementation
73
Rainbow Table Configuration
NETE4630 Advanced Network Security and Implementation
74
Generating Rainbow Table with Winrtgen
Winrtgen (now in Cain and Abel) is a graphical Rainbow Tables
Generator that supports LM, FastLM, NTLM, LMCHALL,
HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1,
RIPEMD160, MySQL323, MySQLSHA1, CiscoPIX, ORACLE, SHA2 (256), SHA-2 (384) and SHA-2 (512) hashes.
Winrtgen can generate only rainbow table for LM configuration#0
NETE4630 Advanced Network Security and Implementation
75
Generating Rainbow Table with Winrtgen (cont.)
Generating 1 configuration#0 table takes 2 days on P3 1GHz machine
NETE4630 Advanced Network Security and Implementation
76
Generating Rainbow Table with Winrtgen (cont.)
Generating 5 configuration#0 tables take 12 days on P3 1GHz machine
NETE4630 Advanced Network Security and Implementation
77
Generating Rainbow Table (cont.)
128,000,000 bytes
lm_alpha#1-7_0_2100x8000000_all.rt
128,000,000 bytes
lm_alpha#1-7_1_2100x8000000_all.rt
128,000,000 bytes
lm_alpha#1-7_2_2100x8000000_all.rt
128,000,000 bytes
lm_alpha#1-7_3_2100x8000000_all.rt
128,000,000 bytes
lm_alpha#1-7_4_2100x8000000_all.rt
Sort the rainbow table:
# rtsort lm_alpha#1-7_0_2100x8000000_all.rt
# rtsort lm_alpha#1-7_1_2100x8000000_all.rt
# rtsort lm_alpha#1-7_2_2100x8000000_all.rt
# rtsort lm_alpha#1-7_3_2100x8000000_all.rt
# rtsort lm_alpha#1-7_4_2100x8000000_all.rt
NETE4630 Advanced Network Security and Implementation
78
Cracking the Password
C:\rainbowcrack-1.2-win\rainbowcrack-1.2-win>rcrack
RainbowCrack 1.2 - Making a Faster Cryptanalytic Time-Memory Trade-Off
by Zhu Shuanglei < [email protected] This e-mail address is being
protected from spam bots, you need JavaScript enabled to view it >
http://www.antsight.com/zsl/rainbowcrack/
usage: rcrack rainbow_table_pathname -h hash
rcrack rainbow_table_pathname -l hash_list_file
rcrack rainbow_table_pathname -f pwdump_file
rainbow_table_pathname: pathname of the rainbow table(s), wildchar(*, ?)
supported
-h hash:
use raw hash as input
-l hash_list_file:
use hash list file as input, each hash in a line
-f pwdump_file:
use pwdump file as input, this will handle LAN
Manager hash only
example: rcrack *.rt -h 5d41402abc4b2a76b9719d911017c592
rcrack *.rt -l hash.txt
rcrack *.rt -f hash.txt
NETE4630 Advanced Network Security and Implementation
79
Cracking the Password (cont.)
rcrack c:\rainbowcrack\*.rt -f pwdumpfile.txt
rcrack c:\rainbowcrack\*.rt -l justhashlist.txt
rcrack c:\rainbowcrack\*.rt –h
213D466DB5B288F0F82E44EC0938F4F4
Where pwdumpfile.txt is the results of using a hash dumping utility like
pwdump2, pwdump3, samdump, etc to dump the LAN Manager's passwords.
If your password consists of only letters only, rcrack should be able to crack it with
a success rate of 99.9%.
NETE4630 Advanced Network Security and Implementation
80
Cracking the Password (cont.)
NETE4630 Advanced Network Security and Implementation
81
Cracking the Password (cont.)
26 of our 41 hashes found in about 12 minutes.
Also notice that the hash for the password “password” is the same
because there is no salting with the LAN Manager hashing
algorithm.
NETE4630 Advanced Network Security and Implementation
82
Protecting yourself against RainbowCrack
attacks and other password attacks
Limiting physical access
Continue to force the use of special characters
Use ALT-XXX characters in your passwords
Keep up with updates
Use Pass phrases
Use Multi-factor authentication
Password Policy
Use NTLM or NTLMv2
NETE4630 Advanced Network Security and Implementation
83
Limiting Physical Access
One common attack if you have physical access to a machine is to use a bootable
Linux distro to simply boot into Linux and grab the SAM file off the windows
partition.
IronGeek wrote a good tutorial on this method and even has a video you can
watch. You can get it here:
http://www.irongeek.com/i.php?page=security/localsamcrack2.
Another interesting tool released by Eeye is SysRQ2:
http://research.eeye.com/html/tools/RT20060801-8.html.
“SysRq is a bootable CD image that allows a user to open a fully privileged
(SYSTEM) command prompt on Windows 2000, Windows XP, and Windows
Server 2003 systems by pressing Ctrl+Shift+SysRq at any time after startup.”
NETE4630 Advanced Network Security and Implementation
84
Continue to force the use of special
characters
Rainbow tables can rip thru a LM password with any type of special
character it still takes a large amount of time (1-2 years) to generate
them
In LC4 we go from 9-11 hours to brute force alpha-numeric
password to 91 days to brute force passwords with the possibility of
all special characters (not including ALT-XXX passwords).
NETE4630 Advanced Network Security and Implementation
85
Use ALT-XXX characters in your passwords
ALT characters are produced by holding down the ALT key and
pressing a three or four digit number sequence on your keypad.
Most password crackers cannot crack passwords with ALT
characters.
Most ALT characters also have the added benefit that passwords
that have ALT characters in them cannot be stored as LM hashes.
It causes password hashes to disappear
NETE4630 Advanced Network Security and Implementation
86
ALT-XXX Characters
NETE4630 Advanced Network Security and Implementation
87
Use Passphrases
Easiest and simplest way to protect you network from password
cracking.
Use of pass phrases that are greater than 14 characters AND use
special characters you can protect yourself from all but the
determined attackers.
If your network is Windows 2000 and above you have a maximum
length of 127 characters on your password/pass phrase; so sky’s
the limit.
A pass phrase like “This is my Stupid Pass Phrase!” is long enough
to be stored as NTLM or NTLMv2, has Uppercase, Lowercase,
Spaces, and Special Characters, and is easy to remember.
This is a much more secure password than even
“@w3cjd$Beu=mDr”.
NETE4630 Advanced Network Security and Implementation
88
Password Cracking with Rainbow Table
Rainbow tables are sophisticated tables that utilize
reduction algorithms to reduce the time needed to crack a
password
The only information stored in the table is an initial value
and a final value
When the initial value is passed through the algorithm, it
produces a hash, when put through a reduction algorithm.
The result of the reduction is then used as plaintext for
another hash function
NETE4630 Advanced Network Security and Implementation
89
Password Cracking with Rainbow Table (cont.)
1.
2.
3.
4.
Given a hash value, apply reduction function to it and query the
table for the result
If not matched in the current chain, proceed with another chain,
then another table, until a match is found
When you find a match, recover the initial value for that chain and
reconstruct the chain until you are the point where the match
occurred
When you reach this point, the initial value is the corresponding
password
NETE4630 Advanced Network Security and Implementation
90
Question?
Next week
Presentation Layer Security