23.2.09

Password Attacks


Four types of password attack :
- Password online attack
- Active online attack
- Ofline attack
- Non electronic attack



Password online attack :

Man in the middle and Reply attacks
* Get access to communication and wait until authinetication sequence (there is no need to brute force )
Notice :
Sometimes hard to access - must be trusted on both side - tools widely available - can be broken by invalidating traffic
Sniffing
*Access and record network traffic , wait for authentication request and reply , brute-force credentials ... The best way for finding password

Active online attack : Password guessing

*Try different password until you find .. do not suggest çaz it will be easily detected and it needs huge amount of network traffic .

Offline Attacks :

* Times consuming , web service available , password cracking available , LM has is vulnerable
Dictionary attack
Make your own list or Use default A-Z , 0-9 .
Hybrid attack
Same to dictionary attack and append symbols

Non Technical attacks

Shoulder surfing
Watching someone types his password .... and ... enjoy :D
Keyboard sniffing
Using hardware or software to find ( Key-logger ) , realy hard to detect .. most successful way !
Social engineering
We will discuss next..

Some notification:

Microsft uses different ways to protect passwords : LM , NTLM v1 , NTLM v2 and KERBEROS
We will discuss about these protocols next .

Tools :
Rainbow crack ( Hash cracker ) , Kerbcracker ( Sniffing and password cracking ) , Netbios DOS attack ( Mostly used for windows 2000 ) , John the ripper ( One of the most powerful using to crack unix and windows password ) , Lophtcrack , ScoopLM , SMBRelay ( Man In The Middle attack by eavesdropping or redirecting a connection ) , SMBDie ,

How to Disable LM hash ?
*Best way : Editing registry by locating the following key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa make a key type Nolmhash .
*Second chance : Implement a security Policy by using group policy by disabling : Network Security : Do not store hash value on next password change .
*Last chance: Use a password with at least 15 characters .

2 comments:

Anonymous said...

I think u have 2 ... simple mistake when u named types of password attack !

To complete your post :

Types of attack on Password

It always seems to be very simple when we type our credentials to get into banking sites to do some transaction or commercial sites for purchasing some stuff but in this post I am trying to explain some of the types of attacks on password which can make you bankrupt, I am no kidding read on:



1) Hardware Device: When we talk about hardware we think that it will take time to install and only experts will be able to use this attack but NO this hardware device is very simple to install and can be installed by a kid in 10 seconds or less. See the below image to get an idea how simple it could be. Criminals have installed this device on bank machines to get the bank credentials which has costed millions of pounds to banks. Students installed them on there teachers system to get an access to the exam papers. there could be lot of other instances where these simple plugs can be installed and exploited.



2)Software Malware - Keyboard logger: We all enjoy free stuff and now and then we tend to use free softwares available on the internet. These softwares can save couple of dollars in your pocket but may cost you a lot. Imagine a scenario in which you down-loaded some free software and that software has a malware which modifies the OS kernel to get your credentials when you login to the system. These malwares can also capture the credentials when you access different banking sites. They can store these passwords locally and send them to there servers where attackers can use your bank credentials to transfer money to there bank or play in casino. Be very careful when you use free softwares.



3) Dictionary Attack: We all use dictionary and know that most of our password comes from one or the combination of words from dictionary. Yes you got me what I am going to talk. Smart people have written softwares which can be hooked in a PC to try all the possible combinations of password on a system. One solution to this problem which many organizations/banks have already implemented are locking the account after N number of unsuccessful password attempts.



4) Social Engineering Attack: If you get a call from a person saying that he is from the security team and they got an alert that your account is having some problem and it may lead to delete all of your data from the box. They can fix that for you if you can just let them know your account password, there are chances that some of us will agree to this and simply give it. I have seen many organizations where users give there choice of password to the help-desk persons and ask them to reset there password to the one they want. Users don't realize that this can give open door for other person to access to the secure stuff they should not be looking into.



5) James Bond Attack: Research institutes are challenging that they can listen to the keystrokes and guess the users password with 90% of accuracy. This is one of the reason that very confidential rooms does not let even a single voice go out of the room.

Kaveh Eslahi said...

Thanks buddy !!