Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Playin with Password


Published on

  • Be the first to comment

Playin with Password

  1. 1. Ahmad Muammar W. K.
  2. 2. Details Password Deal with Cracking Passive Action Simulation Discussion
  3. 3. Password Why ? “Kata Kunci” diansastro 090382 mickey
  4. 4. Password Panjang Minimum 6 Karakter Tidak Ber-Makna (bukan nama pacar, bukan tanggal lahir) Kombinasi Huruf, Angka dan karakter lain UsernameX Password Perlu Pengamanan extra
  5. 5. Password PassPhrase ? D1an545TR0 4m1nkExtravaganz4 KaptenTSUBASA
  6. 6. Ahmad Muammar W. K.
  7. 7. Simulation ! Cracking windows Password via linux via windows Cracking Linux Password Remote Cracking
  8. 8. Cracking windows Password Tools Bkhive + sampdump2 (getting hash) Pwdump2 (getting hash) John the ripper for cracking the hash Database password : SAM file , system
  9. 9. Cracking Linux Password Tools Unshadow John the ripper for cracking the hash Database password : passwd, shadow
  10. 10. Remote Cracking Bruteforcing via network Slow speed Brutus, hydra, ssh crack, tftpd-bruteforce
  11. 11. Ahmad Muammar W. K.
  12. 12. Passive Action? Browser Ability? Keylogger Application/Engine Hole Insecure protocol/line
  13. 13. Ahmad Muammar W. K.
  14. 14. Browser Ability Wand/Remember Password History Cache ability etc
  15. 15. Ahmad Muammar W. K.
  16. 16. Keylogger Malicious Program Key stroke Passive tools
  17. 17. Ahmad Muammar W. K.
  18. 18. Bugs in Application Application/Engine Vulnerability Information disclosure e.g: phpnuke, postnuke, mambo
  19. 19. Ahmad Muammar W. K.
  20. 20. Insecure Line Plaintext protocol ( http, tcp, smtp ) Plaintext Data Sniff it & collect it ( ethereal, ettercap, dsniff, etc)
  21. 21. http:// clear text
  22. 22. Ahmad Muammar W. K.
  23. 23. Survive Using a better pass phrase Using secure line/protocol Encryption Securing tools (firewall, antivirus) Update info E.t.c
  24. 24. Ahmad Muammar W. K.