SlideShare ist ein Scribd-Unternehmen logo

Password Cracking and preventing

Als PPTX, PDF herunterladen
R
rahulaitian

for password cracking.....

1 von 32
RAINBOW TABLES LM & NTLM HASHES By:- Rahul Sharma TE COMPUTERS T3224245
How Windows Store Passwords?? ,[object Object]
Old technology used on LAN Manager
NT hashes
Unicode password or MD4 hash
Used for authentication on more recent Windows systems,[object Object]
LM “Hash” Generation
how to create the hash
LM hashes
Overview
Proof that case doesn’t matter Password = E52CAC67419A9A22 4A3B108F3FA6CB6D PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D Password1 = E52CAC67419A9A22 38F10713B629B565
NTLM HASHES Uses MD4 algorithm to create a hash of the mixed-case password Results in a 16 byte hash of the password (stored in the SAM…) Used for any password greater than 14 characters
NTLM HASH
Proof that case DOES matter Password = F15ABD57801840F3 348DDCCAFB677F6A PaSSwORd = 17504CE07C0A0D4A 1BD3A99A0821F957 Password1 = F9A3152D926F9FF8 98D0BAFBA0BFFD30
NTLM Hash Considerations Case preserving Maximum length = 127 characters Better Security than LM Hashes Number of ≤14-character password (full char set) ≈ 2.7*1067 Number of 127-character passwords ≈ 4.9*10611
ATTACKS ON PASSWORDS….
[object Object]
Types of Brute Force attacks: Online B.F. Offline B.F. ,[object Object],limit number of login attempts
Reduce Hash Hash Reduce Reduce
Algorithm followed:-
Hash Reduce Reduce Hash Reduce Hash Reduce Hash
IS THIS EFFECTIVE???
How to prevent rainbow tables from cracking passwords??
What is SALT?? Special text or code. It does password strengthening SOME FACTS:- ,[object Object]
This makes it possible to speed up password cracking with precomputed Rainbow Tables
LINUX uses SALT….,[object Object]

Empfohlen

Example of Company background
Example of Company backgroundExample of Company background
Example of Company backgroundfazzuan
 
E forensic series
E forensic seriesE forensic series
E forensic seriesKapp Edge Solutions Pvt Ltd
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHPAnthony Ferrara
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaAnthony Ferrara
 
Iam r31 a (2)
Iam r31 a (2)Iam r31 a (2)
Iam r31 a (2)SelectedPresentations
 
SAP hands on lab_en
SAP hands on lab_enSAP hands on lab_en
SAP hands on lab_enPositive Hack Days
 

Empfohlen

Example of Company background
Example of Company backgroundExample of Company background
Example of Company backgroundfazzuan
 
E forensic series
E forensic seriesE forensic series
E forensic seriesKapp Edge Solutions Pvt Ltd
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHPAnthony Ferrara
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaAnthony Ferrara
 
Iam r31 a (2)
Iam r31 a (2)Iam r31 a (2)
Iam r31 a (2)SelectedPresentations
 
SAP hands on lab_en
SAP hands on lab_enSAP hands on lab_en
SAP hands on lab_enPositive Hack Days
 
Stu r33 b (2)
Stu r33 b (2)Stu r33 b (2)
Stu r33 b (2)SelectedPresentations
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Crackingn|u - The Open Security Community
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区yiditushe
 
Fotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging CommunityFotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging Communityfarhan "Frank"​ mashraqi
 
Kiwipycon command line
Kiwipycon command lineKiwipycon command line
Kiwipycon command lineMichael Hudson-Doyle
 
Ophcrack
OphcrackOphcrack
OphcrackPakistan engineering university
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Modern Application Stacks
Modern Application StacksModern Application Stacks
Modern Application Stackschartjes
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
HackIM 2012 CTF Walkthrough
HackIM 2012 CTF WalkthroughHackIM 2012 CTF Walkthrough
HackIM 2012 CTF WalkthroughHimanshu Kumar Das
 
Web Crypto
Web CryptoWeb Crypto
Web Cryptokarlvr
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easyArcBlock
 
Code is art
Code is artCode is art
Code is artWorthingDigital
 

Weitere ähnliche Inhalte

Ähnlich wie Password Cracking and preventing

How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区yiditushe
 
Fotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging CommunityFotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging Communityfarhan "Frank"​ mashraqi
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Modern Application Stacks
Modern Application StacksModern Application Stacks
Modern Application Stackschartjes
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Web Crypto
Web CryptoWeb Crypto
Web Cryptokarlvr
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easyArcBlock
 

Ähnlich wie Password Cracking and preventing (20)

Stu r33 b (2)
Stu r33 b (2)Stu r33 b (2)
Stu r33 b (2)
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Cracking
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password Security
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区扩展世界上最大的图片Blog社区
扩展世界上最大的图片Blog社区
 
Fotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging CommunityFotolog: Scaling the World's Largest Photo Blogging Community
Fotolog: Scaling the World's Largest Photo Blogging Community
 
Kiwipycon command line
Kiwipycon command lineKiwipycon command line
Kiwipycon command line
 
Ophcrack
OphcrackOphcrack
Ophcrack
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
Modern Application Stacks
Modern Application StacksModern Application Stacks
Modern Application Stacks
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Password hacking
Password hackingPassword hacking
Password hacking
 
HackIM 2012 CTF Walkthrough
HackIM 2012 CTF WalkthroughHackIM 2012 CTF Walkthrough
HackIM 2012 CTF Walkthrough
 
Web Crypto
Web CryptoWeb Crypto
Web Crypto
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easy
 
Code is art
Code is artCode is art
Code is art
 

Password Cracking and preventing