Password Attacks

Understanding Password Security

The Foundations

• Authentication is based on three key factors:

  • Something you know (password, PIN)

  • Something you have (security key, MFA tools)

  • Something you are (biometrics)

Current Password Statistics

• Password security remains a significant concern:

  • 24% of Americans use weak passwords (e.g., "password", "Qwerty", "123456")

  • 66% reuse passwords across multiple platforms

  • 45% of users don't change passwords after a breach

  • 55% continue using compromised passwords

Password Complexity

• An 8-character password using uppercase letters and numbers has 36⁸ combinations (208,827,064,576)

• Strong passwords can include:

  • Phrases

  • Song lyrics

  • Random word combinations (e.g., "TreeDogEvilElephant")

Credential Storage Systems

Linux Systems

• Passwords are stored in /etc/shadow

• Shadow file format:

  Copy

  <username>:<encrypted password>:<last change>:<min age>:<max age>:<warning period>:<inactivity period>:<expiration date>:<reserved field>

Hash Formats

Common hash identifiers:

• $1$ = MD5

• $2a$ = Blowfish

• $5$ = SHA-256

• $6$ = SHA-512

• $sha1$ = SHA1crypt

• $y$ = Yescrypt

• $gy$ = Gost-yescrypt

• $7$ = Scrypt

Windows Systems

• Key components:

  • LSA (Local Security Authority): Manages security policies and authentication

  • LSASS: Handles system security and access permissions

  • SAM: Stores credentials in %SystemRoot%\system32\config\SAM

  • NTDS.dit: Stores Active Directory data including user accounts and passwords

Attack Methodologies

1. Dictionary Attacks

• Uses wordlists to match against password hashes

• Common wordlists:

  • rockyou.txt (contains 32 million passwords from the RockYou breach)

• Best for weak, common passwords

2. Brute Force Attacks

• Tries all possible character combinations

• Time-intensive but comprehensive

• Most effective against shorter passwords

3. Rainbow Table Attacks

• Uses pre-computed hash-plaintext pairs

• Limited by table size and content

• Effective only for hashes present in the table

John the Ripper Tutorial

Basic Usage

1. Single Crack Mode:

   Copy

   john --format=<hash_type> <hash_file>

2. Wordlist Mode:

   Copy

   john --wordlist=<wordlist_file> --rules <hash_file>

3. Incremental Mode:

   Copy

   john --incremental <hash_file>

File Conversion Tools

Before cracking, convert files using appropriate tools:

• pdf2john: PDF files

• rar2john: RAR archives

• ssh2john: SSH private keys

• zip2john: ZIP files

• keepass2john: KeePass databases

• office2john: MS Office documents

Find conversion tools:

locate *2john*

Monitoring Progress

Check cracking progress:

john --show <hash_file>

Results Storage

• Cracked passwords stored in: ~/.john/john.pot

Protection Measures

• Implement strong password policies

• Use multi-factor authentication

• Monitor for breaches using tools like HaveIBeenPwned

• Avoid password reuse across platforms

• Regular password updates, especially after breaches

• Implement proper hashing and salting mechanisms

Additional Resources

• Monitor your email for breaches: HaveIBeenPwned

• Learn about hash algorithms and their security

• Study common password patterns and avoid them

• Keep up with latest password security standards