Password Attacks

Attacking Network Services Logins

• Brute-force attacks attempt every possible password variation, working systematically through every combination of letters, digits and special characters.

• Dictionary attacks attempt to authenticate to services with passwords from lists of common words (wordlists). If the correct password is not contained in the wordlist, the dictionary attack will fail.

• Hydra is an open-source tool that can be used to do bruteforce/dictionary attacks.

• Hydra can be used to brute force network services, such as, SSH, RDP, etc.. And it can also be used to brute force HTTP login forms.

Password Cracking Fundamentals

• Encryption is a two-way function, in which data is "scrambled" (encrypted) or "unscrambled" (decrypted) with at least one key.

Symmetric Encryption

• Symmetric encryption algorithms use the same key for both encryption and decryption.

• To send a message to another person, both sides need to know the key (password).

• If they exchange the key via an insecure channel, an attacker may intercept it.

• The Advanced Encryption Standard (AES) is an example of a symmetric encryption algorithm.

Asymmetric Encryption

• Asymmetric encryption uses distinct key pairs containing private and public keys.

• Each user in this transaction has their own key pair.

• To receive an encrypted message, a user provides their public key to the communication partner, which they use to encrypt their message for us.

• When the message is sent, only the corresponding private key can decrypt the message.

• A common asymmetric encryption algorithm is Rivest–Shamir–Adleman (RSA).

Hashing

• Hash algorithms are one-way functions, meaning that it's trivial to generate a hash, but a proper algorithm's implementation makes it prohibitively difficult to get the plaintext from the hash.

• Within the scope of password attacks, application and user passwords are often encrypted or hashed to protect them.

Password Cracking Theory

• To decrypt an encrypted password we must determine the key used to encrypt it.

• To determine the plaintext of a hashed password, we must run various plaintext passwords through the hashing algorithm and compare the returned hash to the target hash.

• These attacks are collectively known as password cracking, and are often performed on a dedicated system.

• Since the process can take a considerable amount of time, we often run it in parallel with other activities during a penetration test.

• Hashcat and John the Ripper (JtR) are two of the most popular password cracking tools.

• In general, JtR is more of a CPU-based cracking tool, which also supports GPUs, while Hashcat is mainly a GPU-based cracking tool that also supports CPUs.

• JtR can be run without any additional drivers using only CPUs for password cracking.

• Hashcat requires OpenCL or CUDA for the GPU cracking process. For most algorithms, a GPU is much faster than a CPU.

Calculating Cracking Time

• The cracking time can be calculated by dividing the keyspace with the hash rate.

• The keyspace consists of the character set to the power of the amount of characters or length of the original information (password). (For example if a password is limited to numbers (0 to 9) which is 10 distinct characters, and the password should be of length 6, the keyspace will be 10 to the power of 6)

• For the hash rate, we can use Hashcat's benchmark mode to determine the hash rates for various hash algorithms on our particular hardware.

• Note that increasing password length increases cracking duration by exponential time, while increasing password complexity (charset) only increases cracking duration by polynomial time.

• This implies that a password policy encouraging longer passwords is more robust against cracking, compared to a password policy that encourages more-complex passwords.

Having the Right Word List

• Password policies have grown in prevalence in recent years.

• Most passwords in the commonly-used wordlists will not fulfill these requirements.

• We can address this by automating the process of changing (or mutating) our wordlist before sending them to this target in what is known as a rule-based attack.

• In this type of attack, individual rules are implemented through rule functions, which are used to modify existing passwords contained in a wordlist.

• When attempting to create rules to mutate an existing wordlist, we should always consider human behaviour and convenience with regard to passwords.

• When an upper case letter is required, most users capitalize the first letter.

• When generating a password with a numerical value, many users simply add a "1" at the end of an existing password.

• When special characters are required, most users add the special character at the end of the password and rely on characters on the left side of the keyboard since these digits are easy to reach and type.

• Instead of creating rules ourselves, we can also use rules provided by other sources. (For example, Hashcat includes a variety of effective rules in /usr/share/hashcat/rules)

Password Cracking Process

1. Extract hashes: In a penetration test we'll find hashes in various locations. For example, if we get access to a database system, we can dump the database table containing the hashed user passwords.

2. Format hashes: To do this we'll need to know the hashing algorithm used to create the hash. Then Depending on the hashing algorithm and the source of the hash, we may need to check if it is already in the correct format for our cracking tool.

3. Calculate the cracking time: Here we determine the feasibility of our cracking attempt. If the calculated cracking time exceeds our expected lifetime, we might reconsider this approach. More realistically, we should consider the duration of the current penetration test.

4. Prepare wordlist: In nearly all cases we should mutate our wordlist and perform a rule-based attack, instead of a straight dictionary attack. In this step, we should investigate potential password policies and research other password vectors, including online password leak sites.

5. Attack the hash: After all the preparation, we can start our tool and begin the cracking process. At this point, we must take special care in copying and pasting our hashes. An extra space or a newline could render our efforts worthless.

Working with Password Hashes

• Windows stores hashed user passwords in the Security Account Manager (SAM) database file, which is used to authenticate local or remote users.

• To deter offline SAM database password attacks, Microsoft introduced the SYSKEY feature in Windows NT 4.0 SP3, which partially encrypts the SAM file.

• The passwords can be stored in two different hash formats: LAN Manager (LM) and NTLM.

  • LM: Based on DES, and is known to be very weak. Disabled by default beginning with Windows Vista and Windows Server 2008.

  • NTLM: Addresses many weaknesses of LM. However, it's not salted.

• We cannot just copy, rename, or move the SAM database from C:\Windows\system32\config\sam while the Windows operating system is running because the kernel keeps an exclusive file system lock on the file. However, there are tools that can bypass this, like Mimikatz.

• Keep Going

Salts are random bits appended to a password before it is hashed. They are used to prevent an attack in which attackers pre-compute a list of hashes and then perform lookups on these precomputed hashes to infer the plaintext password. A list or table of precomputed passwords is called a Rainbow Table and the corresponding attack is called a Rainbow Table Attack.