SlideShare a Scribd company logo

password cracking and Key logger

Download as PPTX, PDF
Patel Mit
Patel Mit

This document discusses password cracking and keyloggers. It defines passwords and describes different types of password attacks like dictionary attacks and brute force attacks. It also lists popular password cracking tools. The document also defines keyloggers and discusses how they can be used legitimately for monitoring or illegally to steal sensitive information. It provides examples of hardware and software keyloggers and describes some methods of preventing keylogger infections like using antivirus software and alternative keyboards.

Engineering
1 of 29
Prepared By: • 1. Dabhi Pragnesh M. (140760109005) Guided By:- Prof. Richa Mali
Index  Password cracking  Key logger and spyware
Password Cracking : • What is Password? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Hardening the password
What is Password • String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life  • Comprises: [a-zA-z, 0-9, symbols , space]
Password Characteristics • No short length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes  ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
Password Security • Don’t use your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
Password Cracking Concept • guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
Password Cracking Types: (Phishing)
Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
Password Cracking Tools  Brutus Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  Or very strong and complicated password  After attack  Forensics investigation
Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc  All the Security solution just make it more difficulte. Harder but possible
Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
Key logger and spyware Define Key logger Hardware Examples Software Examples Prevention
What is Keylogging? Keystroke logging A program or hardware device that captures every key depression on the computer Used to monitor employee performance Used to seal private information
Malicious Uses… Besides being used for legitimate purposes, keyloggers can be hardware installed to a computer or software that is used to collect sensitive information. The types of sensitive information include: Usernames & Passwords Credit Card Numbers Person Information such as Name, Address, etc.
Keylogging Hardware... These small devices connect directly on the end of a keyboard to the port on the computer and look rather unassuming. At a later time the person who installed the keylogger can come back to retrieve it. They are easily removed. Source: http://epic.org/privacy/dv/keylogger_hw.gif
Software… There are hundreds of keylogger programs available over the internet for download. There are three ways for an attacker to install the software on an unsuspecting computer. 1. Install it from a compact disc or floppy disk. 2. Package the software as a computer virus or trojan horse. 3. Gain access to the computer over a network and install surveillance software remotely.
Viruses… A simple search of a virus encyclopedia shows 500 examples of keylogging malware.
Prevention… There are several ways to prevent Keyloggers: • Anti-Virus/Spyware & Firewalls • Automatic Form Fillers • Alternative Keyboard Layouts • On screen Keyboards
Anti-Virus/Spyware & Firewalls... As with any Virus or Spyware you should make sure that you have up-to-date protection. Anti-Virus: Make sure its running and using the latest virus definitions. Anti-Spyware: Same as your Anti-Virus Software, update regularly. Firewall: Make sure its active. It’s the first line of defense from online intrusions.
AutoForm Fillers… A common feature of Web Browsers including Internet Explorer and Firefox. Works against keyloggers but vulnerable to other security breaches.
Alternative Keyboard Layout... Alternative keyboards make captured keystrokes look like nonsense You can customize your own board with Microsoft Keyboard Layout Creator
On Screen Keyboards... Software based keyboards are not very effective. Clicks are converted back to keystrokes.
On Screen Keyboards... Web-based Keyboards offer more protection and are often found in online games.
Summary... Key Loggers record keystrokes: • Legitimate use: Monitor employee productivity • Illegal uses: Steal passwords, usernames, and other personal/corporate data There are ways to protect yourself: • Be aware of what’s installed on your computer • Use caution when surfing the internet • Keep your computer’s security software updated

Recommended

Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 

Recommended

Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
Sam Bowne
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
Anil Antony
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Web security
Web securityWeb security
Web security
Muhammad Usman
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
G Prachi
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Manometer
ManometerManometer
Manometer
Patel Mit
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesKislaychd
 

More Related Content

What's hot

Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
Sam Bowne
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
Anil Antony
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Web security
Web securityWeb security
Web security
Muhammad Usman
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
G Prachi
 

What's hot (20)

Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Wireshark
WiresharkWireshark
Wireshark
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Burp suite
Burp suiteBurp suite
Burp suite
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
 
Web application security
Web application securityWeb application security
Web application security
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Web security
Web securityWeb security
Web security
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 

Viewers also liked

Manometer
ManometerManometer
Manometer
Patel Mit
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesKislaychd
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 
Discovering Google Secrets
Discovering Google SecretsDiscovering Google Secrets
Discovering Google SecretsSteve Yuen
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hacking
Abhinav Mishra
 
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 GrowGrowth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
andreehuk
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Manometer
ManometerManometer
Manometer
Patel Mit
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
Jimmy Software
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
Sophos Benelux
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
Novizul Evendi
 
Grow Hack Athens Pt.1: Growth Hacking For Web Apps
Grow Hack Athens Pt.1: Growth Hacking For Web AppsGrow Hack Athens Pt.1: Growth Hacking For Web Apps
Grow Hack Athens Pt.1: Growth Hacking For Web Apps
GrowthRocks
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White Chapel
Rob Fuller
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Shweta Sharma
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 

Viewers also liked (20)

Manometer
ManometerManometer
Manometer
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Discovering Google Secrets
Discovering Google SecretsDiscovering Google Secrets
Discovering Google Secrets
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hacking
 
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 GrowGrowth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 
Manometer
ManometerManometer
Manometer
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Password Attack
Password Attack Password Attack
Password Attack
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
 
Grow Hack Athens Pt.1: Growth Hacking For Web Apps
Grow Hack Athens Pt.1: Growth Hacking For Web AppsGrow Hack Athens Pt.1: Growth Hacking For Web Apps
Grow Hack Athens Pt.1: Growth Hacking For Web Apps
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White Chapel
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 

Similar to password cracking and Key logger

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
zeus7856
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
ssuser04fcec
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Internet security
Internet securityInternet security
Internet security
rfukunaga
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.ppt
ImXaib
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPScougarcps
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
Faith Shimba
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
parag101
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 

Similar to password cracking and Key logger (20)

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Internet security
Internet securityInternet security
Internet security
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.ppt
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 

Recently uploaded

ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 

Recently uploaded (20)

ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 

password cracking and Key logger

  • 1.
  • 2. Prepared By: • 1. Dabhi Pragnesh M. (140760109005) Guided By:- Prof. Richa Mali
  • 3. Index  Password cracking  Key logger and spyware
  • 4. Password Cracking : • What is Password? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Hardening the password
  • 5. What is Password • String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life  • Comprises: [a-zA-z, 0-9, symbols , space]
  • 6. Password Characteristics • No short length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes  ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
  • 7. Password Security • Don’t use your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
  • 8. Password Cracking Concept • guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
  • 9. Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
  • 10. Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
  • 12. Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
  • 13. Password Cracking Tools  Brutus Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
  • 14. Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  Or very strong and complicated password  After attack  Forensics investigation
  • 15. Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc  All the Security solution just make it more difficulte. Harder but possible
  • 16. Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
  • 17. Key logger and spyware Define Key logger Hardware Examples Software Examples Prevention
  • 18. What is Keylogging? Keystroke logging A program or hardware device that captures every key depression on the computer Used to monitor employee performance Used to seal private information
  • 19. Malicious Uses… Besides being used for legitimate purposes, keyloggers can be hardware installed to a computer or software that is used to collect sensitive information. The types of sensitive information include: Usernames & Passwords Credit Card Numbers Person Information such as Name, Address, etc.
  • 20. Keylogging Hardware... These small devices connect directly on the end of a keyboard to the port on the computer and look rather unassuming. At a later time the person who installed the keylogger can come back to retrieve it. They are easily removed. Source: http://epic.org/privacy/dv/keylogger_hw.gif
  • 21. Software… There are hundreds of keylogger programs available over the internet for download. There are three ways for an attacker to install the software on an unsuspecting computer. 1. Install it from a compact disc or floppy disk. 2. Package the software as a computer virus or trojan horse. 3. Gain access to the computer over a network and install surveillance software remotely.
  • 22. Viruses… A simple search of a virus encyclopedia shows 500 examples of keylogging malware.
  • 23. Prevention… There are several ways to prevent Keyloggers: • Anti-Virus/Spyware & Firewalls • Automatic Form Fillers • Alternative Keyboard Layouts • On screen Keyboards
  • 24. Anti-Virus/Spyware & Firewalls... As with any Virus or Spyware you should make sure that you have up-to-date protection. Anti-Virus: Make sure its running and using the latest virus definitions. Anti-Spyware: Same as your Anti-Virus Software, update regularly. Firewall: Make sure its active. It’s the first line of defense from online intrusions.
  • 25. AutoForm Fillers… A common feature of Web Browsers including Internet Explorer and Firefox. Works against keyloggers but vulnerable to other security breaches.
  • 26. Alternative Keyboard Layout... Alternative keyboards make captured keystrokes look like nonsense You can customize your own board with Microsoft Keyboard Layout Creator
  • 27. On Screen Keyboards... Software based keyboards are not very effective. Clicks are converted back to keystrokes.
  • 28. On Screen Keyboards... Web-based Keyboards offer more protection and are often found in online games.
  • 29. Summary... Key Loggers record keystrokes: • Legitimate use: Monitor employee productivity • Illegal uses: Steal passwords, usernames, and other personal/corporate data There are ways to protect yourself: • Be aware of what’s installed on your computer • Use caution when surfing the internet • Keep your computer’s security software updated

Editor's Notes

  1. Using Fake pages or application
  2. Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others. Source: Wikipedia
  3. People who install keyloggers are interested in your information. Once they have it they can steal your identity and ruin your credit which can then take years and money in order to clear your name. People may also install these devices for commercial espionage to steal a company’s plans for a new product.
  4. Because your keyboard plugs in the back of your machine, a device like this can go unnoticed for a long time and can even look like they belong there. The only obstacle for the person installing the hardware is getting access to your computer. Depending whether or not the computer is in a public place it could be rather easy.
  5. Installing from a disk is the hardest way for an attacker to install the software, like with the hardware, they have to have physical contact with a users machine.
  6. Installing a Keylogger via virus or trojan horse is an effective and easy way to deliver the program. It could be installed and running on your computer without you even knowing.
  7. Most computers come with demo’s of Anti-Virus software and allow you to purchase a license for a full version. Free protection is also available for download, such as AVG Free. Most come with an automatic update feature to keep you current. As with Anti-Virus Software you can buy or download free versions of Ant-Spyware, sometimes called Anti-Malware. Free utilities include Windows Defender and Ad-Aware. A firewall's basic task is to control traffic between computer networks with different zones of trust. Windows comes with a firewall utility and others, such as ZoneAlarm, can be downloaded for free. Firewalls keep intruders out.
  8. Internet Explorer and other web browser come with the option to complete forms, usernames and passwords automatically. Although this is good at preventing keyloggers from viewing your information, there are other ways people can access information stored by the autoform feature.
  9. Because most keyloggers expect you to be using the standard keyboard, using an alternative layout will make the data any keylogger intercepts as gibberish, unless they can convert it.
  10. Software not 100% effective because most of these programs convert the mouse click into a keyboard event message that must be sent to the external target program to type text, like the version that comes with Windows XP.
  11. Web-based on-screen keyboards may provide some degree of protection. The game Maple Story uses a 4-digit Pin Code secured by both on-screen keyboard entry and a randomly changing button pattern; there is no real way to get the latter information without logging the screen and mouse movements; another MMORPG called RuneScape makes a similar system available for players to protect their in-game bank accounts with. Source: Wikipedia