Chapter 11

Authentication and Remote Access

Lab Exercises

11.01   Dictionary Attacks on Linux Passwords with John the Ripper

11.02   Brute Force Attacks on Linux Passwords with crunch and John the Ripper

11.03   Dictionary Attacks and Brute Force Attacks on Windows Passwords with Mimikatz, crunch, and John the Ripper

11.04   Rainbow Table Attacks on Windows Passwords with ophcrack

Lab Analysis

Key Term Quiz

One of the biggest takeaways from Verizon’s 2020 Data Breach Investigations Report (DBIR) was that over 80 percent of hacking-related breaches involve brute force or the use of stolen credentials.

image Cross-Reference

The Verizon DBIR was introduced and examined in Chapter 1.

Although they’re not the best choice for authentication and gaining remote access to systems and networks, passwords (something you know) are still more heavily used than security tokens/key fobs or smart cards (something you have) and biometrics (something you are).

Attackers can use a technique called password guessing in which they manually enter passwords at a login prompt to gain access to an account when they have a valid username. In fact, this is exactly what happened with two Major League Baseball teams in 2013, when a St. Louis Cardinals executive guessed the password of a former coworker who used to work for the Cardinals but moved on to the Houston Astros. This led to lots of confidential information about players, potential trades, and scouting reports getting into the hands of a rival executive. The information was publicly dumped and wound up embarrassing numerous players and teams.

Read about it at these links:

www.npr.org/sections/thetwo-way/2016/07/18/486538276/former-cardinals-official-gets-nearly-4-years-in-prison-over-astros-hack

www.vice.com/en/article/d7mkvx/did-a-houston-astros-executive-use-david-eckstein-as-his-password

There are tools to automate this password-guessing process, a type of online attack, including Medusa, Ncrack, and THC-Hydra (also known just as Hydra). These tools were built to help companies secure their networks, as security specialists can test hosts and networking devices for poor passwords. These tools are used to audit devices as well. Password-guessing online attacks can also be used to check that your firewalls, intrusion detection systems (IDSs), and intrusion prevention systems (IPSs) detect when a server gets bombarded with unsuccessful login attempts, and that accounts automatically get locked when this happens. Password guessing through manual or automated means is obviously very noisy, so attackers need a better way to do it.

Passwords should never be stored in plaintext in databases, which allows them to be used immediately after they’re stolen. As demonstrated in Chapter 5, passwords should be stored in hashed format because hashing is a one-way function.

In many of the data breaches of recent years, stolen password databases contained passwords that were either stored in plaintext or hashed with weak functions, like MD5 and SHA-1. On Linux systems, password hashes are stored in the /etc/shadow file, which you learned about and explored in Chapter 5. Most Linux distributions use a modified version of SHA-512 called sha512crypt, with something called salt, which we’ll see later in this chapter. However, the 2021.1 release of Kali Linux changed to a new hash function for passwords, called yescrypt (more on this later in the chapter). On Windows systems, password hashes are stored in the SAM (expanded as both Security Account Manager and Security Accounts Manager) database file, located in C:WindowsSystem32config. On Windows domain controllers running Active Directory, password hashes are stored in the C:WindowsNTDS tds.dit file.

The Windows NTLM (New Technology LAN Manager) suite actually uses the MD4 hash function, without a salt, for storing Windows password hashes.

Websites that have logins store passwords in a backend database, likely using the MySQL or MariaDB (coming up in Chapter 19) relational database management system (RDBMS). If an attacker enters the stolen hash into the password field, the hash itself would be hashed, so that’s not done.

In this chapter, you’ll explore what happens when a database containing hashed passwords is stolen, furthering your education on password hashing from what you learned in Chapter 5. The attackers have three attack options after they steal the hashed password database: a brute force attack, a dictionary attack, and a rainbow table attack. You’ll learn about and perform all three attacks in this chapter. Alternatively, all lab exercises in this chapter can be done with the mindset of a security specialist, performing audits to identify weak passwords.

In Chapter 22, you’ll learn how attackers can get possession of a database containing hashed passwords. For now, though, you’ll perform the lab exercises in this chapter assuming you already have password hashes. You can also perform the lab exercises in this chapter with the mindset of a penetration tester or a security specialist, making sure that passwords can’t be compromised in the future.

A brute force attack might be necessary when dealing with complex passwords. Complex passwords have some or all of the following criteria:

•   They are changed at regular time intervals (180 days, for example).

•   They have a minimum length (10 characters, for example).

•   They use at least three of the following categories: uppercase letters, lowercase letters, numbers, and symbols.

•   They can’t be reused ever, or at least going back a certain number of recent passwords.

The last criteria of not reusing passwords is why there’s a minimum timeframe for a password, implemented in some environments, which prevents users from rapidly changing their passwords a certain number of times until they can get back to their preferred password. For example, if users couldn’t reuse any of their last 10 passwords, a user might try to change their password 11 times, one right after the other, until the original and desired password is no longer within the range of the last 10 passwords.

In May 2017, NIST (National Institute of Standards and Technology) drafted guidelines that dealt a big blow to well-established password policies. NIST recommended to remove periodic password change requirements and to remove the need for required character groups of uppercase letters, lowercase letters, numbers, and symbols. NIST instead recommended to add the screening of possible passwords against password lists and known compromised passwords, which is yet another way to view the lab exercises from this chapter.

NIST’s belief is that overly complex passwords and passwords that change too frequently are too hard for users to remember, which will cause these users to write them down and store them insecurely. Furthermore, keystroke logging, phishing, and social engineering attacks work just as well on complex passwords as they do on simple ones.

Finally, keep in mind that length beats anything else against all three password attacks. In other words, a long password using one character set is stronger and more secure than a shorter password that uses multiple character sets!

Images 45 MINUTES

Lab Exercise 11.01: Dictionary Attacks on Linux Passwords with John the Ripper

A dictionary attack involves a file called a wordlist, containing words like those found in a dictionary. These words are possible passwords. The dictionary file uses likely possibilities for passwords and, unlike a regular dictionary, includes alternate spellings and additional letters, numbers, and symbols in variations of the words.

Unfortunately, there are lots of people who choose short passwords that are common words with simple variations. Attackers will make wordlists containing commonly used passwords. This is why substituting 0 for the letter O or $ for the letter S is not any form of security.

After an attacker steals a password database, on the attacker’s own machine and time (unlike password guessing, described earlier), the words in the wordlist are hashed and compared to the stolen password hashes. If a hash from the stolen database matches a computed hash of a word from the wordlist, the attacker can simply associate the matching computed hash with its plaintext input, which would be the actual plaintext password, as shown in Figure 11-1.

Image

FIGURE 11-1 Dictionary attack

The hash function used in this attack must be the same used by the organization from which the password hashes were stolen. Hash functions (like encryption algorithms), as explained in Chapter 5, are never secret (which ones are used and how they work). In fact, the length of a hash is enough to reveal which hash function is being used. Furthermore, the type of hash function used for the database will be stored alongside the hash with the username and other data in the password database, in plaintext form. Since a username is always stored in the same record as its corresponding hash, attackers can choose to attack specific accounts and their hashes instead of all accounts.

It’s even possible to precompute the hashes for all entries in a wordlist, so the words in a wordlist (possible plaintext passwords) don’t need to be hashed with each attempt to crack a password. The most renowned such password file, rockyou.txt, which you’ll use in this chapter, contains over 14 million words.

Learning Objectives

In this lab exercise, you’ll perform dictionary attacks on password hashes. At the end of this lab exercise, you’ll be able to

•   Construct multiple files containing hashes for a password-cracking program, John the Ripper, containing Linux password hashes

•   Pass multiple existing wordlists to John the Ripper to crack password hashes

•   Crack passwords using John the Ripper

•   Use John the Ripper’s various modes

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

•   The Kali Linux virtual machine (VM) you installed in Chapter 1

Let’s Do This!

In Chapter 2, you created the following user accounts: jsw, alice, bob, eve, and oscar. For cleaner output and the ability to focus on this chapter’s activities and user accounts, delete each of those user accounts (as well as any other users you created, with the exception of the first user created with the Kali Linux installation—the account you’re logged in with now) with the deluser command (covered in Chapter 2).

If you haven’t performed the lab activities of Chapter 2 yet, it might be a good idea to go through those first, as they provide a great foundation for commands executed in this chapter.

Launch your Kali Linux VM and open a terminal. Press ENTER after each command.

Images 1a–1p

Step 1 Create user accounts and crack them with the default wordlist that comes with John the Ripper, as well as metadata GECOS information.

a.   Display usage help for John the Ripper, a password-cracking program:

sudo john

Provide your password, if prompted, now and throughout this chapter’s lab exercises.

b.   See the man page entry for John the Ripper:

man john

The description is very informative:

john, better known as John the Ripper, is a tool to find weak passwords of users in a server. John can use a dictionary or some search pattern as well as a password file to check for passwords. John supports different cracking modes and understands many ciphertext formats, like several DES variants, MD5 and blowfish. It can also be used to extract AFS and Windows NT passwords.

Type q to quit.

c.   Enter the following command to get an idea of how long it will take John the Ripper to crack passwords based on various cryptographic schemes based on your current system:

sudo john --test

Options for John the Ripper are case sensitive, are able to be shortened to just enough to uniquely identify them, can start with two dashes (GNU style) or with one dash, and can use the equals sign (=) or the colon (:) to precede a value for the option.

Press CTRL-C to break out.

d.   Enter the following command to create a user named weissman:

sudo adduser weissman

As you learned in Chapter 2, this creates a user named weissman. When prompted, give the weissman user a password of jonathan (you won’t see anything on the screen when you type the password). Press ENTER for all the subsequent prompts (Full Name, Room Number, Work Phone, Home Phone, and Other) until the last prompt, which asks “Is the information correct? [Y/n].” For that question, type Y and press ENTER.

e.   Add these additional username/password combinations, paying close attention to case in the entries:

Images

Easy dictionary words are being used as passwords for demonstrative purposes.

f.   Explore the /etc/passwd and /etc/shadow files with the cat command (covered in Chapter 2).

cat /etc/passwd
sudo cat /etc/shadow

As you learned in Chapter 5, in Linux, the /etc/passwd file contains potentially important metadata in the GECOS field, including full name, room number, work phone, home phone, and other. You also learned that Linux stores password hashes in the /etc/shadow file, which is why you need to use the sudo command to view it.

g.   The unshadow utility combines the /etc/passwd and /etc/shadow files. This is done so that John the Ripper can attempt to crack the password with information from both files, using a single file.

Enter the following command to see the man page entry for unshadow:

man unshadow

Type q to quit.

h.   To see the usage of the unshadow utility, type the following command:

sudo unshadow

i.   Enter the following command to merge the /etc/passwd and /etc/shadow files into a file called rochester.txt for John the Ripper:

sudo unshadow /etc/passwd /etc/shadow > rochester.txt

j.   Type the following command to display the rochester.txt file:

cat rochester.txt

Look at the contents of this file, specifically the hashes.

k.   Using a wordlist that comes with John the Ripper (/usr/share/john/password.lst), crack as many passwords as possible from the merged file (rochester.txt):

sudo john --wordlist=/usr/share/john/password.lst --format=crypt rochester.txt

At the point of cracking, the passwords and usernames appear on the screen, as shown in Figure 11-2.

Image

FIGURE 11-2 Cracked passwords

If your regular user account’s password is in the password.lst file, it will be shown as well.

image Note

Kali Linux 2021.1 changed the hash function for passwords from sha512crypt (listed as $6$ in the /etc/shadow file) to yescrypt (listed as $y$ in the /etc/shadow file). Read about yescrypt here: https://www.openwall.com/yescrypt/

Also relevant to this chapter, from https://openwall.com/john/doc/OPTIONS.shtml:

“--format=crypt”…may be needed to audit password hashes supported by the system, but not yet supported by John’s own optimized cryptographic routines.

l.   At the time of this writing, yescrypt was not supported by John’s own optimized cryptographic routines. By the time you’re reading this, support for the $y$ hashes might be incorporated into John the Ripper, which would mean you could leave off --format=crypt for some speedup. Try it out and see. John the Ripper won’t attempt to crack a password it has already cracked. To see all passwords already cracked, use the --show option:

sudo john --show --format=crypt rochester.txt

m.   To remove all remembered cracked passwords from John the Ripper, delete the john.pot file, located in /root/.john:

sudo rm /root/.john/john.pot

Note that you do not have to enter that command now. However, if you do, you’ll need to redo step k to get back to where you were before deleting the john.pot file.

n.   Create a new user called scott:

sudo adduser scott

When prompted, provide a password of scott10314. Press ENTER to not input a value for Full Name, but for Room Number, type 10314 when prompted and press ENTER. Press CTRL-Cto not input a value for Work Phone, Home Phone, and Other. Type Y and press ENTER for the “Is the information correct? [Y/n]” question at the end.

o.   Create a new unshadow file called rochester2.txt, updated with the new user (scott):

sudo unshadow /etc/passwd /etc/shadow > rochester2.txt

You could have overwritten the rochester.txt file with the new information, but creating additional unshadow files allows you to easily go back and review previous steps without having to re-create users or passwords.

p.   Run John the Ripper, but this time without a wordlist:

sudo john --format=crypt rochester2.txt

This defaults to single crack mode, which uses the GECOS field (the metadata discussed in Chapter 5), without a wordlist. You’ll see that the GECOS information was successful for this user (scott), as shown in Figure 11-3. Furthermore, in single crack mode, John the Ripper tries other simple things, like the username.

Image

FIGURE 11-3 Another cracked password

If the single crack mode was unsuccessful, John the Ripper will try the default wordlist. The default wordlist can be changed in the John the Ripper configuration file, /usr/share/john/john.conf. If that is unsuccessful as well, John the Ripper will use incremental mode, its most powerful cracking mode. This is usually called a brute force attack because John the Ripper will try all possible character combinations. The character set can be all actual characters or a subset of characters. You’ll learn more about this in the next lab exercise. Once you see the scott password, you can break out with CTRL-C. However, feel free to observe the other modes of John the Ripper by letting it run as long as you please. More information about John the Ripper’s modes can be found at www.openwall.com/john/doc/MODES.shtml.

q.   Enter the following command to see all cracked passwords, including the latest one:

sudo john --show --format=crypt rochester2.txt

Images 2a–2k

Step 2 The cp, ls, cat, grep, and less commands used in this step were covered in Chapter 2.

The wordlist that comes with John the Ripper isn’t really that great, due to its small number of words. The more words in a wordlist, the greater your odds of successfully cracking passwords.

A company named RockYou, founded in 2005, produced widgets and implemented applications for social media sites like MySpace, Facebook Friendster, and Orkut. In December 2009, they suffered a SQL injection attack (which you’ll do in Chapter 19) that exposed over 14 million unique passwords from over 32 million accounts. Passwords for the accounts were stored in plaintext. Passwords to connected accounts of partner sites were also stored in plaintext. A list of all 14,341,564 unique passwords, used in 32,603,388 accounts, was dumped.

Here are the top five passwords used:

1.   123456 (290,729 accounts)

2.   12345 (79,076 accounts)

3.   123456789 (76,789 accounts)

4.   Password (59,462 accounts)

5.   iloveyou (49,952 accounts)

Kali Linux’s rockyou.txt file contains all 14,341,564 unique passwords, and we’re going to use it in this step.

There are many other great wordlists out there. Here are a couple of links where you can download them:

https://github.com/danielmiessler/SecLists

https://wiki.skullsecurity.org/Passwords

Decompress rockyou.txt, compare it to the default list used by John the Ripper, explore its entries, and then attempt to crack password hashes with rockyou.txt.

a.   Copy the compressed rockyou.txt file to the current directory (the dot at the end of the command represents the current directory):

cp /usr/share/wordlists/rockyou.txt.gz .

b.   Decompress (-d) the file using the gzip utility.

gzip -d rockyou.txt.gz

c.   Compare the size of the John the Ripper password wordlist file (26325 bytes or 26.325 KB) to the size of rockyou.txt (139921507 bytes or 139.921507 MB).

ls -l /usr/share/john/password.lst
ls -l rockyou.txt

That’s quite a difference!

d.   Enter the following command to install Leafpad:

sudo apt install leafpad

Leafpad is a text editor that doesn’t come by default with Kali Linux.

e.   Compare the contents of the wordlists. Display the contents through the terminal first:

cat /usr/share/john/password.lst
cat rockyou.txt

Press CTRL-C to break out or type cat rockyou.txt | less and advance line by line with ENTER
or page by page with CTRL-C. Press CTRL-C to quit.

f.   Look at the contents of the files through Leafpad:

leafpad /usr/share/john/password.lst
leafpad rockyou.txt

g.   Display all entries in rockyou.txt that have the string jonathan:

cat rockyou.txt | grep jonathan | less

h.   Display all entries in rockyou.txt that have the string weissman:

cat rockyou.txt | grep weissman

No, I was not an employee of RockYou.

i.   Search rockyou.txt for three strings of your choice to see how many passwords have those strings in them.

j.   Generate two more users with passwords that are more complex than the ones used in this lab exercise so far and make a new unshadow file called rochester3.txt.

k.   Use the rockyou.txt file with John the Ripper (by specifying the path to the rockyou.txt file after the --wordlist option in the john command) to crack the passwords. Assuming that rockyou.txt is in the current directory (your home directory, where you should be), the command would look like this:

sudo john --wordlist=rockyou.txt --format=crypt rochester3.txt

l.   If the new passwords are not in rockyou.txt, the attack will fail. If the passwords are in rockyou.txt, but in later entries, it could take a while. Another possibility is that one of your new passwords is in rockyou.txt. Any results are fine for this step. It’s okay if you crack zero, one, or two of the new passwords. Remember that with password cracking, failure is a possibility!

Images 45 MINUTES

Lab Exercise 11.02: Brute Force Attacks on Linux Passwords with crunch and John the Ripper

A brute force attack is similar to a dictionary attack. However, instead of using a set of words in a wordlist file, which might be potential passwords, a brute force attack involves iterating through all possible lowercase letters, uppercase letters, numbers, and symbols (whitespace can be included, too, for passphrases) for all lengths, to produce every possible password. These produced words are dynamically hashed and compared to the stolen hashes, as done in a dictionary attack with a wordlist, as shown in Figure 11-4.

Image

FIGURE 11-4 Brute force attack

If a password is not in a wordlist used in a dictionary attack, the attack will fail. With a brute force attack, there is no possibility of failure because all potential passwords will come up at some point. It’s a guarantee! The con is that you might not be alive to see it. Long passwords render such an attack useless because attackers don’t want to tie up so many resources in cracking passwords for hours, days, weeks, months, or years. This is a great example of how length beats anything else for passwords.

To speed things up, you can restrict the iterations to a minimum length and maximum length of characters. Another restriction for speed involves the character sets, which could be just letters, just lowercase letters, just uppercase letters, just numbers, just symbols, or some combination of different character sets.

You could even use a program like crunch, which uses all the previously mentioned restrictions but also gives you more control over specifics. Examples include allowing just certain characters from a single character set or multiple character sets, as well as including a known string, like a birthdate.

The wordlist generated by crunch can be dynamically passed to a program that attempts to crack the passwords, like John the Ripper. The crunch wordlist can also be saved to a wordlist file and later passed to a password-cracking program, like John the Ripper. John the Ripper, as mentioned earlier, can do a brute force attack on its own, without any input file.

Since random characters are generated, even with restrictions and possibly an output wordlist as well, this can still be considered a brute force attack. A dictionary attack wordlist uses predetermined characters that are meaningful rather than assembling random characters together.

Learning Objectives

In this lab exercise, you’ll generate your own wordlists and perform brute force attacks. At the end of this lab exercise, you’ll be able to

•   Use crunch to generate custom wordlists for a brute force attack

•   Perform a brute force attack with your wordlists through John the Ripper

•   Perform a brute force attack with just John the Ripper

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

•   The Kali Linux VM you installed in Chapter 1

Let’s Do This!

Launch your Kali Linux VM and open a terminal. Press ENTER after each command.

Images 1a–1g

Step 1 Generate wordlists by specifying certain criteria.

a.   See the man page for crunch, a wordlist generating utility:

man crunch

Notice that the first number that comes after the crunch command is the minimum length, while the second number that comes after the crunch command is the maximum length. Enter q to quit.

b.   Display usage help for crunch:

crunch

c.   Let’s go through some of the examples in the crunch man page. Feel free to break out of the output that doesn’t end quickly by pressing CTRL-C at any point. Notice the listings of the amount of data and number of lines that display before the words are generated.

Try Example 1 by entering the following:

crunch 1 8

crunch will display a wordlist that starts at a and ends at zzzzzzzz (using all patterns of 1 to 8 lowercase characters).

d.   Try Example 2 by entering the following:

crunch 1 6 abcdefg

crunch will display a wordlist using the character set abcdefg that starts at a and ends at gggggg (using all patterns of 1 to 6 lowercase characters).

e.   Try Example 3 by entering the following:

crunch 1 6 abcdefg

There is a space at the end of the character string. For crunch to use the space, you need to escape it using the character. In this example you could also put quotes around the letters and not need the , i.e. “abcdefg”. crunch will display a wordlist using the character set abcdefg that starts at a and ends at (6 spaces).

f.   Try Example 7 by entering the following:

crunch 4 5 -p abc

The numbers aren’t processed but are needed.

crunch will generate abc, acb, bac, bca, cab, cba.

The -p option eliminates repeating characters (here in Example 7) or words (coming up in Example 8). The min and max length values can be anything, as they’re never considered, but they must be included. This produces all patterns of the letters a, b, and c.

g.   Try Example 8 by entering the following:

crunch 4 5 -p dog cat bird

The numbers aren’t processed but are needed.

crunch will generate birdcatdog, birddogcat, catbirddog, catdogbird, dogbirdcat, dogcatbird.

This produces all patterns of the words dog, cat, and bird.

Image 2a–2g

Step 2 Changes in Kali Linux and crunch have rendered some of the other examples in the crunch man page useless, so here are some of mine.

a.   Generate passwords from length 1 to length 3, using lowercase letters, and save the results to an output file (-o) named weissman.txt, instead of outputting the results to the console:

crunch 1 3 -o weissman.txt

b.   View the contents of the file in Leafpad:

leafpad weissman.txt

Close the file by clicking the X in the upper-right corner of the Leafpad window.

c.   View the different character sets that can be used:

cat /usr/share/crunch/charset.lst

d.   Generate eight-character passwords using lowercase letters, uppercase letters, and numbers:

crunch 8 8 -f /usr/share/crunch/charset.lst mixalpha-numeric

e.   Generate eight-character passwords using lowercase letters, uppercase letters, numbers, symbols, and even whitespace:

crunch 8 8 -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space

f.   Generate passwords of length 8 that end with 0415:

crunch 8 8 -t @@@@0415 -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space

Imagine that you’re targeting an employee who posted his birthdate on social media. Bob Smith was born on April 15th. The @ symbol is a placeholder, to be replaced by the character set specified after the -f option (in this case, lowercase letters, uppercase letters, numbers, symbols, and whitespace).

g.   Generate passwords of length 8 that start with the name of Bob’s wife, Alice:

crunch 8 8 -t alice@@@ -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space

The @ placeholder symbol can be anywhere in the pattern.

Images 3a–3d

Step 3 Use crunch and John the Ripper to crack passwords in a brute force attack with a custom wordlist.

a.   Create two new users with simple passwords.

b.   Create an unshadow file called rochester4.txt.

c.   Create a custom wordlist using your own original specifications with crunch (output to file) that will have the new users’ passwords in it.

d.   Use your custom wordlist in John the Ripper to crack the passwords.

Images 4a–4d

Step 4 Use crunch and John the Ripper to crack passwords in a brute force attack without a custom wordlist.

a.   Change the scott password (from the previous lab exercise) to a four-digit password using just lowercase letters:

sudo passwd scott

Make your four letters as random as possible. A length of four has been chosen for demonstrative purposes only, to speed up the process compared to how long it would take for passwords of greater lengths.

image Cross-Reference

The passwd command was covered in Chapter 2.

b.   Create an unshadow file called rochester5.txt.:

sudo unshadow /etc/passwd /etc/shadow > rochester5.txt

c.   Use crunch to generate words of lowercase letters of length four, and dynamically pass those words to John the Ripper:

sudo crunch 4 4 | sudo john --format=crypt rochester5.txt --stdin

Wait patiently until you see the password for the scott account, as shown in Figure 11-5. Break out with CTRL-C when you see the password.

Image

FIGURE 11-5 Mimikatz

The yescrypt function is purposely slow, like the only other four hash functions that should be used for passwords: PBKDF2, Argon2, brcrypt, and scrypt. As explained in Chapter 5, these functions are purposely slow to prevent an attacker from executing a successful brute force attack by computing many hashes. The slowness only affects a brute force attack and will not present any latency to a user providing a password that is subsequently hashed and compared to the stored hash in the password database.

This step would have taken approximately 10 to 20 minutes when Kali Linux used the sha512crypt hash function, but it can now take many hours with the yescrypt function (as well as the overhead of using the --format=crypt option).

Depending on if your password is closer to aaaa (the first possibility, which will be cracked almost instantly) or zzzz (the last possibility, which could take close to 20 hours), the time you’ll have to let this run can vary greatly. For this step, I chose a password of jpgr (can you figure out four fab names that begin with these letters?), and it took over six and a half hours to get to jpgr. (Yes, I have a modern computer!) When I executed the same command on the same password in a previous version of Kali Linux that used sha512crypt instead of yescrypt, it took a mere 10 minutes.

This illustrates why only certain hash functions should be used with passwords: the slow ones. It also illustrates how longer is stronger in terms of passwords. If a brute force attack on four simple lowercase letters can take hours (close to a day in certain cases), imagine what it would take for a longer password!

d.   Generate a three-character password for the scott account of zzz (the last possibility of lowercase letters), create a new unshadow file called rochester6.txt, use crunch to generate words of lowercase letters of length three, and dynamically pass those words to John the Ripper:

sudo crunch 3 3 | sudo john --format=crypt rochester6.txt --stdin

Let it run all the way.

Notice that when you go down from four characters to three, the maximum time to crack (going all the way from aaa to zzz) goes all the way down (from an estimated 20 hours for the maximum four-character sequence from aaaa to zzzz) to just under 40 minutes, which it did for me. Now, again, consider the impact of using a much longer password.

Images 30 MINUTES

Lab Exercise 11.03: Dictionary Attacks and Brute Force Attacks on Windows Passwords with Mimikatz, crunch, and John the Ripper

Now that you’ve performed dictionary attacks and brute force attacks on Linux password hashes, it’s time to perform dictionary attacks and brute force attacks on Windows password hashes.

Learning Objectives

In this lab exercise, you’ll try your hand at cracking Windows hashes. At the end of this lab exercise, you’ll be able to

•   Perform a dictionary attack on Windows hashes using Mimikatz, crunch, and John the Ripper

•   Perform a brute force attack on Windows hashes using Mimikatz, crunch, and John the Ripper

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

•   A Windows 10 host machine or VM. The Windows 10 VM you created in Chapter 1 can be used if you haven’t yet done the Chapter 14 Lab Exercises (you can go out of order in this book), which involved connecting that VM to a domain. If you connected that Windows 10 VM to a domain, you won’ t be able to set a password as required in this lab exercise. Feel free to set up a brand-new Windows 10 VM for this lab exercise by following the steps in Chapter 1, as you did for your existing Windows 10 VM.

•   The Kali Linux VM you created in Chapter 1

Let’s Do This!

You’re about to download and install a well-known and well-used hacking tool called Mimikatz. It has been used with leaked hacking tools, including EternalBlue, made by the U.S. National Security Agency (NSA). These tools and Mimikatz were used in infamous cyberattacks, including the NotPetya and BadRabbit ransomware attacks. NotPetya alone caused over a billion dollars in damages. To be able to do this lab exercise, you must turn off your Microsoft Defender Antivirus real-time protection settings and download Mimikatz using Mozilla Firefox, as described in the following steps.

Step 1 Loosen security to allow Windows to download Mimikatz. Then download a ZIP file with Mimikatz using Mozilla Firefox and extract the ZIP file.

a.   On your Windows 10 VM, click the Start button or in the search box, type Security, and click Windows Security.

b.   Click Virus & Threat Protection.

c.   Click Manage Settings under Virus & Threat Protection settings.

d.   Under Real-Time Protection, click the button to turn it off.

e.   Click Yes to the popup.

f.   Click the X in the upper-right corner to close the window.

If you installed any anti-malware programs on the VM, they must be stopped as well.

g.   Using Mozilla Firefox (Google Chrome just won’t allow this at all), go to https://github.com/gentilkiwi/mimikatz/releases and click the link for the ZIP file. Alternatively, click the link for the 7z file. To extract the 7z file, you’ll need 7-Zip, which can be downloaded at https://www.7-zip.org/.

h.   Select Save File and click OK. Firefox will warn you, “This file contains a virus or malware.” Don’t click the blue Remove file button; instead, click the Open button. Now navigate to the Downloads folder, right-click the ZIP file, select Extract All, put a check in the Show Extracted Files When Complete checkbox, and click the Extract button. If you downloaded the 7z file, right-click the file, select 7-Zip, and then select Extract To “mimikatz_trunk.”

Images 2f

Step 2 Create two Windows user accounts.

a.   Click the Start button or in the search box, type Computer Management, and select Computer Management. This opens the Computer Management Console.

b.   Expand Local Users and Groups in the pane at the left.

c.   Click Users to see all the current local user accounts.

d.   Right-click on a blank area in the right pane and select New User.

e.   Fill in the fields, creating a four-digit password with just lowercase letters.

f.   Deselect the checkbox next to User Must Change Password At Next Logon and click the Create button.

g.   Make another user account in the same way, but give this user a password of your first name. If your first name is four characters long, add the first initial of your last name.

Images 3a–3o

Step 3 Use Mimikatz to dump Windows hashes and then use the hashes for the accounts you made in Kali Linux with John the Ripper through a brute-force attack.

a.   Open an administrative command prompt by clicking the Start button or in the search box, typing cmd, right-clicking on Command Prompt, and selecting Run as administrator. Enter each command and press ENTER afterward, as shown in Figure 11-6.

Image

FIGURE 11-6 Mimikatz

b.   Extract and copy this machine’s SAM and SYSTEM registry hives:

reg save hklmSAM sam.hiv
reg save hklmSYSTEM system.hiv

c.   From the command prompt, go to the location of your Mimikatz executable, assuming it downloaded to the Downloads directory:

cd C:Users<your username>Downloadsmimikatz_trunkx64

d.   Start the program:

mimikatz

You will see a mimikatz # prompt.

e.   Elevate privileges for the next commands:

privilege::debug
token::elevate

f.   Send the next command’s output to a text file called hashes.txt:

log hashes.txt

g.   Output the usernames and hashes for all accounts on the system:

lsadump::sam sam.hiv system.hiv

You’ll see lots of output on the screen, including, of course, the Windows password hashes.

h.   Go to C:Users<your username>Downloadsmimikatz_trunkx64 in Windows Explorer. Double-click the hashes.txt file to open it up in Notepad. Focus on the values for User: and Hash NTLM:.

i.   Click File | New to launch a new instance of Notepad. Format one or more entries in hashes.txt according to this format:

<User>:<Hash NTLM>::::

The username should come first. In reality, this value could be anything. It doesn’t have to match the actual username on the system. After the username comes a colon. The actual hash follows. Four colons at the end are required.

Here are two entries you can use:

Beatles:5be2f274f2f80c5d4d0c597f023f4f61::::

StarWars:b7c899154197e8a2a33121d76a240ab5::::

Save the file as formattedhashes.txt. We will be coming back to this file in the next lab exercise.

j.   In Kali Linux, create and name a text file:

leafpad windowshashes.txt

k.   Get the formatted user hash lines from the new Notepad instance into the file open in Leafpad. You can e-mail, copy and paste, or manually type them out. Save and close the windowshashes.txt file by clicking the X in the upper-right corner and clicking Yes to the Save Changes To ‘windowshashes.txt’? dialog box question.

l.   On Kali Linux, crack the Windows hashes with a brute force attack that limits the possibilities to exactly four lowercase letters:

sudo crunch 4 4 | sudo john --format=NT windowshashes.txt --stdin

m.   Display all Windows hashes (--format=NT) that were cracked by John the Ripper:

sudo john --show --format=NT windowshashes.txt

There should only be one (the password with four lowercase letters).

n.   To crack the password of the other user account, let John the Ripper run through its three modes, as done earlier:

sudo john --format=NT windowshashes.txt

o.   Display an updated list of all Windows hashes (--format=NT) that were cracked by John the Ripper:

sudo john --show --format=NT windowshashes.txt

If John the Ripper was successful in cracking your second password, there should now be two entries.

Images 4a–4c

Step 4 In the previous step, you performed a brute force attack with John the Ripper on a Windows password. Now, crack a user’s password with John the Ripper and rockyou.txt, using a dictionary attack this time.

a.   Create another new user with a password that appears in rockyou.txt.

b.   Use Mimikatz to dump Windows hashes.

c.   Use those hashes in Kali Linux with John the Ripper and rockyou.txt to crack the new user’s password in a dictionary attack.

Images 45 MINUTES

Lab Exercise 11.04: Rainbow Table Attacks on Windows Passwords with ophcrack

A rainbow table attack is a trade-off. Compared to a brute force attack, a rainbow table attack uses less processing (a brute force attack could last forever) and more storage (a brute force attack can be done without any storage).

Compared to a dictionary attack, a rainbow table attack uses more processing (there’s a lot more to deal with than a simple wordlist) and less storage (even though rainbow tables are significantly larger than wordlists, they do a form of compression that allows a rainbow table of the same size as a wordlist to hold extreme amounts of additional data, which will be revealed when processed).

A rainbow table involves an algorithm called a reduction function that maps hashes into something that could be an actual plaintext password. This does not mean it reverses the hash, as that can’t be done. The rainbow table alternates between hash functions and reduction functions to produce a chain of alternating hashes and plaintexts.

For example, as shown in Figure 11-7, the plaintext string of Jonathan could be put through a hash function to produce 123456. Then, 123456 would be put through a reduction function to produce Scott. Then, Scott would be put through the same hash function used just before to produce abcdef. Finally, abcdef is run through a different (explained why, shortly) reduction function to produce Weissman.

Image

FIGURE 11-7 Hashing and reducing

A reduction function could generate a mathematical value based on a hash (which is a value itself) and then encode that value into letters, numbers, and symbols. As shown in Figure 11-7, 123456 is reduced to a value (something like 536), which is encoded as Scott.

A reduction function could be as simple as taking a four-digit hash (represented in hexadecimal, base 16) and removing the first two digits to produce the plaintext. To go further, the two digits could be mapped with some math to ASCII/Unicode (see www.asciitable.com).

Generating a rainbow table with a tool like rtgen involves computing a number of chains (rows) with a specific chain length. A wordlist for a dictionary attack that stores 10,000 plaintext values or hashes can, at most, crack 10,000 passwords. However, a rainbow table that stores just the first and last columns (starting and ending points) of 5,000 chains, the same number of 10,000 entries, can crack any number of passwords: 100,000, one million, one billion, or more!

Rainbow tables are specific to the hash function for which they were created, which means, for example, SHA-512 tables can crack only SHA-512 hashes.

Rainbow tables, consisting of many such chains, use a different reduction function for each location for reducing in the table; thus, if there’s a hash collision in two or more chains, the chains won’t merge as long as the collision doesn’t occur in the same location of each chain. While hash functions should be resistant to different inputs producing the same output, reduction functions don’t have that characteristic. Therefore, if the same reduction function turns two different plaintexts into the same hash, the chains will be identical from that point forward, starting with the duplicate hashes, which would translate into a waste of valuable processing time.

In addition to increasing the probability of a correct crack for a given table size (since there will be more unique entries and not duplicate ones), the use of multiple reduction functions almost doubles the speed of lookups.

Imagine a rainbow table that looks like the one shown in Figure 11-8, with three rows and seven columns. As mentioned earlier, only the first and last columns are stored.

Image

FIGURE 11-8 Rainbow table

In reality, rainbow tables can have hundreds or even thousands of rows (number of chains) and columns (length of each chain).

In the database of hashed passwords, we see that the root account in a Linux system or the Administrator account on a Windows system has a hash of abcd. Four-digit hashes are used for illustrative purposes.

First, the last reduction used in the table is computed on the hash, and the result is compared to each entry in the last column of the table, as shown in Figure 11-9. The output “edX” doesn’t appear in any row in the last column.

Image

FIGURE 11-9 The last reduction function

If the test fails, which it did, the hash is put through the last two reduction functions as well as the hash function in between, as shown in Figure 11-10.

Image

FIGURE 11-10 Going back two reduction functions

Here, abcd is reduced, hashed, and reduced. In this case, RIT was produced, and it happens to match the end of the last chain. If it didn’t match, the hash would be inserted before the last three reduction functions and the hash functions in between. That process of going back an additional reduction function (and all the hash functions in between) continues until there are no more reduction functions to go back to. At that point, with the rainbow table being used, the attack has failed.

Since RIT appears at the end of a chain in the table, the test is successful, which implies the password is about to be cracked. To find out what that password is, the next step is to go to the beginning of the relevant chain, the one that produced RIT, as shown in Figure 11-11.

Image

FIGURE 11-11 Going to the first column of the relevant chain

Notice the plaintext string of bob at the beginning of the relevant chain. At this point, a chain is generated with the hash function and reduction functions originally used to produce the chain. At each hash iteration, the current hash is compared with the target hash of abcd, which is guaranteed to be in the chain, since the end of the chain matched after the hash was inserted. Once abcd is found, it’s time to back up. What comes before abcd? Well, that’s the password that was hashed into abcd. Rochester is the password, as shown in Figure 11-12. The hash of abcd was not reversed, it was recomputed!

Image

FIGURE 11-12 Rochester is the password, which was hashed into abcd

Just like kryptonite was used to foil Superman, salt is used to foil an attacker’s rainbow table. Salt is simply a collection of random bits that are entered into the hash function, along with the original plaintext. The password and the salt are concatenated and then hashed, as shown in Figure 11-13, and the output hash will be stored with the salt and username in the password database.

Image

FIGURE 11-13 Hashing with salt

Salts are always stored in plaintext for multiple reasons. First, if the salts were encrypted, we’d have to store a key somewhere. Now you’d have the same problem, protecting that key. Secondly, if the salts were encrypted, that would slow down the authentication process. Finally, the whole point of the salt is to prevent a rainbow table from attacking your passwords, and storing it as plaintext does nothing to weaken its ability to do just that.

Let’s say your password is Rochester, and the stored hash is abcd. In the rainbow table we’ve seen so far (first shown in Figure 11-8), when parsing the rainbow table, abcd leads to, eventually, the password Rochester.

If your password was salted, the stored hash for Rochester and its salt wouldn’t be abcd, since Rochester and the salt would have been concatenated and entered into the hash function as such, instead of just Rochester, and the hash would be different than if salt wasn't used.

Let’s say the hash of Rochester and the salt is efgh. efgh isn’t found in this rainbow table, since this rainbow table was generated without any salt. Therefore, efgh wouldn’t lead to the password Rochester, and an attack with this rainbow table would be unsuccessful.

There are, though, certain important rules regarding salts. First, salts should be unique, not just in a database, but worldwide (by using a unique way of generating them). If a rainbow table is generated with a particular salt, at most, it can attack one single password (that has that particular salt applied). Unique salts also protect commonly used passwords, or those who use the same password on several sites, by making all salted hash instances of the same password different from each other. Second, salts should also be random and unpredictable, so an attacker can’t construct a small number of narrow rainbow tables based on knowing that the salt is based on something like a user ID. Third, salts should be long. Since salts aren’t memorized, they can make the size of the rainbow table required for a successful attack prohibitively large, without imposing any burden on the users. Now when you log in to a system, your password is concatenated with a salt before it’s hashed, as shown in Figure 11-13.

Like before, the hash is compared to the stored hash in the password database. If the two hashes match, the user is authenticated.

Do you think that salt would be good against a precomputed dictionary file? If the file has precomputed hashes without salt, for sure. Now that file is worthless because all those hashes were computed without any salt. What if the file has plaintext entries that will be hashed? Yes, as well. If the salts are different for each user, then the large dictionary file would need all the salts applied to each plaintext before they’re hashed. That could be thousands or millions of salts that would need to be applied to each entry in the dictionary file, making it impractical for the attackers.

However, when an attacker wants to break a single password with a brute force attack or a dictionary attack, salts offer no protection, since they are stored in plaintext, and a user’s unique salt can be added to the dictionary file for each entry with ease. Salt is not meant to prevent a single password from being cracked but, rather, to prevent a rainbow table from being used, and also to prevent a leaked password database from being used in subsequent attacks.

Learning Objectives

In this lab exercise, you’ll attack passwords with a third type of attack. At the end of this lab exercise, you’ll be able to

•   Understand how rainbow tables work

•   Understand how salt foils rainbow tables

•   Perform a rainbow table attack with ophcrack

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

•   The Windows 10 VM you created in Chapter 1

Let’s Do This!

A rainbow table attack is very different from a dictionary attack or a brute force attack, as you’ll see in this lab exercise. Using ophcrack and precomputed rainbow tables, you’re going to crack Windows password hashes extracted with Mimikatz.

Images 1a–1n

Step 1 Download rainbow table files and install them to be used in ophcrack.

a.   Go to https://ophcrack.sourceforge.io/, click the Download menu item at the top, and click the download button for Windows (portable). The download from SourceForge will start automatically.

b.   Extract the ZIP file and install the software.

c.   In the uncompressed folder, open the x86 folder if you’re on a 32-bit machine or the x64 folder if you’re on a 64-bit machine.

d.   Right-click the ophcrack.exe file and launch the program as Administrator.

e.   Back on the ophcrack page, click the Tables menu item.

f.   Read the descriptions next to each of the download buttons.

g.   Download the second and third Vista tables:
Vista free (461MB)
Vista proba free (581MB)

Each table will download from SourceForge automatically.

h.   Extract each ZIP file.

i.   In ophcrack, click the Tables button at the top.

j.   Click Vista Free and then click the Install button at the bottom.

k.   Browse to the extracted tables_vista_free folder and click the Select Folder button.
You should see a green dot next to Vista Free in the Table Selection window in ophcrack.

l.   Click Vista Probabilistic Free and then click the Install button at the bottom.

m.   Browse to the extracted vista_proba_free folder. Inside that folder is another folder called vista_proba_free. Select that second (nested inside) vista_proba_free folder and click the Select Folder button. You should see a green dot next to Vista Free in the Table Selection window in ophcrack.

n.   Click OK.

Back in the main screen, you should see the two tables in the lower pane.

Images 2a–2d

Step 2 Get Windows password hashes with Mimikatz and pass them to ophcrack to crack with a rainbow table attack.

a.   On earlier Microsoft operating systems (before Windows 10) in ophcrack, you were able to click the Load button and then Encrypted SAM. On Windows 10, that doesn’t work anymore. Fear not, as Mimikatz, which was downloaded, installed, and run earlier, is the tool that will once again grab the Windows password hashes. Although, we already have grabbed Windows hashes.

b.   Earlier we put the NT hash, obtained with Mimikatz, into a format that John the Ripper wanted. Now we’ll put the NT hash into a format that ophcrack requires:

<Username>:<User ID>:<LM Hash>:<NT Hash>:::

In reality, the Username and UserID fields could be anything and don’t have to be the actual ones that the hash is associated with.

Open the formattedhashes.txt file from the previous lab exercise, located at
C:Users<your username>Downloadsmimikatz_trunkx64.

If you want to use my two entries from the previous lab exercise, they are:

Beatles:5be2f274f2f80c5d4d0c597f023f4f61::::
StarWars:b7c899154197e8a2a33121d76a240ab5::::

As the entries are currently in the format that John the Ripper is expecting, you have to make some small modifications to put them in the format that ophcrack is expecting. Following the preceding format specification, the entries should now appear as follows:

Beatles:64::5be2f274f2f80c5d4d0c597f023f4f61:::
StarWars:66::b7c899154197e8a2a33121d76a240ab5:::

Save the file as formattedhashes2.txt.

c.   Select Load | PWDUMP File and browse to the formattedhashes2.txt file from the previous step, which is found at C:Users<your username>Downloadsmimikatz_trunkx64. Alternatively, select Load | Single Hash and paste a single hash in. You should see the user accounts and their corresponding hashes in the main pane.

d.   Click the Crack button.

e.   You can watch the progress by expanding Vista free and Vista probabilistic free in the lower pane, and eventually see the cracked passwords in the upper pane, as shown in Figure 11-14.

Image

FIGURE 11-14 ophcrack in action

Lab Analysis

1.   What is a dictionary attack?

Images

2.   What is a brute force attack?

Images

3.   What is a rainbow table attack?

Images

4.   Why should passwords always be stored in hashed format?

Images

Key Term Quiz

Use the terms from the list to complete the sentences that follow.

John the Ripper

Mimikatz

ophcrack

rockyou

SAM

salt

shadow

1.   The use of ____________ nullifies any rainbow table instantly.

2.   Windows hashes are stored in the ____________ file.

3.   The Linux /etc/____________ file contains password hashes.

4.   One of the most renowned wordlists is ____________.txt.

5.   A common hacking tool, used in the wild, is known as ____________.

6.   Dictionary attacks and brute force attacks can be done with a Linux tool known as ____________.

7.   Rainbow table attacks can be done with a Windows tool known as ____________.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
44.222.142.210