Advances in Open Source Password Cracking


Published on

null Pune Chapter - December 2012 Meet

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Advances in Open Source Password Cracking

  2. 2. Agenda John the Ripper Ettercap Attacks on M$ AD / Kerberos infrastructure Misc. Stuff Current and future work
  3. 3. John the Ripper John the Ripper is a free open-source password cracking software tool ( Traditionally supports cracking hashes (LM, FreeBSD, DES crypt etc.) $ cat lm-hash user:fda95fbeca288d44aad3b435b51404ee $ john -format:lm lm-hash Loaded 1 password hash (LM ...) HELLO (user)
  4. 4. Jumbo patch community-enhanced version of JtR, available in almost all Linux distributions Add tons of formats for cracking hashes as well as “non- hashes” Hashes: e.g. MD5, LM “non-hashes” : e.g. PDF or other types of files Can use GPU to accelerate cracking (Speedups > 150X possible)
  5. 5. Jumbo patch supports cracking 1Password, Clipperz, Apple DMG images, EncFS, EPiServer, GPG private keys, IKE PSK, Apple Keychain, GNOME Keyring, KDE KWallet, KeePass, LastPass, Mozilla Master Passwords, MongoDB, MS-CHAP, MySQL authentication protocol, M$ Office, OpenOffice, PDF, O5LOGON, Password Safe, ZIP, RAR, Apple 10.8 hashes, GRUB 2, PFX, SSH keys, PuTTY keys, PostgresSQL, M$ PST, RACF, etc Above list *only* includes formats I have worked on Lot of these formats are faster than commercial products. Many formats are not even supported by commercial products
  6. 6. Example: cracking password protectedSSH keys Two-step process Use one of the many *2john utilities $ key-catch22 > ssh-hash $ john ssh-hash Loaded 1 password hash (ssh-ng ...) catch22 (key-catch22)
  7. 7. Example: using GPU Build GPU-enabled JtR (e.g. make linux-x86-64-opencl) $ john -fo:keychain -t Benchmarking: Mac OS X Keychain ... Raw: 1331 c/s real, 1331 c/s virtual $ john -fo:keychain-opencl -t # ATI 7970 GPU OpenCL platform 1: AMD Accelerated Parallel Processing ... Benchmarking: Mac OS X Keychain ... Raw: 208537 c/s real, 92758 c/s virtual Greater than 150X speedup
  8. 8. JtR community Join “john-users” mailing list for general discussion and help Join “john-dev” if you are interested in JtR development #openwall channel on Freenode IRC network Writing a plug-in (called format) is easy enough (start contributing!)
  9. 9. Ettercap Ettercap is free, open source network security tool for doing MiTM attacks. Allows interception and modifications of packets on the fly. Can be extended by writing plug-ins
  10. 10. Example: Facebook password sniffing Facebook loads login form over HTTP which POSTs credentials to a HTTPS link. Modified HTTP dissector (ec_http.c) to replace “https” with “ http”. Login form is now posted over HTTP Ettercap filter functionality can be used to do the same.
  11. 11. Example: Facebook password sniffing Only 12 lines of code added to ec_http.c 6 lines to avoid gzip encoding and 6 lines to avoid SSL
  12. 12. Example: works for Flipkart andRediffmail too Ettercap automatically prints credentials sent over HTTP Don’t expose / load resources over HTTP
  13. 13. Ettercap: My contributions MySQL v5 challenge-response PostgreSQL challenge-response VNC challenge-response O5LOGON protocol (used by Oracle DB) MongoDB challenge-response Kerberos MiTM etype downgrade attack MongoDB MiTM fixed salt attack
  14. 14. Ettercap community #ettercap-project channel on Freenode IRC network Writing a plug-in (called dissector) is easy once the protocol is understood (use Wireshark)
  15. 15. Attacks on Kerberos and M$ ADinfrastructure Popular network authentication protocol used to implement SSO Uses shared secret/symmetric keys (which don’t travel over the network) Uses timestamp pre-authentication in which timestamp is encrypted with a key (derived from the user password) We capture encrypted timestamp and mount offline brute- force attack
  16. 16. Kerberos: Key Derivation The “string-to-key” function used to convert a user password to a secret key in Kerberos is dependent upon the encryption type (called etype) being used. etype functions differ in cost etype negotiation process can be attacked to downgrade etype (and make offline attacks faster)
  17. 17. Kerberos: etype downgrade attacks Downgrade etype 18 (aes256-cts-hmac-sha1-96, very expensive) to etype 23 (rc4-hmac, very fast) etype 18 brute-force attack, 380 tries per second on CPU, 125K on ATI 7970 GPU etype 23 brute-force attack, 728K tries per second on CPU Speedup > 1900X
  18. 18. Kerberos: etype downgrade attacks These attacks have been talked about previously but tools were not published (maybe not even made). My Ettercap plug-in is the first public tool to make these attacks practical. Only 16 lines of code.
  19. 19. Misc : Guaranteed cracking of PDFfiles using RC4 40-bit encryption RC4 40-bit is still popular among banks and income tax department. Should take less than 2 days on AMD FX-8120 (8- core Bulldozer)
  20. 20. Misc : Guaranteed cracking of PDFfiles using RC4 40-bit encryption Three-step process $ npdf2john test.pdf test.pdf:$npdf$1*2*40*4*1*16*c56b… $ RC4-40-brute ‘test.pdf:$npdf$1*2*40*4…’ Key is : 9296c944ee $ qpdf --key=9296c944e --decrypt test.pdf output.pdf
  21. 21. Current and future work Dropbox account “hijacker” Metasploit post script for doing the same Offline attacks on LastPass password manager Fake VMware vCenter (and ESX) server for Metasploit project Fake LDAP server for Metasploit project
  22. 22. Questions