report password cracking (2)

Download Report password cracking (2)

If you can't read please download the document

Post on 19-Nov-2014

2.731 views

Category:

Education

6 download

Embed Size (px)

DESCRIPTION

more from http://it-slideshares.blogspot.com and japanese-zen-garden.blogspot.com

TRANSCRIPT

  • 1. Nhm : GVHD: Trn Quc Dng Phm Vn Tnh Nguyn Hi ng Nguyn H Vng Trng Quang Minh

2. Password Crack

  • I. Gii Thiu SAM
  • II. Tng Qut c ch M Ha Password Trong Windows
  • III. X L Logon Trong Windows
  • IV.Cc kiu Tn Cng
  • V. DEMO

3. SAM

  • SAM (security account manager) lu tr username v password ca user.
  • Password ca user lu trong SAM th c m ha
  • Password ca user acccount l s kt hp ca 2 loi password: LAN Manager v Window NT password
  • Password lu trong SAM c qua 2 ln m ha
  • DngOWF
  • M ha theo user ID
  • User c th thiu 1 trong 2 loi mt khu.

4. System key technology

  • System key(syskey) l 1 k thut dng bo v file SAM ca Microsoft
  • Xut hin u tin Service Pack 2,nhng c pht trin Service Pack 3
  • Thut ton m ha ca syskey c chiu di key 128 bit
  • c thc hin bi syskey.exe

5. System key

  • kch hot syskey :Run-> syskey->update
  • Password Startup
  • Store startup key on floppy disk
  • Store Startup key Locally

6. SAM Registry key

  • Key SAMc lu tr trong HKEY_LOCAL_MACHINEc qun l bi Registry Editor(regedt32.exe)
  • Ch c System mi thay i chnh sa c

7. SAM on Storage Subsystems

  • SAM v Syskey c lu trong2 th mc %systemroot%/repair, %systemroot%/system32 /config.
  • Window explorer ch truy nhp vo c 2 th mc vi quyn hn System
  • Trong th mc config, user khng th tng tc n file SAM.
  • Th mc repair, user thngc th truy cp vo file SAM .

8. SAM on Network

  • Nu computer l1 phn ca domain th SAMc lu tr trong active directory
  • SAMlu tr thng tin, quyn hn ca user v group trong domain

9. II.C CH M HA PASSWORD CA WINDOWS 10. M HA PASSWORD TRONG WINDOWS

  • User record c lu tr trong c s d liu Security Accouts Manager(SAM) hoc trong c s d liu Active Directory.
  • Mi user account c kt hp bi 2 password:
        • +LAN Manager Compatible Password.
        • +WinDows Password.

11.

  • Cn c gi l LM Hash.
  • c gii thiu u tin bi cc h iu hnh c nh Windows 95,98
  • Hin nay vn cn c s dng bi windows 2000,windows xp,vista v l do tng thch ngc vi cc h iu hnh c hn.

LAN Manager-compatible password: 12.

  • Password ny da trn OEM character set
  • Chiu di ti a l 14 k t
    • Cc bc tnh LM hash:
      • Password uppercase
      • Password c null-padded 14bytes
      • c chi i thnh 7bytes mi phn.
      • Mi 7bytes8bytes DES key
      • Mi key dng m ha constandKGS!@#$% ciphertext
      • 2 ciphertext c ni li vi nhau LM hash

LAN Manager-compatible password: 13. LAN Manager-compatible password: 14.

  • Khuyt im:
      • Chiu di password>spacekey^7.
      • *LM HASH l mt weak password

LAN Manager-compatible password: 15.

  • c gii thiu bi Windows NT, tng tnh an ton cho password so vi vic s dng LM hash.
  • Da trn unicode char set.
  • Chiu di n c th c nng ln 128 k t.
  • Password ny c tnh bng cch s dng thut ton m ha RSA MD-4

Windows Password(NT HASH) 16. Windows Password(NT HASH) PASSWORD/USER INFORM NT windows Hash 17. III.X L LOGON TRONG WINDOWS 18. X L LOGON TRONG WINDOWS LOCAL MACHINE LOGON DOMAIN LOGON 19.

  • Windows s dng LsaLogonUser API thc hin qu trnh xc thc.
  • LsaLogonUser API gi gi phn mm xc thc MSV1_0.
  • MSV1_0(MSV)-gi ny c gii thiu bi Window NT.
  • Gi MSV ny ngoi h tr xc thc qu trnh local logon n cn h tr pass-through xc thc user trong nhng domain khc bng vic s dng dch v Netlogon.

X L LOGON TRONG WINDOWS 20.

  • Gi xc thc MSV c chia thnh hai phn: top v bottom half.
      • Top half chy trn my tnh ng nhp(local machine), n m ha password v chuyn n thnh : LAN Manager password v Windows password. Ty vo local machine logon hay domain logon m n c nhng chin lc x l khc nhau.
      • bottom half chy trn my tnh cha thng tin user account,n truy vn password trong SAM v so snh vi password a vo quyt nh kt qu ca qu trnh xc thc.

X L LOGON TRONG WINDOWS 21. LOCAL MACHINE LOGON process SAM DATAbase TOP HALF BOTTOM HALF M S V 1_0 Packet 1.Encrypt/hash 2.Send 3.Query 4.Send stored hashpassword User/password 5.compare Reply result 22. DOMAIN LOGON 23. Some LAN Authentication protocols

  • LM Authentication
  • NTLM Authentication
      • +NTLMv1
      • +NTLMv2

24. NT LAN Manager Authentication

  • NTLM l mt giao thc xc thc c s dng bi Microsoft Windows xc thc gia client v server.
  • NTLM l tn mt tp cc security protocol ca Windows
  • N l mtchallenge-response style authentication protocol.

25.

  • Giao thc ny s s dng mt challenge-response trao i messages trnh t gia client v server:
      • + NEGOTIATE_MESSAGE
      • +CHALLENGE_MESSAGE
      • +AUTHENTICATE_MESSAGE

NT LAN Manager Authentication 26.

  • NEGOTIATE_MESSAGE:
    • The NEGOTIATE_MESSAGE nh ngha mt NTLM Negotiate message,n c gi t client n server. Yu cu m mt session authentication.
  • CHALLENGE_MESSAGE
    • The CHALLENGE_MESSAGE nh ngha mt NTLM challenge message c gi t server n client, cha challenge random
  • AUTHENTICATE_MESSAGE
    • Cha respond c tnh bi client ( DES(Unicode pwd, nonce) c gi n server.

NT LAN Manager Authentication 27. NT LAN Manager Authentication 28.

  • C = 8-byte server challenge
  • random K1 | K2 | K3 = NT-Hash | 5-bytes-0
  • R1 = DES(K1,C) | DES(K2,C) | DES(K3,C) K1 | K2 | K3 = LM-Hash | 5-bytes-0
  • R2 = DES(K1,C) | DES(K2,C) | DES(K3,C)
  • response = R1 | R2

NTLMv1 29. NTLMv1 30. NTLMv2

  • CS = 8-byte server challenge, random
  • CC = 8-byte client challenge, random
  • CC* = (X, time, CC, domain name)
  • v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
  • LMv2 = HMAC-MD5(v2-Hash, CS, CC)
  • NTv2 = HMAC-MD5(v2-Hash, CS, CC*)
  • response = LMv2 | CC | NTv2 | CC*

31. NTLMv2 32. DOMAIN LOGON 33. DOMAIN LOGON

  • Top Half MSV hng cho request n netlogon service(nsl) ca my hin ti. Sau nsl truyn request n cho netlogon service ca my remote.
  • Server tr v nonce (16bit challenge), nonce v hashed password c merge vi nhau v gi li server.
  • the Netlogon service of the authenticating machine hng the request n bottom half ca gi MSV.
  • The bottom half of the MSV Authentication Package truy vn the passwords trong SAM v so snh n m bo passwords nhp vo c hp ln khng.

34. DOMAIN LOGON NetLogon service Bottom HALF SAM TOP HALF NetLogon service Logon Request 1.Send Hashed password 2.Send request 3.nonce 4.Merged password 5.Send m-p query reply 6.result 7.result 35. IV.Cc kiu tn cng 36. Cracking Password

    • Three basic types of password cracks exist:
      • Dictionary attacks
      • Hybrid attacks
      • Brute force attacks

37. Dictionary Attacks

      • Dictionary password attackl li nhng t trong t in hay mt danh sch t(wordlist) th tm ra password ca mt user.
      • Dictionary attacks dng mt t in nh trc tm kim s hp nhau gia password c m ha v t trong t in c m ha
      • Dictionary attackkhi phc password ca mt user trong mt thi gian ngn nu nhng t trong dictionary c s dng n gin.

38. Cu trc mt WordList 39. Hybrid Attacks

  • Hybrid attackcng s dng mt t in hay mt danh sch t tng t nhdictionary attacknhng n thng minh hn ch t ng gn thm nhng k t v s ti nhng t trong t in th b kha password ca user.
  • V d:
    • Mt user c password lpassword
    • Nhng bin th:1password, password1, p@ssword, pa44w0rd,

40. Brute force Attacks

      • Brute force attacks dng nhng s v k t ngu nhin b kha password ca mt user

View more