Today I will be blogging on how password cracking attacks work. There are three types, rainbow table attack (also called cryptanalysis attack), dictionary attack and brute force attack. Below are how these work.
Rainbow table attack- These use a table called a rainbow table. To understand this, we must first understand how a password works. Passwords go through an algorithm, in windows it is the LM (LANmangaer) algorithm. The outcome is called a hash. These are 'one way' processes, so it is difficult to determine the actual password. When we type words in the password field, it goes through the algorithm and the outcome is compared with the correct password's hash. If it matches, you are allowed access and vice versa. So rainbow tables use a table with lots of precomputed hashes and compare the hashes with the hashes extracted from somewhere, in windows it is the SAM database. By the way, hashes have to be EXTRACTED from the database, or the table cannot be compared with the hashes. When there is a matching hash between the table and the extracted hash, the table then finds the plaintext of the hash which it was precomputed from. This plaintext is the password.
PROS: -Fast
-Quite reliable
CONS: - Takes up lots of space, as in the table size.
- Takes lots of resources and time to precompute the tables.
- Limitation as to how long the actual password can be. In xp it is 12 if I'm not wrong and vista and windows 7 is should be 8.
Dictionary attacks: This attack is exactly what the name implies. It uses a wordlist full of commonly used passwords and it keeps on guessing until it gets the right password.
Pros: Works on human psychology, most pple will use a word from a dictionary as their password, so dictionary attacks will get their password easily.
Cons: -not very fast, not very slow either.
-Cracks only the weaker passwords.
Brute force attacks: These are the only attacks guranteed to crack a password. Problem is, it tries every single possible keyboard combination to crack a password, so it is damn slow, unless your password is sth like 'pas' or 'qpo', in which you can set the no. of letters/numbers. This is, personally, a nightmare for cracking passwords which are 7 to 8 letters.numbers long. If a password is really strong, it can take months or weeks or days to crack.
Pros: Guranteed to crack all passwords
Cons: Too freakin slow
Lots of keyboard combinations, so cracking strong passwords would take a very, very long time.
FOR ENQUIRIES ON PASSWORD ATTACKS PLEASE COMMENT AND PLEASE DO CHECK OUT MY POST ABOUT PASSWORD CRACKING TOOLS COMIN OUT SOON!!!
Showing posts with label time memory trade-off. Show all posts
Showing posts with label time memory trade-off. Show all posts
Sunday, 21 August 2011
Ophcrack
(This will be my first post on a hacking tool.) Passwords, as we know, are one of the many security measures that everyone can implement. In fact, passwords are so common that almost all, if not all, accounts use passwords. However, a chain is only as strong as its weakest link. Passwords can be one of these weak links which compromise security. Today, I will be showing you how to use ophcrack, a password cracking distrubution. Firstly, how does it work? Well, ophcrack has the ability to use two different types of password attacks- rainbow tables and brute-force attacks. To find out how these work, please view my next post. Heres the video tutorial. Oh, and ophcrack comes in two 'modes', the live, bootable version and the GUI version. This tutorial is on the GUI one. The tutorial for the bootable one will come out later in another of my posts. Meanwhile, take a look at the instructions too! :DD
Instructions:
1) Download the GUI program by going to http://ophcrack.sourceforge.net/download.php?type=ophcrack , then clicking on windows.
2)After finishing the download, go to the directory where you downloaded ophcrack and double click on the installer.
3) Follow the instructions in the installler, but DO NOT check any of the boxes when ophcrack asks you to download the tables. If you do, the installer will screw the thing up quite badly (as in the rainbow tables, not the program), so just install the ophcrack program will do.
4)Go to http://ophcrack.sourceforge.net/tables.php and select the types of tables you want, and according to your operating system. Mine is Windows XP, so I'll choose the biggest free tables for xp. For windows 7 users, please get the vista tables, they are the same.
5) Download the tables which are in a zip file. Extract the file inside to the desktop or some other directory.
6) Open up the ophcrack program. Click on 'Load', then 'Local SAM'. Wait for a couple of seconds until the new command prompt screen closes, then continue to step 7.
7) Click on 'Tables', then click on the type of table you downloaded. For e.g., I downloaded the xp free small tables, so I click on 'XP free small'. Do this step according to the type of table you download (IMPORTANT).
8) Then click ok and close the tables window. You should see a jumble of letters and numbers in one of the columns in the ophcrack window and also the name of the tables with 'on disk' beside it at the bottom of the ophcrack window.
9) Finally, click 'crack' and ophcrack will begin to crack the passwords. When it's done it will show you all the passwords if they are found and display 'Not found' for usernames which ophcrack cannot find.
IF THERE ARE ANY PROBLEMS PLEASE COMMENT! :D
Instructions:
1) Download the GUI program by going to http://ophcrack.sourceforge.net/download.php?type=ophcrack , then clicking on windows.
2)After finishing the download, go to the directory where you downloaded ophcrack and double click on the installer.
3) Follow the instructions in the installler, but DO NOT check any of the boxes when ophcrack asks you to download the tables. If you do, the installer will screw the thing up quite badly (as in the rainbow tables, not the program), so just install the ophcrack program will do.
4)Go to http://ophcrack.sourceforge.net/tables.php and select the types of tables you want, and according to your operating system. Mine is Windows XP, so I'll choose the biggest free tables for xp. For windows 7 users, please get the vista tables, they are the same.
5) Download the tables which are in a zip file. Extract the file inside to the desktop or some other directory.
6) Open up the ophcrack program. Click on 'Load', then 'Local SAM'. Wait for a couple of seconds until the new command prompt screen closes, then continue to step 7.
7) Click on 'Tables', then click on the type of table you downloaded. For e.g., I downloaded the xp free small tables, so I click on 'XP free small'. Do this step according to the type of table you download (IMPORTANT).
8) Then click ok and close the tables window. You should see a jumble of letters and numbers in one of the columns in the ophcrack window and also the name of the tables with 'on disk' beside it at the bottom of the ophcrack window.
9) Finally, click 'crack' and ophcrack will begin to crack the passwords. When it's done it will show you all the passwords if they are found and display 'Not found' for usernames which ophcrack cannot find.
IF THERE ARE ANY PROBLEMS PLEASE COMMENT! :D
Subscribe to:
Posts (Atom)