Password Cracking

Generally, password cracking takes place in the ENTRENCH phase of the attack, after an initial penetration has been successful and password hashes have been retrieved from the compromised system, but it can be done at any point if it will yield results and hashes are available. The attacker will probably need admin/root level access, but that state is not unusual after executing a successful exploit. The point of cracking passwords is to enable future access by having valid credentials that make it difficult for defenders to distinguish malicious traffic and activity from normal. It also may be possible to gain a higher level of privilege by compromising credentials with greater access. A typical scenario could include initial penetration of a workstation, retrieving password hashes and cracking them to get access with a network admin account, then repeating the process until a domain admin account is obtained, at which point the network is fully owned by the attacker.

Password cracking involves two distinct phases:

  • Collecting the password hashes – this usually requires admin/root access and may need special tools to bypass protections against collecting hashes.
  • Cracking the hashes – once hashes are obtained, they are typically cracked by a combination of dictionary and brute force attacks. If the password is a simple dictionary word, comparing the hash to the results of hashing lists of dictionary words can reveal the password. If the password is composed of random characters, brute force attacks that try every combination of characters, hashing them and comparing to the target hash, will reveal the password in time. Many tools offer hybrid combination techniques of dictionary and brute force methods. The key element is computing power and cracking time. Rainbow tables pre-calculate every possible hash for a given character set and offer fast searching routines that can greatly reduce cracking time.
  • NOTE – in some cases it may be unnecessary to crack the hash if it is possible to offer the hash directly to the authentication mechanism and gain access. This is known as “passing the hash”.

Recent advances in cracking techniques are making the cracking times for some conventional passwords uncomfortably short. Using graphical processing units (GPUs) on video cards and loading rainbow tables onto very fast solid state drives (SSDs) are among these.

GPU Crackers make Seven Character Passwords Inadequate – [cyberarms.wordpress.com]

That’s the news from the Georgia Tech Research Institute. Using the power of a graphics video card processor (GPU) to crack passwords is not new news. But with the speeds that the GPU’s are reaching, they now have the ability to easily brute force up to seven character passwords.

According to the GTRI case study, “We’ve been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places,” said Richard Boyd, a senior research scientist at the Georgia Tech Research Institute (GTRI).

“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”

SSD tools crack passwords 100 times faster – [theregister.co.uk]

Password-cracking tools optimised to work with SSDs have achieved speeds up to 100 times quicker than previously possible.

After optimising its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. Objectif Sécurité’s Philippe Oechslin told Heise Security that the result was 100 times faster than possible with their old 8GB Rainbow Tables for XP hashes.

Cracking 14 Character Complex Passwords in 5 Seconds – [cyberarms.wordpress.com]

There has been a lot of talk recently in the security community about high speed GPU (video card) processors being able to crack passwords very quickly.

But there is a technology that can crack them even faster. A Swiss security company called Objectif Sécurité has created a cracking technology that uses rainbow tables on SSD drives.

/uploads/remoteimg/facf7aaea6b4a02aeb3e92d51c9f3fd0.jpgApparently it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast?

One article in March of this year stated that the technique using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

OBJECTIF SECURITE – PRODUCTS – [objectif-securite.ch]

Rainbow tables and Ophcrack –

Following products have been developed by Objectif Sécurité, the inventors of rainbow tables.

SEE ALSO:
Entrench
8 – Entrench – [Attack vs Defense on an Organizational Scale]
Cain and Abel
john the ripper
ophcrack

Comments are closed.