Objective ad Verbatim:
“Although brute force and dictionary attacks were once the primary tools to crack an encrypted password, today rainbow tables are more frequently used. In this project, you download and install Ophcrack, an open-source password cracker program that uses rainbow tables.” (Ciampa, 2009)
Process:
1. For starters, the Ophcrack client was downloaded along with the Windows XP Tables (Free Small). The client was installed on a VMWare Virtual Machine (Windows XP) with the tables put into an external hard drive. I then proceeded to create test accounts.
2. I named the accounts according to password strength: Easy Entry; Medium Entry; Hard Entry; Insane Entry.
3. I made the passwords as such: Easy Entry: ‘dog’, Medium Entry: ‘ronweasly’, Hard Entry: ‘sT@rW@rz5VI’, Insane Entry:’ fgsfds4CHAN*j355s^;{}’.
4. After setting up the accounts, I maneuvered to the Ophcrack program.
5. Before attempting to crack the local SAM hashes, configuration was needed. I plugged in my external hard drive and added the XP free small tables location.
6. Next, I loaded the local SAM hashes to obtain the LM and NT hashes of the passwords.
7. The Easy Entry password was cracked in under five seconds.
8. The Medium Entry password was cracked in under a minute.
9. The statistics tab will display what is going on during the cracking process in more detailed figures.
10. The Hard and Insane Entry were not crackable using the XP Free Small tables
11. Next, I attempted cracking the first hash provided in the practical. Copying the text into notepad, I saved the file for Cain to work on.
12. I opened Cain, a software capable of cracking LM/NTLM hashes via various methods.
13. Next, I imported the NT hash in the text file I made previously.
14. I decided to use a brute force attack to crack the NTLM hash.
15. I loaded the hash.
16. I proceeded to start the cracking process. It broke the hash in less than a second.
Reflection:
Foremost, this practical highlights the need to use and maintain secure passwords. On Windows machines, it is possible to obtain the local SAM password easily with pwdump or a program with integrated LM/NT password hash accessing capabilities such as Ophcrack. In UNIX or UNIX-like systems such as Linux, the hashes (which may be stored in MD5) are found in /etc/passwd or /etc/shadow.
Now, I’ll cover rainbow tables in more detail in a separate post. However, I’ll put forth some discourse on the importance of choosing passwords programmatically and manually improbable to crack. Firstly, we identify the factors which pose substantial difficulty to breaking hashed passwords.
Length is one factor. Since, some brute force programs try every possible combination of plain text to hash, the variability or length of the password would mean that there would be a huge pool of possible permutations. Furthermore, in a brute force or dictionary attack (more particularly hybrids with the ability to mutate dictionary words) length plays a huge part when systematically determining if the plain text matches the hashed value (in a pool of (number of possible characters)^(number of fields)).
Another is password complexity. Since the number of possible permutations depend on the number of possible characters exponentiated by the number of fields, an increased character set will be harder to break than a set with fewer characters. For example, a character set containing only lower case alphabets would be easier to break than a character set containing upper and lower case alphanumeric values.
Another factor regarding the breaking of hashes is memory space. When generating lists of every possible plain text to hash, the memory space available is typically not sufficient to contain an extensive list. This coupled with the processing power required to generate that amount would pose a difficulty hard to overcome. (This was solved via the Rainbow Tables method)
Sine Cera,
Jeremy Heng.
"Quis custodiet ipsos custode?"
Hands-On Project 7.1 Sources
No comments:
Post a Comment