CIT-508 Linux Security

Password Cracking [Applying Linux Tools]

Prepared By:

Ali Al Kaf | Talal Al Ismail

Abstract

This research will discuss some of the techniques used in password cracking. As we know most of people use passwords as first line of defense, which mean passwords need to be strong and unbreakable. However, this study will show some tools that used in cracking passwords like John the Ripper, some back track tools to crack ZIP and RAR file passwords. Moreover, many of the Password Cracking tools are readily available from the Internet and can be downloaded for free. Our conclusion, given the heightened risk of cyber-attacks today, users should also change their passwords every thirty days or so.

Introduction

In today’s world of security with the huge development in technology, password security is one of the priorities for all authentication-based protected systems, as we know most of people and organization they depend on password to secure there important data, files, emails and even when they want to login to a computer in home or office you need user name and password. In addition, most of computer users have more than one account in different things like online banking account, email account, and any online transaction like buying or selling need some kind of security, which is a password from this we can understand that passwords are really important thing to secure and it should have a really strong mechanism to insure using passwords are useful and secure in the same time. However, there are many type of password encryption like md5 in Linux systems and (DES) windows.

Moreover, in most of the operating systems there is a password generator, which will create an encrypted form of the password you have entered. Most password generators will use some form of cryptography a simple definition of cryptography, which give you brief summary of what is “Cryptography is defined as “the science and study of secret writing”, concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers, and other methods, so that only certain people can see the real message.” Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-Rights & Cyber-Libert ies (UK)(Criminal Justice Studies of the Law Faculty of University of Leeds, Leeds LS2 9JT). In addition, there are two kinds of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems use the same key to encrypt and decrypt a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems (PGP).

On the other hand, this report will show some kind of password cracking techniques, there is no standard formula for cracking a password, and different methods used depending on the types of passwords you want to crack. However, there are four

main categories for password cranking. First, brute-force password crack involves trying every possible password combination until you find the one that works. Although this concept seems simple enough, it can be quite difficult. Second, dictionary attack is usually the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded into a cracking application, which is run against user accounts located by the application. Third, Hybrid attack another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the search words to successfully crack a password. Many people change their passwords by simply adding a number to the end of their current password. Therefore, this type of attack is the most versatile; while it takes longer than a standard dictionary attack it does not take as long as a brute force attack. Finally, the entire password attacking techniques needs time to give a result sometimes they take from minutes to weeks or more depending on the length of the password and the encrypting type.

However, password hacking does not depend just on software but also on people because when computer users put weak passwords they make themselves as a good target for hackers, encryption is really good technique but it depends on the length of the password and what it contain, which mean people should have an idea about weak and strong passwords to avoid being victims of password cracking.

Related work

Prior to starting the work, as a group we gathered all the information that would provide us with help and specified the tools to be used in this research. Among the different distributions of LINUX two of them have been selected BT4 and Fedora 13. After that, we downloaded and installed all the previously mentioned tools and operating systems. Finally, it was really necessary to learn how to use these tools and experience with it.

Problem and proposed solution

Weak passwords are passwords that are guessable, crack-able or vulnerable to pre-computational attacks. Typically, weak password choices are those that are obvious to or determinable by other people – family or pet names for example. These are easy for users to remember, but because of that, they are also easy for unauthorized users to determine. Weak passwords make it very easy for hackers to gain access to an account and could lead to substantial financial loss and identity theft. To avoid being a victim of a weak password, create a strong password with at least 8 characters and containing a combination of upper case and lower case letters as well as numbers or symbols. Do not use all letters or all numbers, and do not use a dictionary word in any language or a permutation of such. Avoid using your name, account name, common names of people or places, technical jargon, repeating sequences and keyboard sequences. Also, do not use a well-known phrase to generate a password. Furthermore, use some sort of encryption and don’t open your important accounts in unknown computers like Internet cafe also you need to change your password periodically.

Implementation and analysis

Through the whole research many cracking tools have been used and tested to get the results that our group wanted to see. To illustrate, those tools were Cain & Abel, John The Ripper, RarCrack, PDFCrack. As LINUX Backtrack is equipped with a lot of cracking tools our group used this distribution along with Fedora 13.

Cain & Abel

Cain and Abel is a password recovery tool that enables network administrators to test network security, or home users to recover a variety of stored network passwords. The software reports sniffing and recovery of most popular protocols, including FTP, SMTP, POP3, HTTP, mySQL, ICQ, Telnet and others. It can also recover passwords hidden behind asterisk (***), stored in VNC profiles, SQL Server Enterprise Manager, Remote Desktop connections and wireless connections. Other features include LSA Secrets Dumper, Protected Storage password revealer, network enumeration, VoIP filtering and more.

Usage:

Used in generating an MD5 hash. From the main interface go to Tools > Hash Calculator and write the text you need to hash then press calculate.

John The Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Usage:

Used in cracking Unix/Linux passwords Used in MD5 crack

We will crack the password of the existing user account using JTR. In Fedora 13, open the terminal and become root. After installing JTR, you need to use the unshadow command to combine the /etc/passwd and /etc/shadow files so John can use them and save the output file in a specific file of your choice.

Start cracking using this command, it will take its own time:

To see the cracked password, enter:

MD5 Crack (JTR)

# yum install john# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/pass.db

#  john -show /tmp/pass.db

 # john /tmp/pass.db

In this part, use Cain & Abel to create an MD5 hashed text and save it in a text file, and in BT4 use JTR in decrypting the hashed file.

Usage:

JTR used in cracking MD5 file

Open the terminal and write the following commands:

RarCrack 1

RarCrack is a program that uses brute force algorithm to find and recover the correct password for compressed archive in .rar (WinRAR), .7z (7-Zip) and .zip (WinZip) format in any POSIX compatible operating system.

Usage:

Used in cracking password of .zip, .7z, and .rar files.

In order to crack a password of .zip or .rar file, create one and save it in a file of your choice; then, use RarCrack in revealing that password. In BT4, go to K menu > privilege escalation > password attack > offline attack > RarCrak a new terminal will appear which allow you to try these commands.

Start cracking zip file using this command, it will take its own time:

Start cracking .rar file using this command, it will take its own time:

PDFCrack

PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool for recovering passwords and content from PDF-files. It is small, command line driven without external dependencies. The application is Open Source (GPL).

Usage:

Used in cracking a password protected PDF file

In order to crack a password of a protected PDF file, create one save it in a file of your choice; then, use PDFCrack in revealing that password. In BT4, open the terminal and install PDF crack.

 # apt-get install pafcrack

 # ./rarcrack –type zip –treads 8 /root/test.zip

 # ./rarcrack –type rar –treads 8 /root/test.rar

 # john # ./john --format=raw-MD5 /root/md5.txt

Start cracking using this command, it will take its own time:

Discussion

In general password cracking is not an easy thing to do, it always depends on a lot of things like the cracking tool you are using, type of password you are cracking its encrypted or not and the password length and content. In addition, password cracking sometimes takes long time; it could reach to days or weeks depending on the tool and what password you want to crack. Moreover, password cracking could be easy if the victim was not aware of the important of password and using simple or easy one, because, nowadays, hackers have a huge list of most popular passwords used by computer users and it is available in the internet which made hacking passwords more easy for them, also the tools are freely available with little research and little background of IT anybody can start hacking passwords.

Conclusion and future work

In conclusion, this report summarizes why we want to have a strong password and change it periodically, because as we can see with the huge development of the technology there is development in the hacking tools, which don’t need an expert user to use. However, securing computers in general and passwords depends on IT and computer users, this mean you need to be aware about what happing in the technology side and update your computer by using some sort of security in your computer. On the other hand, user attitude is also important, if they use the most powerful and secure system this doesn’t mean that they are not breakable and they need to always improve and test there security.

 # pdfcrack /root/crack.pdf

References

1. http://office.microsoft.com/en-us/office-2003-resource-kit/important- aspects-of-password-and-encryption-protection-HA001140311.aspx Intro

2. Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-Rights & Cyber-Libert ies (UK)(Criminal Just ice Studies of the Law Faculty of University of Leeds, Leeds LS2 9JT)

3. http://www.sans.org/reading_room/whitepapers/tools/password- cracking-l0phtcrack-30_957

4. http://s2.ist.psu.edu/ist451/451-Lab1_s06.pdf

5. http://www.mydigitallife.info/2009/01/06/how-to-recover-rar-7z-and- zip-password-with-rarcrack-in-linux/

6. http://pdfcrack.sourceforge.net/

7. www.oxid.it/ cain .html

8. http://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the- ripper/