CyberMoransđ¤
Many people may have seen password cracking portrayedđ in movies as a quick and impressive feat𤪠But, it is NOT flashy and potentially much more time-consuming. Password cracking typically involves brute-forcing a password using various methodsđ
There are two âď¸ primary ways to store passwords: encryption and hashingđ
Encryption transforms plaintext into reversible ciphertext, which allows password managers to store and display the original plaintext password đ
On the other hand, hashing is the typical and most popular method 𼸠used for storing passwords for online services. Since service operators don't need to reverse passwords, only to verify they are correct, passwords are hashed. Hash algorithms convert plaintext values into ciphertext in a one-way process đ
A hackerđ must retrieve the ciphertext value, often through man-in-the-middle attack, hacked credential databases, or phishing. Once an hackerđ has obtained the hash, the next step is to crack the password. Most password-cracking techniques involve brute-forcing the password, but there are ways to make this process more efficient and streamlined...lets do this!đŞ
đ Rainbow Tables
Since hashing algorithms are publicly known, it is possible to create massive lists of password hashes that a stolen hashâ ď¸ can be compared against. Instead of generating a new hash for every variation, look up the stolen hash against a table to see if it matchesđ
There are many different hash methods and near-infinite password variations, which can quickly make managing and storing tables like this very difficult. There is another technique known as password salting that can also throw a wrench đŠ in this technique. If the server adds random values to the front and end of a hash (values known only to the server), then the resulting hashes wonât match known values anymoređ
đ Dictionary Attacks
To make brute-forcing a password easier, attackersđ can use dictionaries of common words and phrases like company names, sportsteams, etc. This narrows down the list of potential password choices. In the past, users were recommended to change their password often like, every 90 days or something and to use complex passwordsâ ď¸
But, this led to users choosing passwords like !BaneDC2023#, which makes the job of a password cracker easier. Once the base word, Bane, is guessed through a dictionary attack, trying a few different symbols and numbers can quickly crack the passwordđ
đ Markov chain attack
This is an advanced dictionary attack involving a statistical analysis of a list of words stored in a table and used to calculate the probability of character placement in a brute-force attackđ
Illustration of a markov chain attack by shulk from super smash bros
đ Weak Hashing
Of course, not all password hashing schemes are created equal. As technology evolves, what was once considered secure may no longer be so. This is true for hash algorithms like MD5 or SHA-1, which can be cracked quicklyđ
A system that stores user password hashes with one of these algorithms could have its entire database cracked quickly. Modern systems recommend more secure algorithms, such as bcrypt, which uses salted password hashes đ¤
đ Brute Forcing
Sometimes, the only way to find a password is to attempt every possible combination of letters, numbers, and symbolsđ If the password is random, many other techniques to make the job easier may not workđ§
This đ approach is the least efficient, but it may be the only option when all else fails.
An attackerđ may use a computer or a cluster of computers to attempt every possible variation. The longer the password, the more difficult, power hungry and time-consuming the cracking process can becomeđŤ
đ Password Cracking Tools
Though the techniques themselves are essential to know, many password crackers rely on readily available tools.
Though the standard tools are listed below, many more are available. All of the below are open-source and community-developed, which means they are ever-evolving đ
đ John the Ripper - Supports hundreds of hashes types across many applications and is available on multiple platforms.
đ Hashcat - Works with the CPU and GPU to provide a high-speed command-line password-cracking tool supporting many hash types.
đ Ophcrack - A tool based around rainbow tables focused on LM and NTLM passwords used in Windows environments.
đ Zip Cracker - Crack Zip Passwords With Dictionary Attacks
đ RainbowCrack - Optimized memory trade-off tool for table creation, conversion, and lookup.
đ AirCrack - Uses FMS Attack Supports WEP and WPA passwords
đ Protect Yoselves
With all the talk of password cracking, what can you do to protect yoself? Modern security organizations such as NIST, though their 800-63B guidelines, now recommend the following đ
đ¨ Use a Double-Blind Password Strategy - also known as "horcruxing", "password splitting", or "partial passwords", involves storing the long and complex part of a password in a password manager and keeping the short unique identifier, such as a PIN code or word, to yourself. Splitting the password into two parts makes it much harder for an hackerđ to gain full access, even if they have stolen your password manager's passphrase and secret.
đ¨ Ditch the regular password change requirements. Only change passwords if requested explicitly by a user or if a password has been breachedđ
đ¨ Decrease the arbitrary need for password complexity and focus on overall password length, such as a minimum of 12 charactersđ
đ¨ All new passwords must be compared against commonly used or previously compromised passwordsđ
đ¨ Do not reuse passwords across different services to avoid attacks such as credential stuffingđ
đ¨ Increased hash security means that even shorter passwords take far longer to crack, such as MD5 vs. PBKDF2.đ
đ¨ To keep end-users in your organization secure and to prevent password-based vulnerabilities, it is important to incorporate MFA whenever possible.đ
đConclusion đ¤
Subscribe to receive notifications of similar posts đ where we will be reverse engineering malware, vulnerabilities as well as hacking tools, vectors, stories, tutorials and other Infosec stuff...đ
Follow me on twitter for daily Infosec Memes and shenanigansđ
Moransđ
Thank you for taking time and hope you learned something new, Like/Share and leave a comment and as always, stay awesome! đđ đŞ
Comments