Downloaded 1,041 times
![What is Password
• String of characters for authentication and log
on computer, web application , software, Files ,
network , Mobile phones, and your life
• Comprises:
[a-zA-z, 0-9, symbols , space]](https://image.slidesharecdn.com/passwordhacking-140319221812-phpapp02/75/Password-Cracking-4-2048.jpg)
![Password Cracking Depends on
• Attacker's strengths
• Attacker's computing resources
• Attacker's knowledge
• Attacker's mode of access [physical or online]
• Strength of the passwords
• How often you change your passwords?
• How close are the old and new passwords?
• How long is your password?
• Have you used every possible combination:
alphabets, numbers and special characters?
• How common are your letters, words, numbers or
combination?
• Have you used strings followed by numbers or vice
versa, instead of mixing them randomly?](https://image.slidesharecdn.com/passwordhacking-140319221812-phpapp02/75/Password-Cracking-26-2048.jpg)
Uploaded bySina Manavi
Password Cracking
The document covers password security, types of password attacks, and password cracking tools and techniques. It discusses password characteristics for strength, outlines various attack methods including dictionary and brute force attacks, and identifies several tools used for cracking passwords. Furthermore, it emphasizes hardening passwords using improved security measures such as biometric technologies to protect against unauthorized access.
In this document
Powered by AI
Introduction by Sina Manavi and his credentials in Computer Security and Digital Forensics.
Defines password and its characteristics, emphasizing secure password creation and the importance of not reusing old passwords.
Explains password cracking methods, both for unauthorized access and legitimate purposes, detailing types of attacks.
Discusses specific password cracking methods including guessing, phishing, social engineering, and offline cracking.
Lists various tools available for password cracking, including their functionalities and compatibility.
Outlines strategies to strengthen passwords, including policy implementation and biometric technology.
Describes hands-on demonstrations for password cracking methods with specific tool requirements for various targets.
Highlights several factors affecting the success of password cracking, focusing on attacker skills and password strength.
More Related Content
Similar to Password Cracking
Password Cracking
- 1. Password Attacks Instructor :Sina Manavi 13th March 2014
- 2. About Me My nameis Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com Twitter:@sinamanavi
- 3. Agenda • What isPassword? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Password Cracking Tools • Hardening the password • Demo
- 4. What is Password •String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life • Comprises: [a-zA-z, 0-9, symbols , space]
- 5. Password Characteristics • Noshort length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
- 6. Password Security • Don’tuse your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
- 7. Password Cracking Concept •guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
- 8. Password Cracking Concept •Password Cracking is illegal purpose to gain unauthorized access • To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
- 9. Type of PasswordAttacks • Dictionary Attack • Brute Force Attack • Rainbow table attack • Phishing • Social Engineering • Malware • Offline cracking • Guess
- 10. Password Cracking Types •Brute Force, Dictionary Attack, Rainbow Table
- 11. Password Cracking Types:(GuessingTechnique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
- 12. Password Cracking Types:(Phishing)
- 13. Password Cracking Types:(SocialEngineering) • sometimes very lazy genius non-IT Geeks can guess or find out your password
- 14. Application Password Cracking:(Malware)
- 15. Password Cracking Types:(OfflineCracking) • We have enough time to break the password • Usually take place for big data • Or very strong and complicated password • After attack • Forensics investigation
- 16. Password Cracking Tools •Brutus ▫ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking. • RainbowCrack ▫ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version • Wfuzz ▫ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection • Cain and Able *** ▫ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator, • John the Ripper ▫ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker • THC Hydra ▫ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc) • Medusa • AirCrack-NG ▫ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools • OphCrack • L0phtCrack
- 17.
- 18. Password Hardening • Techniquesor technologies which put attacker, cracker or any other malicious user in difficulties • Brings password policy • Increase the level of web,network , application and physical access of to the company or organization. • Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
- 19. Password Hardening • Allthe Security solution just make it more difficulte. Harder but possible
- 20. Lets get handsdirty
- 21. Demo: • Cracking thezipped File • Windows Login Cracking • Router login password Cracking 192.168.0.1 • Gmail Password hacking ( Dumping Physical Memory)
- 22. Cracking Zip passwordProtected File Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • Having Password-list and Username-list for brute forcing • A Zip password protected File • And poor file owner
- 23. Windows Login Cracking Requirement: •Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for bruteforcing • Your target windows
- 24. Router login passwordCracking Requirement: • Medusa/Hydra free open source tool (can be find on your Backtrack or Kali) • nmap • Having Password-list and Username-list for brute forcing • Find the nearest Starbucks
- 25. Gmail Password hacking( Dumping Physical Memory) • Dumpit (free Windows tool) • Strings and Grep
- 26. Password Cracking Dependson • Attacker's strengths • Attacker's computing resources • Attacker's knowledge • Attacker's mode of access [physical or online] • Strength of the passwords • How often you change your passwords? • How close are the old and new passwords? • How long is your password? • Have you used every possible combination: alphabets, numbers and special characters? • How common are your letters, words, numbers or combination? • Have you used strings followed by numbers or vice versa, instead of mixing them randomly?