Password Attack


Published on

in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting

1 Comment
  • Hello everyone , if you want to have any of these services done -----  Monitor text messages (WhatsApp, Gtalk, sms, iMessage, Viber, Facebook) – GPS location tracking – Spy on Calls (even deleted information) – Bugging – Remotely block the phone –Emails hack - View multimedia files of the phone – View memos and address book – Url tracking – Credit fix- Bank access-  WU , MG , PayPal transfers , Access to the list of installed applications – Block websites and apps. Contact  He is a reliable hacker and will get your job done for you in a twinkle of an eye . 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Using Fake pages or application
  • Password Attack

    1. 1. Hackaway Hacking Methodology: Password Attacks EC-Council, Malaysia Instructor : Sina Manavi 15th May 2014 hacking-methodology/
    2. 2. About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics Contact : Homepage:
    3. 3. Agenda  Password Security  Demo: Windows Password Reset  Demo: Google Dork  Demo: Password disclosure!  Demo: Gmail Password Extraction (Forensics Method)  Secure Password  Password Cracking Concept  Coffee time   Demo: Facebook Phishing Attack  Introducing Password Cracking Tools  Demo: Zip/Rar password File Cracking  Demo: Windows Login Password Hacking
    4. 4. Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
    5. 5. Password Security  Don’t use your old passwords  Don’t use working or private email for every website registration such as games, news,….etc.
    6. 6. Google Dork
    7. 7. Demo: Windows Password Reset
    8. 8. Gmail and Facebook Password Extraction (Dumping Physical Memory)  Dumpit (free Windows tool)  Or if you use win8, you can do dump specific process in task manager  Strings and Grep  Hex Editor
    9. 9. Secure Password  Comprises: [a-zA-z, 0-9, symbols , space]  No short length / birthday / phone number / real name , company name  Don’t use complete words or Shakespeare quotes  ◦ Example: ◦ Hello123: Weak ◦ @(H311l0)@: Strong Easy to remember, hard to guess
    10. 10. Demo Router password cracking
    11. 11. Password Cracking Concept  Password Cracking is illegal purpose to gain unauthorized access  To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
    12. 12. Password Cracking Types Brute Force, Dictionary Attack, Rainbow Table
    13. 13. Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin .
    14. 14. Demo Facebook Phishing Attack
    15. 15. Password Cracking Types: (Phishing)
    16. 16. Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
    17. 17. Application Password Cracking: (Malware)
    18. 18. Demo: Application Password Cracking
    19. 19. Lets work as software cracker or Reverse Engineer  Open the myprogram.exe file with your Hex Editor  Try to find the password inside of
    20. 20. Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  very strong and complicated password  After attack  Forensics investigation
    21. 21. Password Cracking Tools  Brutus ◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack ◦ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz ◦ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** ◦ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper ◦ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra ◦ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG ◦ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
    22. 22. Demo 1- Cracking Zip Files 2- Cracking Rar Files
    23. 23. Cracking Zip password Protected File Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  Having Password-list and Username- list for brute forcing  A Zip password protected File  And poor file owner 
    24. 24. Password hardening
    25. 25. Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
    26. 26. Password Hardening  All the Security solution just make it more difficult. Harder but possible
    27. 27. Windows Login Cracking Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  nmap  Having Password-list and Username- list for bruteforcing  Target windows
    28. 28. Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
    29. 29. Demo: Web Site Login Cracking
    30. 30. Any Question?   @sinamanavi  LinkedIn: Sina Manavi  Check my homepage for latest presentations/ tutorial