Your SlideShare is downloading. ×
Hackaway Hacking
Methodology: Password
Attacks
EC-Council, Malaysia
Instructor : Sina Manavi
15th May 2014
http://eccounci...
About Me
My name is Sina Manavi ,
Master of Computer Security and Digital
Forensics
Contact : Manavi.Sina@Gmail.com
Homepa...
Agenda
 Password Security
 Demo: Windows Password Reset
 Demo: Google Dork
 Demo: Password disclosure!
 Demo: Gmail P...
Type of Password Attacks
 Dictionary Attack
 Brute Force Attack
 Rainbow table
attack
 Phishing
 Social Engineering
...
Password Security
 Don’t use your old passwords
 Don’t use working or private email for
every website registration such ...
Google Dork
Demo: Windows Password
Reset
Gmail and Facebook Password
Extraction
(Dumping Physical Memory)
 Dumpit (free Windows tool)
 Or if you use win8, you ca...
Secure Password
 Comprises:
[a-zA-z, 0-9, symbols , space]
 No short length / birthday / phone
number / real name , comp...
Demo Router password cracking
Password Cracking Concept
 Password Cracking is illegal purpose to
gain unauthorized access
 To retrieve password for
au...
Password Cracking Types
Brute Force, Dictionary Attack, Rainbow
Table
Password Cracking
Types:(Guessing Technique)
I have tried many friends house and even some companies that , their
password...
Demo Facebook Phishing Attack
Password Cracking Types:
(Phishing)
Password Cracking Types:(Social
Engineering)
 sometimes very lazy genius non-IT
Geeks can guess or find out your
password
Application Password Cracking:
(Malware)
Demo: Application Password
Cracking
Lets work as software cracker or
Reverse Engineer
 Open the myprogram.exe file with
your Hex Editor
 Try to find the pas...
Password Cracking Types:(Offline
Cracking)
 We have enough time to break the
password
 Usually take place for big data
...
Password Cracking Tools
 Brutus
◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc...
Demo
1- Cracking Zip Files
2- Cracking Rar Files
Cracking Zip password Protected
File
Requirement:
 Medusa/Hydra free open source tool
(can be find on your Backtrack or K...
Password hardening
Password Hardening
 Techniques or technologies which put
attacker, cracker or any other
malicious user in difficulties
 ...
Password Hardening
 All the Security solution just make it
more difficult. Harder but possible
Windows Login Cracking
Requirement:
 Medusa/Hydra free open source tool
(can be find on your Backtrack or Kali)
 nmap
 ...
Password Cracking Depends
on
 Attacker's strengths
 Attacker's computing resources
 Attacker's knowledge
 Attacker's m...
Demo: Web Site Login Cracking
Any Question?
 Manavi.sina@gmail.com
 @sinamanavi
 LinkedIn: Sina Manavi
 Check my homepage for latest
presentations/ ...
Password Attack
Password Attack
Password Attack
Upcoming SlideShare
Loading in...5
×

Password Attack

3,519

Published on

in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,519
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
0
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Using Fake pages or application
  • Transcript of "Password Attack "

    1. 1. Hackaway Hacking Methodology: Password Attacks EC-Council, Malaysia Instructor : Sina Manavi 15th May 2014 http://eccouncilacademy.org/home/hackaway- hacking-methodology/
    2. 2. About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
    3. 3. Agenda  Password Security  Demo: Windows Password Reset  Demo: Google Dork  Demo: Password disclosure!  Demo: Gmail Password Extraction (Forensics Method)  Secure Password  Password Cracking Concept  Coffee time   Demo: Facebook Phishing Attack  Introducing Password Cracking Tools  Demo: Zip/Rar password File Cracking  Demo: Windows Login Password Hacking
    4. 4. Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
    5. 5. Password Security  Don’t use your old passwords  Don’t use working or private email for every website registration such as games, news,….etc.
    6. 6. Google Dork
    7. 7. Demo: Windows Password Reset
    8. 8. Gmail and Facebook Password Extraction (Dumping Physical Memory)  Dumpit (free Windows tool)  Or if you use win8, you can do dump specific process in task manager  Strings and Grep  Hex Editor
    9. 9. Secure Password  Comprises: [a-zA-z, 0-9, symbols , space]  No short length / birthday / phone number / real name , company name  Don’t use complete words or Shakespeare quotes  ◦ Example: ◦ Hello123: Weak ◦ @(H311l0)@: Strong Easy to remember, hard to guess
    10. 10. Demo Router password cracking
    11. 11. Password Cracking Concept  Password Cracking is illegal purpose to gain unauthorized access  To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
    12. 12. Password Cracking Types Brute Force, Dictionary Attack, Rainbow Table
    13. 13. Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin .
    14. 14. Demo Facebook Phishing Attack
    15. 15. Password Cracking Types: (Phishing)
    16. 16. Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
    17. 17. Application Password Cracking: (Malware)
    18. 18. Demo: Application Password Cracking
    19. 19. Lets work as software cracker or Reverse Engineer  Open the myprogram.exe file with your Hex Editor  Try to find the password inside of
    20. 20. Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  very strong and complicated password  After attack  Forensics investigation
    21. 21. Password Cracking Tools  Brutus ◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack ◦ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz ◦ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** ◦ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper ◦ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra ◦ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG ◦ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
    22. 22. Demo 1- Cracking Zip Files 2- Cracking Rar Files
    23. 23. Cracking Zip password Protected File Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  Having Password-list and Username- list for brute forcing  A Zip password protected File  And poor file owner 
    24. 24. Password hardening
    25. 25. Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
    26. 26. Password Hardening  All the Security solution just make it more difficult. Harder but possible
    27. 27. Windows Login Cracking Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  nmap  Having Password-list and Username- list for bruteforcing  Target windows
    28. 28. Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
    29. 29. Demo: Web Site Login Cracking
    30. 30. Any Question?  Manavi.sina@gmail.com  @sinamanavi  LinkedIn: Sina Manavi  Check my homepage for latest presentations/ tutorial

    ×