Computer systems usually have some method of restricting access to applications, services, or network resources. The first line of defense often comes in the form of a user account and a password for that account. If the password supplied is valid for the User ID specified, the operator is allowed to access any resource authorized for use under that User ID. 1
For this password cracking lab, a SAM file was made available by using a bootable linux cd to capture the file.:
Searching for Password Cracking Software – (B)
A search for password cracking software was initiated with the Google.com search engine. Various security related web sites were interrogated including:
1. http://www.passwordportal.net/ (passwordportal.net)
2. http://astalavista.box.sk/ (Astalavista)
3. http://members.aol.com/jpeschel/index.htm (D.O.E. SysWorks)
4. http://www.nirsoft.net/ (NirSoft Freeware Utilities)
5. http://www.packetstormsecurity.org/ (Packetstorm)
Password Cracking Applications – (B)
Several applications were downloaded for testing including:
1. LCP v 5.04 from: http://www.lcpsoft.com/english/download.htm
2. John The Ripper from: http://www.openwall.com/john/
3. PWDUMP2 from: http://www.bindview.com/Resources/RAZOR/Files/
LCP v 5.04 was selected as the password cracker of choice due to it being freeware, having a GUI interface, ability to import a SAM file to crack, as well as providing the LM hash and NT hashes in one software application. LCP v 5.04 uses a dictionary attack, a brute force attack, and a hybrid of both attacks, when it attempts to crack a SAM file and expose the passwords within.
This dialog box illustrates the application with User IDs and cracked passwords revealed.
John The Ripper provided a command line interface and was able to access the local workstation’s password database, but it was not determined how to import a SAM file from an alternate source. The application was not chosen to do any further testing. This dialog box illustrates the application and its’ parameter options.
PWDUMP2 provided a command line interface and only computed the one way hashes of the local workstation’s SAM database. This data could then be piped to a text file and used as input for another application like L0phtcrack. 3 PWDUMP2 was not chosen for additional testing due to L0phtcrack being no longer available. This dialog illustrates the hashes from the local machine’s SAM database.
Initial SAM file Inspection – (A)
The SAM file was inspected using LCP v 5.04. The User IDs were reviewed and password guesses were attempted. The initial password (guesses) are as follows:
- Administrator (password)
- Guest (no password)
- gmwhite (gmwhite)
- ccwhite (ccwhite)
- user1 (user1)
- user2 (user2)
- user3 (user3)
- user4 (user4)
Cracking the SAM password database – (C)
After running LCP v 5.04 on the SAM file for approximately 2 hours all the passwords were recovered except the one for user3. The User IDs and the passwords (found) are as follows:
1. Administrator (gbwhite)
This password is not at least 8 characters in length, has no numeric or capital characters. This password also is one letter different than one of the user accounts making it easier to guess.
2. Guest (NO PASSWORD)
This account has no password and allows anyone to logon to the workstation.
3. gmwhite (gmwhite)
This password is the same as the User ID making it very easy to guess. It also is one letter different than the Administrator password, giving the user full admin rights if guessed correctly and used on the Administrator account.
4. ccwhite (etihwcc)
This password doesn’t contain at least 8 character and has no capital or numeric characters.
5. user1 (secret)
This password is a common word in a dictionary, making it easier to guess.
6. user2 (redfox)
This password is a common word in a dictionary, making it easier to guess.
7. user3 (??? UNKNOWN ???)
This password was unable to be retrieved and is probably a good password.
8. user4 (tqbfjotsld)
This password is longer than 8 letters, but has no numeric or capital characters.
Local Workstation Password File – (D)
My Windows XP operating system password is located in a file called SAM, which represents a “hive” in the Window registry. The SAM file holds the user names and password hashes for every account on my workstation. This security database is located in this directory path: file://windows/SYSTEM32/CONFIG/SAM. A backup of this file is also stored in file://windows/REPAIR/SAM.
The SAM file is locked by the operating system and cannot be copied. It is locked to all accounts including the Administrator while the machine is running. The SYSTEM account is the only one that has access to the SAM file during workstation operation. 4
I have no passwords that can be cracked in my password file because I have passwords with Alpha and Numeric characters which also have capital letters in them. I also use a pass-phrase which makes a password that isn’t found in an English or Foreign dictionary. This password schema is used for my Administrator password as well as my main User account.Good Password Policy – (E)
Internet Security System (ISS) makes a number of recommendations for good password policy at their website. 5 These guidelines are adopted from RFC1244 – Site Security Handbook. 6
A number of DON’Ts apply when choosing a secure password:
- Don’t use your User ID as the password (i.e. as it is, reversed, capitalized, etc.)
- Don’t use your first, middle, or last name in a User ID.
- Don’t spouse’s or child’s name.
- Don’t use other information that is easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, etc.
- Don’t use a password with all numerical digits or the same letters.
- Don’t use a word contained in an English or foreign language dictionary.
- Don’t use a password shorter than six characters.
A number of DOs apply when choosing a secure password:
- Do use a mixed-case alphabetic.
- Do use a password with numeric digits and / or punctuation.
- Do use an easy to remember password, so you don’t have to right it down.
- Do use a password that you can type quickly, without having to look at the keyboard.
Conclusion
Password security is very important in the digital age. As demonstrated, simple passwords can be easily cracked and therefore render the first line of defense useless against a determined hacker. Adopting strong password policies is one of the most effective ways to ensure system integrity and security. A policy that increases password length, insisting on character diversity, and promotes frequently changing the password, can make it much more difficult for a non-authorized user to gain access to valuable mission critical computer resources.d.
Contact Us
Home - Services - Works - Tools - Contact - Templates - Website Hosting - SEO - About vSpaceLab Virtual Space Lab - Web Space Lab - Gary Neubauer II - SEO Assault - Page Rank Lab - Web Site Design Prices - Hosting Prices - Logo Design Price - Seacrh Engine Optimization Prices - Web Site Design FAQ's - Search Engine Optimization FAQ's - E-Commerce FAQ's - Logo Design FAQ's - Web Design Quote
No comments:
Post a Comment