1 00:00:00,626 --> 00:00:03,400 Password hashes can be stolen in many ways, 2 00:00:03,600 --> 00:00:07,089 for example via SQL injection attacks on a website 3 00:00:07,090 --> 00:00:10,053 that extracts the hashes from the data base. 4 00:00:10,186 --> 00:00:13,080 A SQL injection attack happens when a website 5 00:00:13,240 --> 00:00:16,693 does not validate the input of the data it receives, 6 00:00:16,786 --> 00:00:17,653 and because of that, 7 00:00:17,654 --> 00:00:19,866 you can send direct queries 8 00:00:19,893 --> 00:00:21,773 to the data base and ask it, 9 00:00:21,813 --> 00:00:22,884 “Would you mind very much 10 00:00:22,885 --> 00:00:24,960 just to give me your password hashes?”, 11 00:00:25,048 --> 00:00:26,576 in the worst case scenario. 12 00:00:26,688 --> 00:00:29,168 And here, what you can see here is a website 13 00:00:29,240 --> 00:00:33,456 that has a collection of hashdumps from compromised websites. 14 00:00:33,696 --> 00:00:37,416 You can see LinkedIn, EHarmony, the dating website. 15 00:00:37,896 --> 00:00:40,048 These are the hashing algorithms they use, 16 00:00:40,408 --> 00:00:43,136 MD5, not very good, should not have used it; 17 00:00:43,488 --> 00:00:45,688 SHA1, also not acceptable. 18 00:00:45,928 --> 00:00:48,448 So you can see, even big sites doing it wrong. 19 00:00:48,936 --> 00:00:50,096 And then you’ve got an analysis here, 20 00:00:50,097 --> 00:00:52,072 so we can check that out. 21 00:00:53,792 --> 00:00:54,920 I’m going to go down here 22 00:00:55,808 --> 00:00:56,808 and you can see here, 23 00:00:56,936 --> 00:00:58,496 based on this analysis, 24 00:00:58,576 --> 00:01:01,099 you feed into your cracking process. 25 00:01:01,100 --> 00:01:01,774 You can see here 26 00:01:01,775 --> 00:01:04,080 there’s a significant amount that uses the word LinkedIn, 27 00:01:04,272 --> 00:01:06,304 so you would feed that into your rules. 28 00:01:07,304 --> 00:01:09,357 And the rest of this sort of information, 29 00:01:09,358 --> 00:01:12,160 like the Length, the Character sets used, 30 00:01:12,360 --> 00:01:14,184 Character set frequency, etc., 31 00:01:14,352 --> 00:01:18,400 that all goes back into your recracking of the hashes. 32 00:01:18,820 --> 00:01:22,320 Hashes can also be extracted from operating systems. 33 00:01:22,640 --> 00:01:25,720 If you have local access to the drive, 34 00:01:25,868 --> 00:01:28,044 you can do that by mounting the hard drive 35 00:01:28,045 --> 00:01:29,316 in another operating system, 36 00:01:29,317 --> 00:01:30,821 or using a live CD, 37 00:01:30,909 --> 00:01:32,596 as long as it can mount the file system. 38 00:01:32,640 --> 00:01:34,545 And here we have the example of Windows. 39 00:01:34,596 --> 00:01:37,163 We’ve got LM hashes, we’ve got NT hash, 40 00:01:37,164 --> 00:01:41,789 NTLM hashes for the passwords of these users here. 41 00:01:42,000 --> 00:01:43,692 And in Windows, these are stored 42 00:01:43,693 --> 00:01:45,929 in something called the Security Account Manager 43 00:01:45,930 --> 00:01:48,340 or SAM, which is essentially just a file. 44 00:01:48,960 --> 00:01:50,010 And those hashes 45 00:01:50,280 --> 00:01:52,520 can be extracted with various tools. 46 00:01:52,820 --> 00:01:55,800 Here’s an example of one, PWDUMP7, 47 00:01:55,850 --> 00:01:57,159 and you can see it here 48 00:01:57,160 --> 00:02:00,310 literally dumping the usernames and hashes, 49 00:02:00,370 --> 00:02:03,229 and the hashes are then put into cracking tools, 50 00:02:03,230 --> 00:02:05,740 which I’m going to show you in a second. 51 00:02:06,380 --> 00:02:10,974 Because offline attacks are not interacting with the cryptosystem, 52 00:02:11,105 --> 00:02:14,432 they can't defend themselves, hashes can't defend themselves, 53 00:02:14,433 --> 00:02:17,268 they’re just a bunch of characters in a file. 54 00:02:17,348 --> 00:02:18,697 So the attack can be many, 55 00:02:18,902 --> 00:02:22,148 many, many times faster than online attacks. 56 00:02:22,308 --> 00:02:23,359 So think about 57 00:02:23,360 --> 00:02:26,928 in the region of one hundred billion guesses per second 58 00:02:26,929 --> 00:02:30,699 or maybe one hundred trillion guesses per second 59 00:02:30,700 --> 00:02:34,029 with super multi GPU crackers 60 00:02:34,030 --> 00:02:35,564 like the one you can see here. 61 00:02:35,626 --> 00:02:37,697 And it’s this speed which enables 62 00:02:38,000 --> 00:02:40,971 brute force hybrid and custom attacks 63 00:02:41,074 --> 00:02:43,040 that we have gone through to work 64 00:02:43,280 --> 00:02:45,645 with moderately complex passwords. 65 00:02:46,308 --> 00:02:50,114 In Kali you’ll see that there are actually lots of cracking tools. 66 00:02:50,628 --> 00:02:52,731 We go down to here, Password Attacks; 67 00:02:52,994 --> 00:02:55,051 got Hashcat, John the Ripper, 68 00:02:55,428 --> 00:02:58,674 Ophcrack, there’s wordlists or dictionaries there, 69 00:02:59,028 --> 00:03:00,994 and there’s other tools beside these as well. 70 00:03:01,165 --> 00:03:03,142 Let me introduce you to Hashcat. 71 00:03:03,737 --> 00:03:06,193 So we need some hashes in order to crack first, 72 00:03:06,194 --> 00:03:08,726 so I’ve downloaded some public hashes 73 00:03:08,980 --> 00:03:11,239 from one of the old crack sites 74 00:03:11,240 --> 00:03:12,835 that I’ve just chosen at random. 75 00:03:13,048 --> 00:03:14,989 And this is the file here, hashes.txt, 76 00:03:14,990 --> 00:03:16,788 so I will just (00:03:15 – inaudible) that so you can see it. 77 00:03:16,812 --> 00:03:17,812 So there you go, 78 00:03:17,889 --> 00:03:20,290 you can see all of the hashes there. 79 00:03:20,480 --> 00:03:21,520 Stop that for a minute. 80 00:03:22,070 --> 00:03:23,380 So we’re going to crack these 81 00:03:23,520 --> 00:03:25,603 and work out what the password is 82 00:03:25,604 --> 00:03:27,013 for each of these hashes. 83 00:03:27,613 --> 00:03:28,889 Sometimes you won't know 84 00:03:28,890 --> 00:03:31,184 what sort of hash or key derivation, 85 00:03:31,344 --> 00:03:33,349 combination that you have, 86 00:03:33,350 --> 00:03:35,963 so you can try using hashid with a hash 87 00:03:36,356 --> 00:03:38,450 and see what sort of results you get. 88 00:03:39,390 --> 00:03:40,550 And we can see here 89 00:03:41,070 --> 00:03:44,740 that this is possibly a number of different hashes, 90 00:03:44,970 --> 00:03:47,740 but I actually know that this is MD5. 91 00:03:48,330 --> 00:03:51,240 We’re going to use a wordlist or dictionary attack 92 00:03:51,360 --> 00:03:53,029 as part of a kind of hybrid attack, 93 00:03:53,030 --> 00:03:54,409 so here’s our dictionary, 94 00:03:54,410 --> 00:03:55,570 this is what this looks like. 95 00:03:58,140 --> 00:04:01,450 See, lots of common words that people use for passwords, 96 00:04:01,550 --> 00:04:03,300 you can see, it’s not actually that big. 97 00:04:03,840 --> 00:04:04,750 And here’s a command, 98 00:04:04,751 --> 00:04:06,829 we’re going to use “hashcat” with “-m” 99 00:04:06,830 --> 00:04:08,770 is to tell it that it’s MD5. 100 00:04:09,160 --> 00:04:11,760 Those are the hashes, that's the wordlist, 101 00:04:11,950 --> 00:04:14,360 and that’s just simply the output file. 102 00:04:15,290 --> 00:04:17,110 Let's give it a go, see what we get. 103 00:04:20,530 --> 00:04:23,019 So the wordlist has successfully cracked 104 00:04:23,020 --> 00:04:27,549 22,000 out of five hundred odd thousand hashes, 105 00:04:27,550 --> 00:04:28,928 that’s about 4%, 106 00:04:28,992 --> 00:04:31,199 and that was literally in a few seconds 107 00:04:31,200 --> 00:04:32,800 with a dictionary attack. 108 00:04:33,464 --> 00:04:34,344 And here we are, 109 00:04:34,345 --> 00:04:37,040 same command, but with “-a 1”, 110 00:04:37,208 --> 00:04:40,808 1 for Hashcat is a combination attack. 111 00:04:42,912 --> 00:04:44,496 Press "S” for status, 112 00:04:46,144 --> 00:04:52,888 we can see it there cracking more files. 113 00:04:55,822 --> 00:04:56,822 So click there. 114 00:04:56,955 --> 00:04:58,222 Remember this file here, 115 00:04:58,622 --> 00:05:01,133 this is how we can potentially add rules, 116 00:05:01,266 --> 00:05:04,177 so we can take our dictionary without input words 117 00:05:04,377 --> 00:05:06,666 and then change them to other words. 118 00:05:06,733 --> 00:05:09,644 So here, this would do nothing, if we had that as a rule, 119 00:05:10,022 --> 00:05:13,377 that’d be lowercase; we can append characters, 120 00:05:13,533 --> 00:05:17,377 we can duplicate the word; password, password. 121 00:05:18,044 --> 00:05:19,844 So I’ve got a rules file here, 122 00:05:20,245 --> 00:05:21,160 so I’ve just added these, 123 00:05:21,161 --> 00:05:23,577 so we’ve got some appending of characters at the end, 124 00:05:23,731 --> 00:05:25,600 we’ve got "f” a duplicate word reverse, 125 00:05:25,714 --> 00:05:27,354 and “;” for “do nothing”. 126 00:05:27,502 --> 00:05:28,588 So let's save that, 127 00:05:29,468 --> 00:05:31,432 and we append to the end here, 128 00:05:31,512 --> 00:05:32,752 our “- - rules”, 129 00:05:32,848 --> 00:05:34,368 and then our rules file. 130 00:05:34,944 --> 00:05:35,944 Let's give that a go. 131 00:05:39,600 --> 00:05:40,237 And you can see, 132 00:05:40,238 --> 00:05:42,086 in literally just a few seconds, 133 00:05:42,200 --> 00:05:45,476 went from 22,000 to 23,000. 134 00:05:45,778 --> 00:05:47,206 So that gives you a flavor 135 00:05:47,323 --> 00:05:49,784 of the sort of process that you go through 136 00:05:49,938 --> 00:05:51,987 when you’re doing password cracking. 137 00:05:52,215 --> 00:05:54,080 And because these were MD5, 138 00:05:54,150 --> 00:05:56,486 these are much, much faster to crack, 139 00:05:56,550 --> 00:05:57,893 and they would be if they’d use 140 00:05:57,894 --> 00:05:59,720 a key stretching function. 141 00:06:00,560 --> 00:06:03,933 You can even try decrypting online, 142 00:06:04,013 --> 00:06:05,233 and there are a number of sites 143 00:06:05,234 --> 00:06:06,726 that can enable you to do that. 144 00:06:06,833 --> 00:06:07,653 Check out this link, 145 00:06:07,654 --> 00:06:10,086 it provides a bunch of sites who enable you to do that. 146 00:06:10,408 --> 00:06:12,755 The big one is actually crackstation.net. 147 00:06:13,120 --> 00:06:15,722 An online cracking is actually very viable 148 00:06:15,723 --> 00:06:17,812 because it’s fast and easy to hire 149 00:06:17,813 --> 00:06:19,066 for short periods of time, 150 00:06:19,413 --> 00:06:21,377 massively powerful servers. 151 00:06:21,431 --> 00:06:24,669 For example, with AWS Amazon you can rent 152 00:06:24,670 --> 00:06:28,346 these for short periods of time to crack passwords, 153 00:06:28,551 --> 00:06:30,302 which is what people do. 154 00:06:30,613 --> 00:06:32,640 It’s a time cost exercise. 155 00:06:32,933 --> 00:06:36,933 But if the right hash key derivation function, 156 00:06:37,048 --> 00:06:39,644 key length and password is being chosen, 157 00:06:39,706 --> 00:06:43,484 then it’s unlikely to be cracked even with all the power. 158 00:06:43,875 --> 00:06:46,435 But sometimes you don't always have to crack the hash. 159 00:06:46,595 --> 00:06:49,793 You can capture it and relay it in a relay attack. 160 00:06:49,794 --> 00:06:52,328 If you’re a man in the middle, instead of cracking it, 161 00:06:52,480 --> 00:06:54,231 you just forward it on, 162 00:06:54,384 --> 00:06:55,650 after you have captured it, 163 00:06:55,710 --> 00:06:58,220 enabling your access to the destination. 164 00:06:58,420 --> 00:07:02,200 Famously, Windows LM or NTLM hashes 165 00:07:02,300 --> 00:07:05,150 can be relayed due to an authentication flaw, 166 00:07:05,270 --> 00:07:08,560 which can be done with Metasploit in Kali.