Password Attacks

Understanding Password Security

The Foundations

  • Authentication is based on three key factors:

    • Something you know (password, PIN)

    • Something you have (security key, MFA tools)

    • Something you are (biometrics)

Current Password Statistics

  • Password security remains a significant concern:

    • 24% of Americans use weak passwords (e.g., "password", "Qwerty", "123456")

    • 66% reuse passwords across multiple platforms

    • 45% of users don't change passwords after a breach

    • 55% continue using compromised passwords

Password Complexity

  • An 8-character password using uppercase letters and numbers has 36⁸ combinations (208,827,064,576)

  • Strong passwords can include:

    • Phrases

    • Song lyrics

    • Random word combinations (e.g., "TreeDogEvilElephant")

Credential Storage Systems

Linux Systems

  • Passwords are stored in /etc/shadow

  • Shadow file format:

    <username>:<encrypted password>:<last change>:<min age>:<max age>:<warning period>:<inactivity period>:<expiration date>:<reserved field>

Hash Formats

Common hash identifiers:

  • $1$ = MD5

  • $2a$ = Blowfish

  • $5$ = SHA-256

  • $6$ = SHA-512

  • $sha1$ = SHA1crypt

  • $y$ = Yescrypt

  • $gy$ = Gost-yescrypt

  • $7$ = Scrypt

Windows Systems

  • Key components:

    • LSA (Local Security Authority): Manages security policies and authentication

    • LSASS: Handles system security and access permissions

    • SAM: Stores credentials in %SystemRoot%\system32\config\SAM

    • NTDS.dit: Stores Active Directory data including user accounts and passwords

Attack Methodologies

1. Dictionary Attacks

  • Uses wordlists to match against password hashes

  • Common wordlists:

    • rockyou.txt (contains 32 million passwords from the RockYou breach)

  • Best for weak, common passwords

2. Brute Force Attacks

  • Tries all possible character combinations

  • Time-intensive but comprehensive

  • Most effective against shorter passwords

3. Rainbow Table Attacks

  • Uses pre-computed hash-plaintext pairs

  • Limited by table size and content

  • Effective only for hashes present in the table

John the Ripper Tutorial

Basic Usage

  1. Single Crack Mode:

    john --format=<hash_type> <hash_file>

  2. Wordlist Mode:

    john --wordlist=<wordlist_file> --rules <hash_file>

  3. Incremental Mode:

    john --incremental <hash_file>

File Conversion Tools

Before cracking, convert files using appropriate tools:

  • pdf2john: PDF files

  • rar2john: RAR archives

  • ssh2john: SSH private keys

  • zip2john: ZIP files

  • keepass2john: KeePass databases

  • office2john: MS Office documents

Find conversion tools:

locate *2john*

Monitoring Progress

Check cracking progress:

john --show <hash_file>

Results Storage

  • Cracked passwords stored in: ~/.john/john.pot

Protection Measures

  • Implement strong password policies

  • Use multi-factor authentication

  • Monitor for breaches using tools like HaveIBeenPwned

  • Avoid password reuse across platforms

  • Regular password updates, especially after breaches

  • Implement proper hashing and salting mechanisms

Additional Resources

  • Monitor your email for breaches: HaveIBeenPwned

  • Learn about hash algorithms and their security

  • Study common password patterns and avoid them

  • Keep up with latest password security standards

PreviousFirewall and IDS/IPS EvasionNextRemote Password Attacks