• Save
Password Attack
Upcoming SlideShare
Loading in...5

Password Attack



in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, ...

in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting



Total Views
Views on SlideShare
Embed Views



7 Embeds 1,218

http://sinamanavi.wordpress.com 1184
http://komputergeek.net 27
https://sinamanavi.wordpress.com 3
https://twitter.com 1
http://translate.googleusercontent.com 1
http://webcache.googleusercontent.com 1
http://komputergeek.wordpress.com 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Using Fake pages or application

Password Attack Password Attack Presentation Transcript

  • Hackaway Hacking Methodology: Password Attacks EC-Council, Malaysia Instructor : Sina Manavi 15th May 2014 http://eccouncilacademy.org/home/hackaway- hacking-methodology/
  • About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
  • Agenda  Password Security  Demo: Windows Password Reset  Demo: Google Dork  Demo: Password disclosure!  Demo: Gmail Password Extraction (Forensics Method)  Secure Password  Password Cracking Concept  Coffee time   Demo: Facebook Phishing Attack  Introducing Password Cracking Tools  Demo: Zip/Rar password File Cracking  Demo: Windows Login Password Hacking
  • Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
  • Password Security  Don’t use your old passwords  Don’t use working or private email for every website registration such as games, news,….etc.
  • Google Dork
  • Demo: Windows Password Reset
  • Gmail and Facebook Password Extraction (Dumping Physical Memory)  Dumpit (free Windows tool)  Or if you use win8, you can do dump specific process in task manager  Strings and Grep  Hex Editor
  • Secure Password  Comprises: [a-zA-z, 0-9, symbols , space]  No short length / birthday / phone number / real name , company name  Don’t use complete words or Shakespeare quotes  ◦ Example: ◦ Hello123: Weak ◦ @(H311l0)@: Strong Easy to remember, hard to guess
  • Demo Router password cracking
  • Password Cracking Concept  Password Cracking is illegal purpose to gain unauthorized access  To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
  • Password Cracking Types Brute Force, Dictionary Attack, Rainbow Table
  • Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin .
  • Demo Facebook Phishing Attack
  • Password Cracking Types: (Phishing)
  • Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
  • Application Password Cracking: (Malware)
  • Demo: Application Password Cracking
  • Lets work as software cracker or Reverse Engineer  Open the myprogram.exe file with your Hex Editor  Try to find the password inside of
  • Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  very strong and complicated password  After attack  Forensics investigation
  • Password Cracking Tools  Brutus ◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack ◦ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz ◦ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** ◦ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper ◦ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra ◦ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG ◦ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
  • Demo 1- Cracking Zip Files 2- Cracking Rar Files
  • Cracking Zip password Protected File Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  Having Password-list and Username- list for brute forcing  A Zip password protected File  And poor file owner 
  • Password hardening
  • Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
  • Password Hardening  All the Security solution just make it more difficult. Harder but possible
  • Windows Login Cracking Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  nmap  Having Password-list and Username- list for bruteforcing  Target windows
  • Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
  • Demo: Web Site Login Cracking
  • Any Question?  Manavi.sina@gmail.com  @sinamanavi  LinkedIn: Sina Manavi  Check my homepage for latest presentations/ tutorial