Ethical Hacking Essentials Module 4 (Password Cracking Techniques and Countermeasures)
What is a Brute Force Attack?
Attackers try every combination of characters until the password is broken.
What is a Dictionary Attack?
A dictionary file is loaded into a cracking application that runs against user accounts. This dictionary is a text file that contains several dictionary words commonly used as passwords. The program uses every word present in the dictionary to find the password This attack is applicable in two situations: In cryptanalysis, to discover the decryption key for obtaining the plaintext from a ciphertext In computer security, to bypass authentication and access the control mechanism of the computer by guessing passwords
What is a Keylogger?
A keylogger is a program that records all user keystrokes without the user's knowledge. Keyloggers ship the log of user keystrokes to an attacker's machine or hide it in the victim's machine for later retrieval. The attacker then scrutinizes the log to find passwords or other useful information that could compromise the system.
What is L0phtCrack?
L0phtCrack is a tool designed to audit passwords and recover applications. It recovers lost Microsoft Windows passwords with the help of a dictionary, hybrid, rainbow table, and brute-force attacks, and it also checks the strength of the password.
Define NTLM Authentication
NT Lan Manager is a default authentication scheme that performs authentication using a challenge/response strategy.
Define Spyware
Spyware is a type of malware that attackers install on a computer to secretly gather information about its users without their knowledge. Spyware hides itself from the user and can be difficult to detect.
What is ophcrack?
ophcrack is a Windows password-cracking tool that uses rainbow tables for cracking passwords. It comes with a graphical user interface (GUI) and runs on different OSs such as Windows, Linux/UNIX, etc.
What are the Four Types of Password Attacks?
1.) Non-Electronic Attacks: The attacker does not need technical knowledge to crack the password, hence it is known as a non-technical attack. •Shoulder Surfing • Social Engineering • Dumpster Diving 2.) Active Online Attacks: The attacker performs password cracking by directly communicating with the victim 's machine • Dictionary, Brute Forcing, and Rule-based Attack • Hash Injection Attack • LLMNR/NBT-NS Poisoning •Trojan/Spyware/Keyloggers • Password Guessing 3.) Passive Online Attacks: The attacker performs password cracking without communicating with the authorizing party • Wire Sniffing • Man-in-the-Middle Attack • Replay Attack 4.) Offline Attacks: The attacker copies the target's password file and then tries to crack passwords on his own system at a different location • RainbowTable Attack (Pre-Computed Hashes) • Distributed Network Attack
Define a Trojan
A Trojan is a program that masks itself as a benign application. The software initially appears to perform a desirable or benign function, but instead steals information or harms the system. With a Trojan, attackers can gain remote access and perform various operations limited by user privileges on the target computer.
What is a Rainbow Table Attack?
A rainbow table attack uses the cryptanalytic me-memory trade-off technique, which requires less me than other techniques. It uses already-calculated information stored in memory to crack the encryption. In the rainbow table attack, the attacker creates a table of all the possible passwords and their respective hash values, known as a rainbow table, in advance. Attackers use tools such as RainbowCrack to perform rainbow table attack.
What is a Rule-Based Attack?
Attackers use this type of attack when they obtain some information about the password. This is a more powerful attack than dictionary and brute-force attacks because the cracker knows the password type. For example, if the attacker knows that the password contains a two- or three-digit number, he/she can use some specific techniques to extract the password quickly.
What is a Syllable Attack?
Hackers use this cracking technique when passwords are not known words. Attackers use the dictionary and other methods to crack them, as well as all possible combinations of them.
Define Kerberos Authentication
Kerberos is a network authentication protocol that provides strong authentication for client/server applications through secret-key cryptography. This protocol provides mutual authentication, in that both the server and the user verify each other's identity. Messages sent through Kerberos protocol are protected against replay attacks and eavesdropping
what is LLMNR/NBT-NS Poisoning?
LLMNR (Link Local Multicast Name Resolution) and NBT-NS (NetBIOS Name Service) are two main elements of Windows OSs used to perform name resolution for hosts present on the same link. These services are enabled by default in Windows OSs. When the DNS server fails to resolve name queries, the host performs an unauthenticated UDP broadcast asking all the hosts if anyone has a name that it is looking for. As the host trying to connect is following an unauthenticated and broadcast process, it becomes easy for an attacker to passively listen to a network for LLMNR (UDP port 5355) and NBT-NS (UDP port 137) broadcasts and respond to the request pretending to be a target host. Aer accepting a connection with a host, the attacker can utilize tools such as Responder.py or Metasploit to forward the request to a rogue server (for instance, TCP: 137) to perform an authentication process.
Define Wire Sniffing
Packet sniffing is a form of wire sniffing or wiretapping in which hackers sniff credentials during transit by capturing Internet packets. With packet sniffing, an attacker can gain passwords to applications such as email, websites, SMB, FTP, rlogin sessions, or SQL. As sniffers run in the background, the victim remains unaware of the sniffing.
What is a Pass the Ticket Attack?
Pass-the-ticket is a technique used for authenticating a user to a system that is using Kerberos tickets without providing the user's password. To perform this attack, the attacker dumps Kerberos tickets of legitimate accounts using credential dumping tools
What is password cracking?
Password cracking is the process of recovering passwords from the data transmitted by a computer system or from the data stored in it. The purpose of cracking a password might be to help a user recover a forgotten or lost password, as a preventative measure by system administrators to check for easily breakable passwords, or for use by an attacker to gain unauthorized system access.
Define Password Guessing?
Password guessing is a password-cracking technique that involves attempting to log on to the target system with different passwords manually. Guessing is the key element of manual password cracking. The attacker creates a list of all possible passwords from the information collected through social engineering or any other method and tries them manually on the victim's machine to crack the passwords.
What is a Password Cracking Tool?
Password-cracking tools allow you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords. In the case of forgotten passwords, it even allows users instant access to their locked computer without reinstalling Windows.
What is a Hybrid Attack?
This type of attack depends on the dictionary attack. Often, people change their passwords merely by adding some numbers to their old passwords. In this case, the program would add some numbers and symbols to the words from the dictionary to try to crack the password. For example, if the old password is "system," then there is a chance that the person will change it to "system1" or "system2."
What is a Hash Injection/Pass-the-Hash (PtH) attack?
This type of attack is possible when the target system uses a hash function as part of the authentication process to authenticate its users. Generally, the system stores hash values of the credentials in the SAM database/file on a Windows computer. Attackers exploit such authentication mechanisms and first exploit the target server to retrieve the hashes from the SAM databases. They then input the hashes acquired directly into the authentication mechanism to authenticate with the user's stolen pre-computed hashes. Thus, in a hash injection/PtH attack, the attackers inject a compromised LanMan (LM) or NTLM hash into a local session and then use the hash to authenticate to the network resources.
What is a Man-in-the-Middle Attack?
When two pares are communicating, a man-in-the-middle (MITM) attack can take place, in which a third party intercepts a communication between the two pares without their knowledge. The third party eavesdrops on the traffic and then passes it along. To do this, the "man in the middle" has to sniff from both sides of the connection simultaneously. In an MITM attack, the attacker acquires access to the communication channels between the victim and server to extract the information
Define SAM
Windows uses the Security Accounts Manager (SAM) database or Active Directory Database to manage user accounts and passwords in hashed format (a one-way hash).
