Page 77 - Electronic Mechanic - TP - Volume - 2
P. 77

ELECTRONICS MECHANIC - CITS



           EXERCISE 135: Demonstrate                             process             of      password

                                      cracking


            Objectives

           At the end of this exercise you shall be able to
           •  to demonstrate process of password cracking.

           Requirements

           Tools/Materials

           •  Cain and Abel                                    •  John the Ripper
           •  Ophcrack                                         •  Slurpie

            Procedure

           What is password cracking?

           Password cracking is the process of using an application program to identify an unknown or forgotten password
           to a computer or network resource. It can also be used to help a threat actor obtain unauthorized access to
           resources.

           With the information malicious actors gain using password cracking, they can undertake a range of criminal
           activities. Those include stealing banking credentials or using the information for identity theft and fraud.
           A password cracker recovers passwords using various techniques. The process can involve comparing a list of
           words to guess passwords or the use of an algorithm to repeatedly guess the password.
           How do you create a strong password?
           Password crackers can decipher passwords in a matter of days or hours, depending on how weak or strong the
           password is. To make a password stronger and more difficult to uncover, a plaintext password should adhere to
           the following rules:

           Be at least 12 characters long. The shorter a password is, the easier and faster it will be cracked.
           Take  advantage of password creation tools and managers.  Some smartphones  will  automatically  create
           long, hard-to-guess passwords. For example, Apple iPhones will create strong website passwords for users. An
           iPhone stores the passwords in its password manager, iCloud Keychain and automatically fills the password into
           the correct field so the user doesn’t have to remember the complicated password.
           What does a password cracking attack look like?

           1  The general process a password cracker follows involves these four steps:
           2  Steal a password via some nefarious means. That password has likely been encrypted before being stored
              using a hash Hashes are mathematical functions that change arbitrary-length inputs into an encrypted fixed-
              length output.
           3  Choose a cracking methodology, such as a brute-force or dictionary attack, and select a cracking tool.
           4  Prepare the password hashes for the cracking program. This is done by providing an input to the hash function
              to create a hash that can be authenticated.
           5  Run the cracking tool.
           6  A password cracker may also be able to identify encrypted passwords. After retrieving the password from the
              computer’s memory, the program may be able to decrypt it. Or, by using the same algorithm as the system
              program, the password cracker creates an encrypted version of the password that matches the original.
           What are password cracking techniques?

           1  Brute force. This attack runs through combinations of characters of a predetermined length until it finds the
              combination that matches the password.


                                                           60
   72   73   74   75   76   77   78   79   80   81   82