Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Playin with Password

1,371 views

Published on

  • Be the first to comment

Playin with Password

  1. 1. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  2. 2. Details Password Deal with Cracking Passive Action Simulation Discussion http://google.com/search?q=y3dips
  3. 3. Password Why ? “Kata Kunci” diansastro 090382 mickey http://google.com/search?q=y3dips
  4. 4. Password Panjang Minimum 6 Karakter Tidak Ber-Makna (bukan nama pacar, bukan tanggal lahir) Kombinasi Huruf, Angka dan karakter lain UsernameX Password Perlu Pengamanan extra http://google.com/search?q=y3dips
  5. 5. Password PassPhrase ? D1an545TR0 4m1nkExtravaganz4 KaptenTSUBASA http://google.com/search?q=y3dips
  6. 6. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  7. 7. Simulation ! Cracking windows Password via linux via windows Cracking Linux Password Remote Cracking http://google.com/search?q=y3dips
  8. 8. Cracking windows Password Tools Bkhive + sampdump2 (getting hash) Pwdump2 (getting hash) John the ripper for cracking the hash Database password : SAM file , system http://google.com/search?q=y3dips
  9. 9. Cracking Linux Password Tools Unshadow John the ripper for cracking the hash Database password : passwd, shadow http://google.com/search?q=y3dips
  10. 10. Remote Cracking Bruteforcing via network Slow speed Brutus, hydra, ssh crack, tftpd-bruteforce http://google.com/search?q=y3dips
  11. 11. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  12. 12. Passive Action? Browser Ability? Keylogger Application/Engine Hole Insecure protocol/line http://google.com/search?q=y3dips
  13. 13. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  14. 14. Browser Ability Wand/Remember Password History Cache ability etc http://google.com/search?q=y3dips
  15. 15. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  16. 16. Keylogger Malicious Program Key stroke Passive tools http://google.com/search?q=y3dips
  17. 17. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  18. 18. Bugs in Application Application/Engine Vulnerability Information disclosure e.g: phpnuke, postnuke, mambo http://google.com/search?q=y3dips
  19. 19. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  20. 20. Insecure Line Plaintext protocol ( http, tcp, smtp ) Plaintext Data Sniff it & collect it ( ethereal, ettercap, dsniff, etc) http://google.com/search?q=y3dips
  21. 21. http:// clear text
  22. 22. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  23. 23. Survive Using a better pass phrase Using secure line/protocol Encryption Securing tools (firewall, antivirus) Update info E.t.c http://google.com/search?q=y3dips
  24. 24. Ahmad Muammar W. K. http://google.com/search?q=y3dips

×