File000137
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

File000137

on

  • 297 views

 

Statistics

Views

Total Views
297
Views on SlideShare
297
Embed Views
0

Actions

Likes
0
Downloads
10
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

File000137 Presentation Transcript

  • 1. Module XXIV – Application Password Crackers
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Former Inmate Accused of Hacking Prison IT Source: http://blogs.zdnet.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Scenario A Chicago man was arrested and charged with illegally selling "burned" copies of a Utah company's computer software in September 2006. 30-years-old Navneet Chan Bhownath, a South African who lived in Chicago from December 2005 to August 2006, illegally sold burned copies of EyeQ, an educational software product owned by Salt Lake-based Infinite Mind, via his web site, snapdiscount.com. Bhownath was arrested on September 7 2006 following a six-month investigation by the Federal Bureau of Investigation. The FBI found that for the past 90 days, snapdiscount.com had 211 transactions, all for EyeQ software valued at $64,589.40.
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Password - Terminology • What is a Password Cracker • Various Cracking Methods • Classification of Cracking Software • System Software Password Cracking • Application Software Password Cracking • Default Password Database • Password Cracking Tools This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Password - Terminology Classification of Cracking Software Various Cracking Methods Application Software Password Cracking System Software Password Cracking What is Password Cracker Password Cracking Tools Default Password Database
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password - Terminology Password is a secret series of characters that enables a user to access a file, computer, or a program It contains a unique string of characters used to restrict access to computers and sensitive files Passwords may contain: • only letters • only numbers • only special characters • letters and numbers • only letters and special characters • only special characters and numbers • letters, special characters, and numbers
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What is a Password Cracker “A password cracker is any program that can decrypt passwords or otherwise disable password protection” It can also identify the encrypted passwords Cracking a key means an attempt to recover the key's value Cracking cipher text means an attempt to recover the corresponding plaintext
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How Does a Password Cracker Work • The wordlist is sent using the encryption technique, generally one word at a time • Rules are applied to the word and, after each such application, the word is again compared to the target password (which is also encrypted) • If it does not match, the next word is sent through the process • At the final stage, if it matches, consider that password has got cracked Password cracking using a Password Cracker:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Cracking Methods
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Various Password Cracking Methods Brute Force Attack Dictionary Attack Syllable Attack Rule-based Attack Hybrid Attack Distributed network Attack Password Guessing Rainbow Attack
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Brute Force Attack In Brute Force attack, the program guesses the password by trying every single combination of characters until the password is found It is the slowest method of password attack, but can be successful against short and simple passwords • “aaaaa” • “aaaab” • “aaaac” For example, the program might follow a sequence such as:
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Brute Force Attack Time Estimator
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dictionary Attack In a Dictionary attack, dictionary file (a text file of dictionary words) is loaded into a cracking application, which is run against the user’s accounts The program tries every word in a dictionary (wordlist) to find out the password Such attack is less successful against systems that use passphrases • In cryptanalysis, when trying to determine the decryption key for a given ciphertext • In computer security, when trying to avoid an authentication mechanism for accessing a computer system by guessing passwords They may be applied under two circumstances:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Syllable Attack/ Rule-based Attack/ Hybrid Attack • Syllable attack is the combination of Brute force attack and Dictionary attack • This technique may be used when the password is non-existing word and the attacker tries some techniques to crack it Syllable Attack: • Rule-based attack can be used when the attacker gets some information about the password he wants to crack • For example, if the attacker knows that the password consists of the words and two or three digits then he just tries some program to generate suitable passwords Rule-based Attack: • A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words Hybrid Attack:
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Guessing • Blank (none) • The word "password", "passcode", "admin“, and their derivates • The user's name or login name • The name of their kids, spouse, or relative • Their birthplace or date of birth • A pet's name • Automobile license plate number • A row of letters from the qwerty keyboard (e.g. qwerty itself, asdf, or qwertyuiop) Many users choose weak passwords such as:
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Rainbow Attack In Rule-based attack, password hash table is generated in advance (only once), and during the recovery process, cracker simply looks up the hash in these pre-computed tables A rainbow table is a lookup table specially used in recovering the plaintext password from a ciphertext This attack reduces the auditing time for complex passwords
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Time Needed to Crack Passwords
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Classification of Cracking Software Software Password Cracking Bypassing BIOS Passwords Application Software Password Cracking System Software Password Cracking Removing CMOS Battery Using Windows XP/ 2000/ NT Key Generator Passware Kit Distributed Network Attack Password Recovery Software Advanced PDF Password Recovery Advanced Office XP Password Recovery
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited System Password Cracking
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited System Level Password Cracking • Cracking passwords of the operating system and other system utilities System level password cracking is defined as: • Bypassing BIOS Passwords • Removing the CMOS Battery • Using Windows XP/2000/NT Key generator System can be accessed by:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CMOS Level Password Cracking Resetting the Bios/CMOS passwords: • Option #1: Remove the battery that supplies power to the Bios/CMOS thereby forcing it to reset itself to its stored defaults, which includes no password or the default password employed by the Bios manufacturer, and • Option #2: Use a program to either locate and identify the password and reveal it to you or erasing the password entirely
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: CmosPwd CmosPwd decrypts password stored in CMOS used to access BIOS SETUP It works with the following BIOSes: • ACER/IBM BIOS • AMI BIOS • AMI WinBIOS 2.5 • Award 4.5x/4.6x/6.0 • Compaq (1992) • Compaq (New version) • IBM (PS/2, Activa, Thinkpad) • Packard Bell • Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107 • Phoenix 4 release 6 (User) • Gateway Solo - Phoenix 4.0 release 6 • Toshiba • Zenith AMI
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: CmosPwd
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ERD Commander When the server or workstation fails to boot, use ERD Commander ERD Commander 2005 boots dead systems directly from CD into a Windows-like repair environment Investigator will have full access to the dead system's volumes, so it helps to diagnose and repair problems using tools located on the ERD Commander 2005 Start menu: • Boots dead systems directly from CD • Easy, familiar Windows-like interface • Intuitive Solution Wizard helps you to select the right tool to correct your system’s issue • Includes Crash Analyzer Wizard to pinpoint the cause of recent system crashes for repair • Allows complete disk sanitizing/data removal with Disk Wipe utility • Includes the Locksmith utility to reset lost administrator passwords • Includes FileRestore so that you can quickly find and recover the deleted files • Provides access to XP Restore Points on unbootable Windows XP systems
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ERD Commander: Screenshot
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Active Password Changer Active Password Changer is a DOS-based solution designed for resetting the local user’s passwords in case the administrator's password is forgotten or lost Forgotten password recovery software is useful if the user lost the administrator password and cannot access the operation system Other Windows login security restrictions like 'Account is disabled', 'Password never expires', 'Account is locked out', 'User Must Change Password at Next Logon' and 'Logon Hours' can be changed or reset Recovers passwords from multiple partitions and hard disk drives Detects and displays all Microsoft Security Databases (SAM)
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Active Password Changer: Screenshot1
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application Password Cracking
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application Software Password Cracker • “Advanced Office XP Password Recovery (or AOXPPR for short) is a program to recover the lost or forgotten passwords to the files/documents created in the following applications (all versions up to 2002/XP)” Advanced office XP password cracker • It is a tool to recover the protected Adobe Acrobat PDF files, which have "owner" password set, preventing the file from editing, printing, selecting text and graphics or adding/changing annotations and form fields (in any combination) Advanced PDF Password Recovery Password recovery software:
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application Software Password Cracker (cont’d) Word Password Recovery Master • It is used to crack password-protected documents created in MS Word 97/2000/XP/2003 (*.doc and *.dot files) • Removes the "open" MS Word password • Removes the "protection" MS Word password • Recovers the "write" MS Word password • Online Word password recovery service with guaranteed privacy • Instant recovery of passwords of any length and complexity • Support for multilingual passwords Features of Word Password Recovery Master:
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application Software Password Cracker (cont’d) Office Password Recovery Toolbox • It is a comprehensive solution for recovering MS Word, Excel, Outlook, Access, and VBA passwords • Recovers or removes "open", "write“, and "protection" passwords for Microsoft Word documents • Recovers or removes "open", "write", workbook, shared workbook, and worksheet passwords for MS Excel documents • Recovers passwords for the MS Outlook personal folder files (*.PST) • Recovers passwords for MS Access database files (*.MDB) and workgroup information files Features of Office Password Recovery Toolbox:
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Distributed Network Attack Distributed Network Attack, (DNA), is a new technique to recover the password protected files It uses the machines across the network to decrypt passwords The DNA Server is installed in a central location where machines running DNA Client can access it over the network Features: • Easy to read statistics and graphs • Adds user dictionaries • Optimizes password attacks for specific languages • Customizes the user’s dictionaries • Stealth client installation functionality • Automatic Client update when updating the DNA Server • Controls what clients work on certain jobs
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Distributed Network Attack (cont’d) The DNA Manager is installed in a central location where machines running DNA Client can access it over the network DNA Manager coordinates the attack and allocates small portions of the key search to machines that are distributed over the network DNA Client will run in the background, consuming only the unused processor’s time The program combines the processing capabilities of all the clients connected to network and uses it to perform key search on Office 97 and 2000 to decrypt them
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Distributed Network Attack Time estimated
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Passware Kit Passware Kit includes over 25 password recovery programs in one single package It can crack passwords from the following applications: Office Excel Word Windows XP/2000/NT Access Outlook Outlook Express Exchange WinZip PKZip ZIP WinRAR RAR VBA Visual Basic modules Internet Explorer FileMaker Acrobat Quicken QuickBooks Lotus 1-2-3 Lotus Notes Lotus Organizer Lotus WordPro Quattro Pro Backup Project MYOB Peachtree Paradox ACT! Mail Schedule+ Money WordPerfect
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Accent Keyword Extractor Accent Keyword Extractor uses the dictionary attack method This program: • Loads a page from the Internet • Takes out the unique words from it, and • Adds it to the dictionary It follows all the links found on the page and extracts words from the linked page also
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Advanced Zip Password Recovery Advanced Zip Password Recovery is utilized to crack password protected zip files Methods for cracking are brute force attack, dictionary attack, and plaintext attack This utility can be customized according to password length, character set, and more It supports self-extracting archives It is fast and effective but works only with archives containing only one encrypted file
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Default Password Database Default password database provides: • List of vendors, and certain information related to respective product such as protocols used, user names, passwords, access, and validation of passwords Below listed are the few default password database: • http://phenoelit.darklab.org/ • http://www.defaultpassword.com/ • http://www.cirt.net/cgi-bin/passwd.pl • http://www.virus.org/index.php?
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://phenoelit.darklab.org/
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://www.defaultpassword.com/
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://www.cirt.net/cgi- bin/passwd.pl
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://www.virus.org/index.php? The Virus.Org default password database was created to provide a resource for verified default login/password pairs for common networked devices This database contains default logins and passwords when the hardware or software is first installed This database contains default passwords for equipment and software from many vendors including 3Com, Cisco, Nortel, IBM, HP, Compaq, Digital, D-Link, Linksys, Oracle, and Microsoft
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PDF Password Crackers • It is the program that cracks the security on PDF documents • Features: • Easy to use • Support drags and drops PDF files • Does not need Adobe Acrobat software • Support Windows 98, ME, NT, 2000, XP and 2003 Systems PDF Password Cracker: • Features: • Decrypts PDF files protected with the owner’s passwords • Instantly removes restrictions on copying, printing, and other actions with the file • Supports drag and drop PDF files • Does not need Adobe Acrobat software • Supports Windows 98/ME/NT/2000/XP/2003 systems • Supports PDF1.6 (Acrobat 7.x) files, including 40-bit RC4 decryption, 128-bit RC4 Abcom PDF Password Cracker:
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Cracking Tools Cain & Abel LCP SID&User Ophcrack John the Ripper Netscapass Access PassView RockXP Magical Jelly Bean Keyfinder PstPassword Protected Storage PassView Network Password Recovery Mail PassView Asterisk Key Messenger Key MessenPass Password Spectator SniffPass Asterisk Logger Dialupass Mail Password Recovery Database Password Sleuth CHAOS Generator PicoZip Recovery Crack Brutus Distributed John
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Cain & Abel Cain & Abel is a windows password recovery tool It uses many methods such as network packet sniffing , cracking various password hashes by using methods such as dictionary attacks , brute force, and cryptanalysis attacks to crack the password Features: • Ability to record VoIP conversations • Decodes the scrambled passwords • Calculates hashes • Reveals password boxes • Uncovers cached passwords • Dumps the protected storage passwords
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cain & Abel: Screenshot
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: LCP Main purpose of the LCP program is auditing user’s account passwords and recovery in Windows NT/2000/XP/2003 Features: Account information imports: • Import from the local computer • Import from remote computer • Import from SAM file • Import from .LC file • Import from .LCS file • Import from PwDump file • Import from Sniff file Passwords recovery: • Dictionary attack • Hybrid of dictionary and brute force attacks • Brute force attack
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited LCP: Screenshot
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: SID&User SID&User program is SID and user names extracting tool for Windows NT/2000/XP/2003 Features: • Getting SID for a given account name • Getting of an account name for single SID or account names for SID range
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Ophcrack Ophcrack is a Windows password cracker based on the faster time-memory trade-off It uses the rainbow tables It supports Graphical User Interface and runs on Windows, Mac OS X (Intel CPU), and Linux Features: • Ophcrack cracks 99% of: • Passwords of length 6 or less composed by characters in this set • Alphanumeric passwords of length 7 (lower- and uppercase) • Alphanumeric passwords of length 8 (lowercase only)
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Ophcrack: Screenshot
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: John the Ripper John the Ripper is a fast password cracking/auditing tool Features: • It supports Unix, Windows, DOS, BeOS, and OpenVMS • It identifies user’s accounts with weak computer passwords
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Netscapass Netscapass tool can reveal the stored mail password for Netscape Communicator 4.x, Netscape 6.x and Netscape 7 It can also reveal the stored web-sites passwords in Netscape 6.x and Netscape 7
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access PassView reveals the database password of every password-protected mdb file that is created with Microsoft Access RockXP allows the user to retrieve XP product key that is used during Windows XP installation as well as keys for other Microsoft products Password Cracking Tools (cont’d)
  • 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Magical Jelly Bean Keyfinder is a small tool that can reveal registration code from the Registry, that is used to register the copy of Windows PstPassword enables the user to recover a lost password from an Outlook PST (Personal Folders) file Password Cracking Tools (cont’d)
  • 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Protected Storage PassView is a utility that reveals passwords stored on the computer by Internet Explorer, Outlook Express, and MSN Explorer Network Password Recovery utility recovers all network passwords stored on the system for the current logged-on user Password Cracking Tools (cont’d)
  • 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mail PassView is a password- recovery tool that reveals the passwords and other account details for the email clients Asterisk Key shows passwords hidden under asterisks Password Cracking Tools (cont’d)
  • 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Messenger Key program recovers passwords for ICQ, MSN, Google Talk and Yahoo! instant messengers MessenPass is a password recovery tool that reveals the passwords of instant messenger applications Password Cracking Tools (cont’d)
  • 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Spectator is a software that views the actual password behind the asterisks SniffPass is a tool that listens to the network and captures the passwords that pass through your network adapter and displays them on the screen instantly Password Cracking Tools (cont’d)
  • 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Asterisk Logger reveals passwords that are stored behind the asterisks Dialupass enumerates all Dial-Up entries on your computer and reveals their login details, including the user’s name, password, and domain Password Cracking Tools (cont’d)
  • 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mail Password Recovery allows you to recover the email password for any POP3 account, as long as it is stored in an email program in the computer Database Password Sleuth instantly recovers the opening password for Microsoft Access database Password Cracking Tools (cont’d)
  • 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Cracking Tools (cont’d) CHAOS Generator is a tool that generates passwords of any length and character content PicoZip Recovery recovers lost or forgotten passwords from password protected Zip files created by compression utilities such as PicoZip, WinZip, and PKZip
  • 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Cracking Tools (cont’d) Crack is a password guessing program which quickly locates insecurities in Unix password files by scanning the contents of a password file Brutus is one of the fastest, most flexible remote password cracker tool which imports and exports custom authentication types as BAD files seamlessly Distributed John (DJohn) uses several machines to crack the password
  • 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Common Recommendations for Improving Password Security Use a strong password for root and administrator accounts Stop unnecessary services, buggy services, and services not protected by a well-configured firewall Create a schedule to change the administrator password periodically Use strong encryption algorithms to encrypt the password storage files such as SAM (Security Account Manager) and passwd.conf file Use a filter that operates in real time and enforces some level of length and complexity on the passwords Run a cracker periodically on your own password files and if it works, then change the password
  • 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Common Recommendations for Improving Password Security (cont’d) • Your account name or any data that appears in your record as a password • Any word or name that appears in any dictionary • Phrases and slang with or without space • Alphabetic, numeric, or keyboard sequences • Titles of books, movies, poems, essays, songs, CDs, or musical compositions • Any personal information • Great vanity license plates • Do not repeat any character more than once in a row Do not use:
  • 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Common Recommendations for Improving Password Security (cont’d) Use the following for a strong password: • Use at least 8 characters • Include a digit or punctuation • Use upper and lower case • Choose a phrase or combination of words to make the password easier to remember • The password may have non printing characters • Use different passwords on different machines • Change password regularly and do not reuse passwords or make minor variations such a incrementing a digit
  • 67. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Password is a secret series of characters created to secure the important files from unauthorized access A password cracker is any program that can decrypt passwords or otherwise disable password protection Cracking is a way to escalate security of the program or a system Crackers use various cracking methods such as brute force, dictionary attack, syllable attack, rule-based attack, distributed network attack, and guessing Password cracking software are classified into: system software password cracking and application software password cracking
  • 68. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 69. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited