Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,869 --> 00:00:07,689 password attacks passwords are the most 2 00:00:04,930 --> 00:00:11,530 basic form of user account and service 3 00:00:07,689 --> 00:00:14,200 authentication by extension the goal of 4 00:00:11,530 --> 00:00:16,810 a password attack is to discover and use 5 00:00:14,200 --> 00:00:20,200 valid credentials in order to gain 6 00:00:16,810 --> 00:00:22,510 access to a user account or service in 7 00:00:20,200 --> 00:00:25,810 general terms there are a few approaches 8 00:00:22,510 --> 00:00:27,940 to password attacks we can either make 9 00:00:25,810 --> 00:00:30,310 attempts at guessing a password through 10 00:00:27,940 --> 00:00:33,370 a dictionary attack using various word 11 00:00:30,310 --> 00:00:36,090 lists or we can brute-force every 12 00:00:33,370 --> 00:00:39,190 possible character in a password in 13 00:00:36,090 --> 00:00:42,040 general a dictionary attack prioritizes 14 00:00:39,190 --> 00:00:45,220 speed offering less password coverage 15 00:00:42,040 --> 00:00:49,030 while brute-force prioritizes password 16 00:00:45,220 --> 00:00:50,440 coverage at the expense of speed both 17 00:00:49,030 --> 00:00:52,600 techniques can be used effectively 18 00:00:50,440 --> 00:00:56,260 during an engagement depending on our 19 00:00:52,600 --> 00:00:58,870 priorities and time requirements in some 20 00:00:56,260 --> 00:01:01,210 cases once we gain usually privileged 21 00:00:58,870 --> 00:01:04,000 access to a target and were able to 22 00:01:01,210 --> 00:01:07,240 extract password hashes we can leverage 23 00:01:04,000 --> 00:01:09,880 password cracking attacks that seek to 24 00:01:07,240 --> 00:01:13,840 gain access to the clear text password 25 00:01:09,880 --> 00:01:15,700 or pass the hash attacks which allow us 26 00:01:13,840 --> 00:01:19,060 to authenticate to a windows-based 27 00:01:15,700 --> 00:01:21,880 target using only a username and the 28 00:01:19,060 --> 00:01:24,100 hash in this module we'll discuss each 29 00:01:21,880 --> 00:01:26,590 of these concepts and techniques in more 30 00:01:24,100 --> 00:01:31,140 detail and demonstrate how they can be 31 00:01:26,590 --> 00:01:31,140 leveraged in various attack scenarios 32 00:01:31,510 --> 00:01:39,520 word lists word lists sometimes referred 33 00:01:36,130 --> 00:01:42,460 to as dictionary files are simply text 34 00:01:39,520 --> 00:01:46,290 files containing words for use as input 35 00:01:42,460 --> 00:01:48,850 to programs designed to test passwords 36 00:01:46,290 --> 00:01:50,710 precision is generally more important 37 00:01:48,850 --> 00:01:53,470 than coverage when considering a 38 00:01:50,710 --> 00:01:56,290 dictionary attack meaning it's more 39 00:01:53,470 --> 00:01:59,050 important to create a lean word list of 40 00:01:56,290 --> 00:02:03,010 relevant passwords than it is to create 41 00:01:59,050 --> 00:02:05,080 an enormous generic word list because of 42 00:02:03,010 --> 00:02:08,320 this many word lists are based on a 43 00:02:05,080 --> 00:02:11,280 common theme such as popular culture 44 00:02:08,320 --> 00:02:15,100 references specific industries or 45 00:02:11,280 --> 00:02:17,290 geographic regions Kali Linux includes a 46 00:02:15,100 --> 00:02:20,980 number of these dictionary files in the 47 00:02:17,290 --> 00:02:24,880 user share word lists directory and many 48 00:02:20,980 --> 00:02:27,310 more are hosted online when conducting a 49 00:02:24,880 --> 00:02:30,700 password attack it may be tempting to 50 00:02:27,310 --> 00:02:32,710 simply use these pre-built lists however 51 00:02:30,700 --> 00:02:34,900 we can be much more effective in our 52 00:02:32,710 --> 00:02:38,220 approach if we take the time to 53 00:02:34,900 --> 00:02:41,200 carefully build our own custom lists in 54 00:02:38,220 --> 00:02:43,360 this section we'll examine tools and 55 00:02:41,200 --> 00:02:45,840 approaches to create effective word 56 00:02:43,360 --> 00:02:49,709 lists 57 00:02:45,840 --> 00:02:51,480 standard word lists we can increase the 58 00:02:49,709 --> 00:02:54,420 effectiveness of our word lists by 59 00:02:51,480 --> 00:02:57,900 adding words and phrases specific to our 60 00:02:54,420 --> 00:03:00,959 target organization for example consider 61 00:02:57,900 --> 00:03:04,830 mega Corp 1 a company that deals with 62 00:03:00,959 --> 00:03:07,010 nanotechnology the company website lists 63 00:03:04,830 --> 00:03:10,890 various products that the company sells 64 00:03:07,010 --> 00:03:13,170 including the nano bot in a hypothetical 65 00:03:10,890 --> 00:03:17,989 assessment we were able to identify a 66 00:03:13,170 --> 00:03:20,579 low-level password of nano bot 93 67 00:03:17,989 --> 00:03:23,099 assuming this might be a common password 68 00:03:20,579 --> 00:03:25,470 format for this company we would like to 69 00:03:23,099 --> 00:03:27,329 create a custom word list that 70 00:03:25,470 --> 00:03:29,790 identifies other passwords with a 71 00:03:27,329 --> 00:03:32,780 similar pattern perhaps using other 72 00:03:29,790 --> 00:03:32,780 product names 73 00:03:34,610 --> 00:03:39,740 we could browse the website and manually 74 00:03:37,520 --> 00:03:42,680 add commonly used terms and product 75 00:03:39,740 --> 00:03:45,320 names to our custom word list or we 76 00:03:42,680 --> 00:03:48,700 could use a tool like cool to do the 77 00:03:45,320 --> 00:03:48,700 heavy lifting for us 78 00:03:50,110 --> 00:03:55,540 according to the help output cool can be 79 00:03:52,930 --> 00:04:00,690 configured by specifying several options 80 00:03:55,540 --> 00:04:00,690 but will focus on a few key arguments 81 00:04:02,000 --> 00:04:08,930 for example this command will scrape the 82 00:04:05,300 --> 00:04:12,680 make a Corp one website locate words 83 00:04:08,930 --> 00:04:16,750 with a minimum of 6 characters and write 84 00:04:12,680 --> 00:04:16,750 the word list to a custom file 85 00:04:21,459 --> 00:04:27,190 our grep output shows that cool located 86 00:04:24,520 --> 00:04:29,800 the name of several products including 87 00:04:27,190 --> 00:04:31,960 the nano bot we should consider the 88 00:04:29,800 --> 00:04:34,840 possibility that other product names may 89 00:04:31,960 --> 00:04:38,350 be used in passwords as well 90 00:04:34,840 --> 00:04:41,110 however these words by themselves would 91 00:04:38,350 --> 00:04:43,300 serve as extremely weak passwords and 92 00:04:41,110 --> 00:04:46,150 would not meet typical password 93 00:04:43,300 --> 00:04:48,400 enforcement rules these types of rules 94 00:04:46,150 --> 00:04:51,639 generally require the use of upper and 95 00:04:48,400 --> 00:04:55,720 lowercase characters the use of numbers 96 00:04:51,639 --> 00:04:58,419 and perhaps special characters based on 97 00:04:55,720 --> 00:05:00,940 the nanobot 93 password we've discovered 98 00:04:58,419 --> 00:05:04,419 we could surmise that the password 99 00:05:00,940 --> 00:05:06,580 enforcement for mega Corp 1 requires at 100 00:05:04,419 --> 00:05:09,760 least the use of two numbers in the 101 00:05:06,580 --> 00:05:12,310 password and may further dictate however 102 00:05:09,760 --> 00:05:15,340 unlikely that the numbers must be used 103 00:05:12,310 --> 00:05:17,290 at the end of the password for the sake 104 00:05:15,340 --> 00:05:20,350 of this simple demonstration we'll 105 00:05:17,290 --> 00:05:22,690 assume that mega Corp 1 policy dictates 106 00:05:20,350 --> 00:05:25,660 that a password end in a two digit 107 00:05:22,690 --> 00:05:26,650 number to create passwords that meet 108 00:05:25,660 --> 00:05:29,620 this requirement 109 00:05:26,650 --> 00:05:31,630 we could write a bash script but instead 110 00:05:29,620 --> 00:05:34,780 we'll use a much more powerful tool 111 00:05:31,630 --> 00:05:37,600 called John the Ripper John the Ripper 112 00:05:34,780 --> 00:05:39,850 is a fast password cracker with several 113 00:05:37,600 --> 00:05:42,310 features including the ability to 114 00:05:39,850 --> 00:05:45,520 generate custom word lists and apply 115 00:05:42,310 --> 00:05:47,260 rule permutations moving forward with 116 00:05:45,520 --> 00:05:49,750 our assumption about the password policy 117 00:05:47,260 --> 00:05:52,750 we'll add a rule to the John the Ripper 118 00:05:49,750 --> 00:05:55,810 configuration file that will mutate our 119 00:05:52,750 --> 00:05:58,410 word list appending two digits to each 120 00:05:55,810 --> 00:05:58,410 password 121 00:06:00,199 --> 00:06:06,229 to do this we must locate the word list 122 00:06:03,169 --> 00:06:10,810 segment where word list mutation rules 123 00:06:06,229 --> 00:06:10,810 are defined and append a new rule 124 00:06:12,150 --> 00:06:16,919 in this example we'll append the 125 00:06:14,430 --> 00:06:21,360 two-digit sequence of numbers from 126 00:06:16,919 --> 00:06:23,930 double zero to 99 after each word in our 127 00:06:21,360 --> 00:06:23,930 word list 128 00:06:27,310 --> 00:06:32,080 we'll begin this rule with the dollar 129 00:06:29,350 --> 00:06:34,750 sign character which tells John to 130 00:06:32,080 --> 00:06:38,410 append a character to the original word 131 00:06:34,750 --> 00:06:40,990 from our word list next we specify the 132 00:06:38,410 --> 00:06:44,410 type of character we want to append in 133 00:06:40,990 --> 00:06:49,180 our case we want any number between 0 134 00:06:44,410 --> 00:06:53,130 and 9 finally to append double digits 135 00:06:49,180 --> 00:06:55,900 we'll simply repeat the 0 to 9 sequence 136 00:06:53,130 --> 00:06:58,840 now that the rule has been added to the 137 00:06:55,900 --> 00:07:02,590 configuration file we can mutate our 138 00:06:58,840 --> 00:07:05,250 word list which currently contains 312 139 00:07:02,590 --> 00:07:05,250 entries 140 00:07:09,010 --> 00:07:15,700 to do this will invoke John and specify 141 00:07:12,340 --> 00:07:19,210 the dictionary file activate the rules 142 00:07:15,700 --> 00:07:23,170 in the configuration file output the 143 00:07:19,210 --> 00:07:26,350 results to standard output and redirect 144 00:07:23,170 --> 00:07:28,850 that output to a file called mutated dot 145 00:07:26,350 --> 00:07:32,840 text 146 00:07:28,850 --> 00:07:35,030 the resulting file contains over 46,000 147 00:07:32,840 --> 00:07:39,250 password entries due to the multiple 148 00:07:35,030 --> 00:07:39,250 mutations performed on the passwords 149 00:07:40,680 --> 00:07:46,380 one of the passwords is nanobot 93 which 150 00:07:44,520 --> 00:07:48,919 matches the password we discovered 151 00:07:46,380 --> 00:07:51,449 earlier in our hypothetical assessment 152 00:07:48,919 --> 00:07:54,509 given the assumptions about mega Corp 153 00:07:51,449 --> 00:07:58,610 one password policy this word list could 154 00:07:54,509 --> 00:07:58,610 produce results in a dictionary attack 155 00:07:59,889 --> 00:08:03,849 although this demonstration is 156 00:08:01,349 --> 00:08:07,090 oversimplified it serves as a good 157 00:08:03,849 --> 00:08:09,669 example for how password profiling can 158 00:08:07,090 --> 00:08:12,870 be beneficial to the overall success of 159 00:08:09,669 --> 00:08:12,870 our password attacks 160 00:08:14,879 --> 00:08:21,849 brute-force word lists in contrast to a 161 00:08:19,360 --> 00:08:25,330 dictionary attack a brute force password 162 00:08:21,849 --> 00:08:27,849 attack calculates and tests every 163 00:08:25,330 --> 00:08:29,919 possible character combination that 164 00:08:27,849 --> 00:08:32,740 could make up a password until the 165 00:08:29,919 --> 00:08:34,690 correct one is found while this may 166 00:08:32,740 --> 00:08:37,390 sound like a simple approach that 167 00:08:34,690 --> 00:08:40,570 guarantees results it is extremely 168 00:08:37,390 --> 00:08:42,969 time-consuming depending on the length 169 00:08:40,570 --> 00:08:45,250 and complexity of the password and the 170 00:08:42,969 --> 00:08:48,370 computational power of the testing 171 00:08:45,250 --> 00:08:51,399 system it can take a very long time 172 00:08:48,370 --> 00:08:52,149 even years to brute-force a strong 173 00:08:51,399 --> 00:08:54,910 password 174 00:08:52,149 --> 00:08:57,360 we could even combine these two concepts 175 00:08:54,910 --> 00:09:00,010 and create brute-force word lists 176 00:08:57,360 --> 00:09:02,470 dictionary files that contain every 177 00:09:00,010 --> 00:09:06,370 possible password that matches a 178 00:09:02,470 --> 00:09:08,579 specific pattern for example consider a 179 00:09:06,370 --> 00:09:12,990 scenario that reveals a very specific 180 00:09:08,579 --> 00:09:12,990 password enforcement policy 181 00:09:13,740 --> 00:09:17,880 looking at the passwords we notice a 182 00:09:15,930 --> 00:09:19,900 distinct pattern in the password 183 00:09:17,880 --> 00:09:22,090 structure 184 00:09:19,900 --> 00:09:25,690 each password begins with a capital 185 00:09:22,090 --> 00:09:29,230 letter followed by two lowercase letters 186 00:09:25,690 --> 00:09:32,310 than two special characters and finally 187 00:09:29,230 --> 00:09:32,310 three digits 188 00:09:32,780 --> 00:09:36,890 armed with this knowledge it would be 189 00:09:34,550 --> 00:09:39,470 incredibly helpful to create a word list 190 00:09:36,890 --> 00:09:42,560 that contains every possible password 191 00:09:39,470 --> 00:09:45,050 that matches this pattern crunch 192 00:09:42,560 --> 00:09:47,300 included with Kali Linux is a powerful 193 00:09:45,050 --> 00:09:50,330 word list generator that can handle this 194 00:09:47,300 --> 00:09:53,670 task to use it we must first describe 195 00:09:50,330 --> 00:09:56,100 the pattern we need crunch to replicate 196 00:09:53,670 --> 00:10:00,740 and for this we'll use placeholders that 197 00:09:56,100 --> 00:10:00,740 represent specific types of characters 198 00:10:01,170 --> 00:10:06,239 to generate a word list that matches our 199 00:10:03,389 --> 00:10:08,850 requirements we'll specify a minimum and 200 00:10:06,239 --> 00:10:15,230 maximum word length of eight characters 201 00:10:08,850 --> 00:10:15,230 and describe our rule pattern with - t 202 00:10:15,660 --> 00:10:21,860 the command works as expected but as 203 00:10:18,330 --> 00:10:24,470 noted the output would consume a massive 204 00:10:21,860 --> 00:10:26,790 160 gigabytes of disk space 205 00:10:24,470 --> 00:10:29,610 remember that brute force techniques 206 00:10:26,790 --> 00:10:32,880 prioritize password coverage at the 207 00:10:29,610 --> 00:10:37,110 expense of speed and in this case disk 208 00:10:32,880 --> 00:10:40,470 space we can also define a character set 209 00:10:37,110 --> 00:10:42,780 with crunch for example we can create a 210 00:10:40,470 --> 00:10:45,210 brute force word list accounting for 211 00:10:42,780 --> 00:10:48,780 passwords between four and six 212 00:10:45,210 --> 00:10:51,390 characters in length containing only the 213 00:10:48,780 --> 00:10:55,050 characters zero through nine and a 214 00:10:51,390 --> 00:10:57,680 through F and we'll write the output to 215 00:10:55,050 --> 00:10:57,680 a file 216 00:10:59,520 --> 00:11:04,740 notice that the file output size is 217 00:11:02,160 --> 00:11:06,930 significantly smaller than the previous 218 00:11:04,740 --> 00:11:09,450 example primarily due to the shorter 219 00:11:06,930 --> 00:11:12,260 password length as well as the limited 220 00:11:09,450 --> 00:11:12,260 character set 221 00:11:12,290 --> 00:11:17,479 however the word list file itself is 222 00:11:14,600 --> 00:11:20,019 impressive containing over 17 million 223 00:11:17,479 --> 00:11:20,019 passwords 224 00:11:21,200 --> 00:11:28,089 in addition we can generate passwords 225 00:11:23,540 --> 00:11:28,089 based on predefined character sets 226 00:11:28,600 --> 00:11:34,930 for example we can specify the path to 227 00:11:31,780 --> 00:11:38,020 the character set file with - F and 228 00:11:34,930 --> 00:11:43,170 choose the mixed alpha set which 229 00:11:38,020 --> 00:11:43,170 includes all lower and uppercase letters 230 00:11:43,939 --> 00:11:48,889 although this particular command 231 00:11:45,319 --> 00:11:49,729 generates an enormous 131 gigabyte word 232 00:11:48,889 --> 00:11:52,309 list file 233 00:11:49,729 --> 00:11:56,269 it offers rather impressive password 234 00:11:52,309 --> 00:11:58,849 coverage spend time with jtr and crunch 235 00:11:56,269 --> 00:12:01,479 and think of how each one can be used 236 00:11:58,849 --> 00:12:01,479 most effectively 237 00:12:02,350 --> 00:12:06,970 as we'll discover in the next section we 238 00:12:04,570 --> 00:12:10,150 need to avoid the temptation to rely on 239 00:12:06,970 --> 00:12:12,430 massive and generic word lists as they 240 00:12:10,150 --> 00:12:15,900 can have adverse effects on our clients 241 00:12:12,430 --> 00:12:15,900 production environment 242 00:12:17,020 --> 00:12:22,050 common Network service attack methods 243 00:12:22,430 --> 00:12:26,960 now that we understand how to create 244 00:12:24,770 --> 00:12:29,600 effective word lists for various 245 00:12:26,960 --> 00:12:31,790 situations we can discuss how they can 246 00:12:29,600 --> 00:12:34,640 be used for password attacks against 247 00:12:31,790 --> 00:12:36,950 common network services bear in mind 248 00:12:34,640 --> 00:12:39,670 that password attacks against network 249 00:12:36,950 --> 00:12:43,520 services are noisy and in some cases 250 00:12:39,670 --> 00:12:46,070 dangerous multiple failed login attempts 251 00:12:43,520 --> 00:12:49,070 will usually generate logs and warnings 252 00:12:46,070 --> 00:12:51,410 on the target system and may even lock 253 00:12:49,070 --> 00:12:54,620 out accounts after a predefined number 254 00:12:51,410 --> 00:12:56,870 of failed login attempts keep this in 255 00:12:54,620 --> 00:12:59,690 mind before blindly running a network 256 00:12:56,870 --> 00:13:01,790 based brute-force attack once we've 257 00:12:59,690 --> 00:13:04,280 weighed the risks and considered the 258 00:13:01,790 --> 00:13:06,200 well-being of the target network we can 259 00:13:04,280 --> 00:13:08,740 take several steps to improve the 260 00:13:06,200 --> 00:13:11,600 efficiency of our password tests 261 00:13:08,740 --> 00:13:13,970 depending on the protocol and password 262 00:13:11,600 --> 00:13:16,340 cracking tool we can increase the number 263 00:13:13,970 --> 00:13:19,270 of login threads to boost the speed of 264 00:13:16,340 --> 00:13:21,740 an attack however in some cases 265 00:13:19,270 --> 00:13:24,200 increasing the number of threads may not 266 00:13:21,740 --> 00:13:26,570 be possible due to protocol restrictions 267 00:13:24,200 --> 00:13:30,320 and our optimisation attempt could 268 00:13:26,570 --> 00:13:32,030 instead slow down the process on top of 269 00:13:30,320 --> 00:13:35,300 this it's worth noting that the 270 00:13:32,030 --> 00:13:38,150 authentication negotiation process for 271 00:13:35,300 --> 00:13:42,440 protocols such as RDP are more 272 00:13:38,150 --> 00:13:44,540 time-consuming than say HTTP the hidden 273 00:13:42,440 --> 00:13:47,150 art behind network service password 274 00:13:44,540 --> 00:13:50,270 attacks is choosing appropriate targets 275 00:13:47,150 --> 00:13:53,570 user lists and password files carefully 276 00:13:50,270 --> 00:13:56,690 and intelligently before initiating the 277 00:13:53,570 --> 00:13:58,970 attack to successfully attack a password 278 00:13:56,690 --> 00:14:01,580 on a network service we must not only 279 00:13:58,970 --> 00:14:04,700 match the target user name and password 280 00:14:01,580 --> 00:14:06,550 but also honor the protocol used in the 281 00:14:04,700 --> 00:14:09,590 authentication process 282 00:14:06,550 --> 00:14:13,430 fortunately popular tools such as THC 283 00:14:09,590 --> 00:14:15,740 Hydra Medusa crowbar and spray can 284 00:14:13,430 --> 00:14:16,160 handle these authentication requests for 285 00:14:15,740 --> 00:14:18,710 us 286 00:14:16,160 --> 00:14:20,600 in this section we'll examine each of 287 00:14:18,710 --> 00:14:22,730 these tools and way they're effective 288 00:14:20,600 --> 00:14:25,940 protocol and service handling 289 00:14:22,730 --> 00:14:29,090 capabilities these tools mostly have 290 00:14:25,940 --> 00:14:32,270 similar capabilities and speeds the 291 00:14:29,090 --> 00:14:35,290 correct tool to use often depends on the 292 00:14:32,270 --> 00:14:37,210 preferred syntax and output format 293 00:14:35,290 --> 00:14:39,730 this can only be determined by 294 00:14:37,210 --> 00:14:42,040 experimenting with each tool in a test 295 00:14:39,730 --> 00:14:47,220 environment and learning the strengths 296 00:14:42,040 --> 00:14:47,220 weaknesses and idiosyncrasies of each 297 00:14:49,610 --> 00:14:57,710 HTTP htx s attack with Medusa 298 00:14:55,160 --> 00:15:00,470 according to its authors Medusa is 299 00:14:57,710 --> 00:15:05,920 intended to be a speedy massively 300 00:15:00,470 --> 00:15:05,920 parallel modular login brute force err 301 00:15:06,920 --> 00:15:12,199 we'll use Medusa to attempt to gain 302 00:15:09,290 --> 00:15:14,799 access to an HT access protected web 303 00:15:12,199 --> 00:15:14,799 directory 304 00:15:20,010 --> 00:15:25,590 first we'll set up our target an Apache 305 00:15:23,400 --> 00:15:27,690 web server installed on our Windows 306 00:15:25,590 --> 00:15:30,860 client which will start through the 307 00:15:27,690 --> 00:15:30,860 xampp control panel 308 00:15:36,499 --> 00:15:38,559 you 309 00:15:44,740 --> 00:15:51,060 with our services started will return to 310 00:15:47,260 --> 00:15:51,060 Cali and explore Medusa 311 00:15:55,590 --> 00:15:57,650 you 312 00:16:01,190 --> 00:16:07,220 we'll attempt to gain access to an HT 313 00:16:04,100 --> 00:16:10,810 access protected folder named admin on 314 00:16:07,220 --> 00:16:10,810 our Windows web server 315 00:16:16,040 --> 00:16:21,740 we'll use the rock you wordlist for this 316 00:16:19,010 --> 00:16:24,640 example which we must first decompress 317 00:16:21,740 --> 00:16:24,640 with guns if 318 00:16:27,750 --> 00:16:32,579 next we'll launch Medusa and initiate 319 00:16:30,629 --> 00:16:36,569 the attack against the HD access 320 00:16:32,579 --> 00:16:39,930 protected URL on our target host will 321 00:16:36,569 --> 00:16:42,769 attack the admin user with passwords 322 00:16:39,930 --> 00:16:48,470 from our rock you word list file and 323 00:16:42,769 --> 00:16:48,470 we'll use an HTTP authentication scheme 324 00:16:51,430 --> 00:16:58,290 in this case Medusa discovered a working 325 00:16:54,550 --> 00:17:00,720 password of freedom 326 00:16:58,290 --> 00:17:03,019 let's try out these credentials in our 327 00:17:00,720 --> 00:17:03,019 browser 328 00:17:08,000 --> 00:17:10,060 you 329 00:17:10,919 --> 00:17:15,909 excellent our medusa attacks 330 00:17:13,529 --> 00:17:18,689 successfully retrieved the password for 331 00:17:15,909 --> 00:17:18,689 this directory 332 00:17:22,390 --> 00:17:27,730 Madusa has many additional options and 333 00:17:25,390 --> 00:17:30,640 settings and can interact with a variety 334 00:17:27,730 --> 00:17:34,850 of network protocols these can be 335 00:17:30,640 --> 00:17:37,340 displayed with the dash d option 336 00:17:34,850 --> 00:17:40,360 for more information about medusa refer 337 00:17:37,340 --> 00:17:40,360 to your lab guide 338 00:17:41,770 --> 00:17:46,120 remote desktop protocol attack with 339 00:17:44,620 --> 00:17:48,130 crowbar 340 00:17:46,120 --> 00:17:51,160 crowbar is a network authentication 341 00:17:48,130 --> 00:17:52,930 cracking tool primarily designed to 342 00:17:51,160 --> 00:17:55,750 leverage SSH keys 343 00:17:52,930 --> 00:17:57,850 rather than passwords it's also one of 344 00:17:55,750 --> 00:18:00,520 the few tools that can reliably and 345 00:17:57,850 --> 00:18:03,160 efficiently perform password attacks 346 00:18:00,520 --> 00:18:05,950 against the RDP service on modern 347 00:18:03,160 --> 00:18:09,190 versions of Windows let's try this tool 348 00:18:05,950 --> 00:18:11,620 against our Windows client machine first 349 00:18:09,190 --> 00:18:14,490 we need to install crowbar from the Kali 350 00:18:11,620 --> 00:18:14,490 repository 351 00:18:20,560 --> 00:18:26,000 next we'll create a small word list that 352 00:18:23,960 --> 00:18:28,540 contains the password for our Windows 353 00:18:26,000 --> 00:18:28,540 client 354 00:18:31,860 --> 00:18:37,050 to invoke crowbar we specify the 355 00:18:34,559 --> 00:18:42,620 protocol 356 00:18:37,050 --> 00:18:45,970 the target server a username 357 00:18:42,620 --> 00:18:45,970 a word list 358 00:18:46,590 --> 00:18:49,460 number of threads 359 00:18:50,930 --> 00:18:57,350 great crowbar discovered working 360 00:18:54,120 --> 00:19:00,200 credentials for the admin user 361 00:18:57,350 --> 00:19:02,900 note that we only specified a single 362 00:19:00,200 --> 00:19:04,970 thread since the remote desktop protocol 363 00:19:02,900 --> 00:19:07,570 does not reliably handle multiple 364 00:19:04,970 --> 00:19:07,570 threads 365 00:19:10,260 --> 00:19:18,460 SSH attack with THC Hydra 366 00:19:15,370 --> 00:19:20,890 THC Hydra is another powerful network 367 00:19:18,460 --> 00:19:23,710 service attack tool under active 368 00:19:20,890 --> 00:19:25,540 development and it's worth mastering we 369 00:19:23,710 --> 00:19:27,540 can use it to attack a variety of 370 00:19:25,540 --> 00:19:32,410 protocol authentication schemes 371 00:19:27,540 --> 00:19:35,650 including SSH and HTTP the standard 372 00:19:32,410 --> 00:19:39,520 options include - L to specify the 373 00:19:35,650 --> 00:19:43,120 target username - capital P to specify a 374 00:19:39,520 --> 00:19:45,910 word list and the protocol and IP in the 375 00:19:43,120 --> 00:19:50,919 URI format to specify the target 376 00:19:45,910 --> 00:19:53,619 protocol and IP address respectively 377 00:19:50,919 --> 00:19:57,369 in this first example will attack the 378 00:19:53,619 --> 00:20:01,289 SSH service on our Kali VM let's start 379 00:19:57,369 --> 00:20:01,289 OpenSSH before proceeding 380 00:20:03,610 --> 00:20:10,990 now we'll use Hydra to attack the ssh 381 00:20:07,450 --> 00:20:14,740 protocol on our local machine focus on 382 00:20:10,990 --> 00:20:18,570 the kali user and again use the small 383 00:20:14,740 --> 00:20:18,570 word list we created earlier 384 00:20:20,110 --> 00:20:24,760 in this output we can see that Hydra 385 00:20:22,570 --> 00:20:27,550 discovered a valid login against the 386 00:20:24,760 --> 00:20:30,520 local SSH server 387 00:20:27,550 --> 00:20:33,550 THC hydra supports a number of standard 388 00:20:30,520 --> 00:20:36,700 protocols and services 389 00:20:33,550 --> 00:20:40,170 refer to the Hydra man page to view all 390 00:20:36,700 --> 00:20:40,170 of its available options 391 00:20:41,750 --> 00:20:49,970 HTTP POST attack with THC Hydra 392 00:20:47,690 --> 00:20:53,450 as an additional example we'll perform 393 00:20:49,970 --> 00:20:57,679 an HTTP POST attack against our windows 394 00:20:53,450 --> 00:21:00,559 apache server using hydra when an HTTP 395 00:20:57,679 --> 00:21:03,110 POST request is used for user login it 396 00:21:00,559 --> 00:21:06,529 is most often through the use of a web 397 00:21:03,110 --> 00:21:10,879 form which means we should use the HTTP 398 00:21:06,529 --> 00:21:13,820 form post service module we can supply 399 00:21:10,879 --> 00:21:15,799 the service name followed by - capital 400 00:21:13,820 --> 00:21:20,350 you to obtain additional information 401 00:21:15,799 --> 00:21:20,350 about the required arguments 402 00:21:20,400 --> 00:21:24,720 from this output we determined that we 403 00:21:22,470 --> 00:21:26,670 need to provide a number of arguments 404 00:21:24,720 --> 00:21:30,020 that will require us to perform some 405 00:21:26,670 --> 00:21:30,020 application discovery 406 00:21:32,330 --> 00:21:37,850 first we need the IP address and the URL 407 00:21:35,539 --> 00:21:40,730 of the web page containing the webform 408 00:21:37,850 --> 00:21:43,370 on our windows client will provide the 409 00:21:40,730 --> 00:21:45,970 IP address as the first argument to 410 00:21:43,370 --> 00:21:45,970 Hydra 411 00:21:50,690 --> 00:21:55,999 next we must understand the webform we 412 00:21:53,749 --> 00:22:00,729 want to brute force by inspecting the 413 00:21:55,999 --> 00:22:00,729 HTML code of the target web page 414 00:22:01,450 --> 00:22:06,940 we can view the HTML by right-clicking 415 00:22:04,450 --> 00:22:10,529 the page and selecting view page source 416 00:22:06,940 --> 00:22:10,529 from the context menu 417 00:22:12,100 --> 00:22:18,670 the form indicates that the post request 418 00:22:14,590 --> 00:22:22,540 is handled by front page PHP which is 419 00:22:18,670 --> 00:22:25,270 the URL we will feed the Hydra the Hydra 420 00:22:22,540 --> 00:22:29,400 syntax requires the form parameters 421 00:22:25,270 --> 00:22:31,900 which in this case are user and pass 422 00:22:29,400 --> 00:22:33,670 since we're going to attack the admin 423 00:22:31,900 --> 00:22:36,370 user login with a word list 424 00:22:33,670 --> 00:22:40,690 the combined argument to Hydra becomes 425 00:22:36,370 --> 00:22:42,910 the following with pass acting as a 426 00:22:40,690 --> 00:22:45,430 placeholder for our word list file 427 00:22:42,910 --> 00:22:47,440 entries we must also provide the 428 00:22:45,430 --> 00:22:50,730 condition string to indicate when a 429 00:22:47,440 --> 00:22:50,730 login attempt is unsuccessful 430 00:22:54,790 --> 00:23:00,840 we can find this by attempting a manual 431 00:22:57,550 --> 00:23:00,840 login against the page 432 00:23:05,810 --> 00:23:13,130 in our example the webpage returns the 433 00:23:09,240 --> 00:23:13,130 text invalid login 434 00:23:19,090 --> 00:23:26,030 putting these pieces together we can 435 00:23:21,860 --> 00:23:30,429 complete the HTTP forum post syntax the 436 00:23:26,030 --> 00:23:33,590 complete command can now be executed 437 00:23:30,429 --> 00:23:37,639 will supply the admin username and 438 00:23:33,590 --> 00:23:42,470 RockYou word list request verbose output 439 00:23:37,639 --> 00:23:44,840 with - VV and used - f to stop the 440 00:23:42,470 --> 00:23:48,649 attack when the first successful result 441 00:23:44,840 --> 00:23:52,820 is found in addition will supply the 442 00:23:48,649 --> 00:23:55,360 service module name and its required 443 00:23:52,820 --> 00:23:55,360 arguments 444 00:24:00,410 --> 00:24:02,470 you 445 00:24:02,780 --> 00:24:06,590 although this required some 446 00:24:04,310 --> 00:24:09,200 investigation of the application the 447 00:24:06,590 --> 00:24:13,340 result is worth it as we discovered a 448 00:24:09,200 --> 00:24:17,050 valid password let's verify that this is 449 00:24:13,340 --> 00:24:17,050 indeed the correct password 450 00:24:22,330 --> 00:24:24,390 you 451 00:24:29,859 --> 00:24:37,570 excellent Hydra successfully found the 452 00:24:33,529 --> 00:24:37,570 correct admin password for us 453 00:24:40,830 --> 00:24:46,260 the other service modules included with 454 00:24:43,590 --> 00:24:49,010 Hydra are also well worth the effort to 455 00:24:46,260 --> 00:24:49,010 master 456 00:24:53,180 --> 00:24:59,300 leveraging password hashes 457 00:24:56,900 --> 00:25:02,200 next we turn our attention to attacks 458 00:24:59,300 --> 00:25:06,200 focused on the use of password hashes a 459 00:25:02,200 --> 00:25:09,410 cryptographic hash function is one way 460 00:25:06,200 --> 00:25:12,230 and implements an algorithm that given 461 00:25:09,410 --> 00:25:15,350 an arbitrary block of data returns a 462 00:25:12,230 --> 00:25:18,380 fixed size bit string called a hash 463 00:25:15,350 --> 00:25:20,810 value or message digest 464 00:25:18,380 --> 00:25:23,330 one of the most important uses of 465 00:25:20,810 --> 00:25:27,700 cryptographic hash functions is during 466 00:25:23,330 --> 00:25:27,700 the password verification process 467 00:25:30,280 --> 00:25:36,760 retrieving password hashes most systems 468 00:25:35,179 --> 00:25:39,830 that use a password authentication 469 00:25:36,760 --> 00:25:42,500 mechanism need to store these passwords 470 00:25:39,830 --> 00:25:44,260 locally on the machine rather than 471 00:25:42,500 --> 00:25:47,630 storing the passwords in clear-text 472 00:25:44,260 --> 00:25:49,900 modern authentication mechanisms usually 473 00:25:47,630 --> 00:25:51,950 store them as hashes to improve security 474 00:25:49,900 --> 00:25:54,350 this means that during the 475 00:25:51,950 --> 00:25:57,410 authentication process the password 476 00:25:54,350 --> 00:25:59,510 presented by the user is hashed and 477 00:25:57,410 --> 00:26:02,750 compared with the previously stored 478 00:25:59,510 --> 00:26:05,030 message digests identifying the exact 479 00:26:02,750 --> 00:26:06,890 type of hash without having further 480 00:26:05,030 --> 00:26:09,770 information about the program or 481 00:26:06,890 --> 00:26:11,870 mechanism that generated it can be very 482 00:26:09,770 --> 00:26:14,990 challenging and sometimes even 483 00:26:11,870 --> 00:26:18,080 impossible when attempting to identify a 484 00:26:14,990 --> 00:26:20,450 message digest type there are three 485 00:26:18,080 --> 00:26:24,110 important hash properties to consider 486 00:26:20,450 --> 00:26:27,110 these include the length of the hash the 487 00:26:24,110 --> 00:26:30,250 character set used in the hash and any 488 00:26:27,110 --> 00:26:32,720 special characters used by the hash a 489 00:26:30,250 --> 00:26:37,370 useful tool that can assist with hash 490 00:26:32,720 --> 00:26:40,280 type identification is hash ID to use it 491 00:26:37,370 --> 00:26:43,840 we simply run the tool and paste in the 492 00:26:40,280 --> 00:26:43,840 hash value we wish to identify 493 00:26:45,940 --> 00:26:51,730 here we analyzed two different hashes 494 00:26:49,230 --> 00:26:54,700 while the first example returned 495 00:26:51,730 --> 00:26:57,570 multiple possible matches the second 496 00:26:54,700 --> 00:27:02,440 narrowed down the hash type to sha-512 497 00:26:57,570 --> 00:27:07,019 crypt next let's retrieve and analyze a 498 00:27:02,440 --> 00:27:07,019 few hashes on our Kali Linux system 499 00:27:07,160 --> 00:27:12,350 many Linux systems have the user 500 00:27:09,350 --> 00:27:15,320 password hashes stored in the Etsy 501 00:27:12,350 --> 00:27:17,850 shadow file which requires root 502 00:27:15,320 --> 00:27:21,030 permissions to read 503 00:27:17,850 --> 00:27:25,690 the shadow file entry starts with the 504 00:27:21,030 --> 00:27:29,080 username followed by the password hash 505 00:27:25,690 --> 00:27:32,130 the hash is divided into subfields the 506 00:27:29,080 --> 00:27:36,900 first of which references the sha-512 507 00:27:32,130 --> 00:27:40,360 algorithm the next subfield is the salt 508 00:27:36,900 --> 00:27:42,580 the salt is a random value that's used 509 00:27:40,360 --> 00:27:45,970 along with the clear-text password to 510 00:27:42,580 --> 00:27:48,820 calculate a password hash this prevents 511 00:27:45,970 --> 00:27:53,850 hash lookup attacks since the password 512 00:27:48,820 --> 00:27:53,850 hash will vary based on the salt value 513 00:27:54,180 --> 00:27:59,010 now let's turn our focus to windows 514 00:27:56,700 --> 00:28:01,320 targets and discuss the various hash 515 00:27:59,010 --> 00:28:04,020 implementations and how we can leverage 516 00:28:01,320 --> 00:28:06,660 them during an assessment on Windows 517 00:28:04,020 --> 00:28:09,950 systems hashed user passwords are stored 518 00:28:06,660 --> 00:28:13,800 in the Security Accounts Manager or Sam 519 00:28:09,950 --> 00:28:17,070 to deter offline Sam database password 520 00:28:13,800 --> 00:28:20,520 attacks Microsoft introduced the SIS key 521 00:28:17,070 --> 00:28:24,000 feature which partially encrypts the Sam 522 00:28:20,520 --> 00:28:27,780 file windows nt-based operating systems 523 00:28:24,000 --> 00:28:31,140 up to and including Windows 2003 store 524 00:28:27,780 --> 00:28:35,240 to different password hashes land 525 00:28:31,140 --> 00:28:40,470 manager or LM which is based on DES and 526 00:28:35,240 --> 00:28:43,370 NT land manager or ntlm which uses MD 527 00:28:40,470 --> 00:28:46,190 for hashing 528 00:28:43,370 --> 00:28:48,770 land manager is known to be very weak 529 00:28:46,190 --> 00:28:51,770 since passwords longer than seven 530 00:28:48,770 --> 00:28:55,730 characters are split into two strings 531 00:28:51,770 --> 00:28:58,940 and each piece is hashed separately each 532 00:28:55,730 --> 00:29:01,750 password string is also converted to 533 00:28:58,940 --> 00:29:05,180 uppercase before being hashed and 534 00:29:01,750 --> 00:29:08,270 moreover the LM hashing system does not 535 00:29:05,180 --> 00:29:11,470 include salts making a hash lookup 536 00:29:08,270 --> 00:29:11,470 attack feasible 537 00:29:12,029 --> 00:29:18,080 from Windows Vista on the operating 538 00:29:14,549 --> 00:29:21,059 system disables LM by default and uses 539 00:29:18,080 --> 00:29:24,210 ntlm which among other things is 540 00:29:21,059 --> 00:29:26,700 case-sensitive supports all Unicode 541 00:29:24,210 --> 00:29:31,169 characters and does not split the hash 542 00:29:26,700 --> 00:29:33,359 into smaller beaker parts however ntlm 543 00:29:31,169 --> 00:29:36,919 hash is stored in the Sam database are 544 00:29:33,359 --> 00:29:36,919 still not salted 545 00:29:37,170 --> 00:29:41,310 it's worth mentioning that the Sam 546 00:29:39,030 --> 00:29:43,680 database cannot be copied while the 547 00:29:41,310 --> 00:29:45,690 operating system is running because the 548 00:29:43,680 --> 00:29:49,340 Windows kernel keeps an exclusive 549 00:29:45,690 --> 00:29:49,340 filesystem lock on it 550 00:29:52,160 --> 00:29:56,780 however we can use Mimi Katz which is 551 00:29:55,100 --> 00:29:59,780 covered in much greater depth in another 552 00:29:56,780 --> 00:30:03,380 module to mount in-memory attacks 553 00:29:59,780 --> 00:30:05,240 designed to dump the Sam hashes among 554 00:30:03,380 --> 00:30:08,330 other things Mimi Katz modules 555 00:30:05,240 --> 00:30:10,850 facilitate password hash extraction from 556 00:30:08,330 --> 00:30:13,150 the L SAS process memory where they are 557 00:30:10,850 --> 00:30:13,150 cached 558 00:30:18,680 --> 00:30:20,740 you 559 00:30:28,390 --> 00:30:34,270 since L SAS is a privileged process 560 00:30:31,270 --> 00:30:36,430 running under the system user we need to 561 00:30:34,270 --> 00:30:39,540 launch Mimi Katz from an administrative 562 00:30:36,430 --> 00:30:39,540 command prompt 563 00:30:40,659 --> 00:30:46,779 extract password hashes we must first 564 00:30:43,299 --> 00:30:49,929 execute two commands the first is 565 00:30:46,779 --> 00:30:52,720 privileged debug which enables the SE 566 00:30:49,929 --> 00:30:55,960 debug privileged access write required 567 00:30:52,720 --> 00:30:58,450 to tamper with another process if this 568 00:30:55,960 --> 00:31:00,639 command fails me me Katz was most likely 569 00:30:58,450 --> 00:31:02,940 not executed with administrative 570 00:31:00,639 --> 00:31:02,940 privileges 571 00:31:04,809 --> 00:31:10,269 it's important to understand that L SAS 572 00:31:07,210 --> 00:31:12,700 is a system process which means it has 573 00:31:10,269 --> 00:31:15,149 even higher privileges than me me cats 574 00:31:12,700 --> 00:31:18,549 running with administrative privileges 575 00:31:15,149 --> 00:31:21,700 to address this we can use the token 576 00:31:18,549 --> 00:31:24,970 elevate command to elevate the security 577 00:31:21,700 --> 00:31:27,659 token from high integrity to system 578 00:31:24,970 --> 00:31:27,659 integrity 579 00:31:30,660 --> 00:31:37,640 if Mimi cats is launched from a system 580 00:31:33,330 --> 00:31:37,640 shell this step is not required 581 00:31:37,669 --> 00:31:43,459 now we can use LSA dump 582 00:31:40,639 --> 00:31:45,260 Sam to dump the contents of the Sam 583 00:31:43,459 --> 00:31:48,590 database 584 00:31:45,260 --> 00:31:50,720 nice Mimi Katz has elegantly and 585 00:31:48,590 --> 00:31:53,680 effectively dumped the hashes as 586 00:31:50,720 --> 00:31:53,680 requested 587 00:32:00,920 --> 00:32:07,800 passing the hash in Windows as we'll 588 00:32:05,220 --> 00:32:09,840 discover in the next section cracking 589 00:32:07,800 --> 00:32:13,290 password hashes can be very 590 00:32:09,840 --> 00:32:16,290 time-consuming and is often not feasible 591 00:32:13,290 --> 00:32:18,990 without powerful hardware however 592 00:32:16,290 --> 00:32:21,930 sometimes we can leverage Windows based 593 00:32:18,990 --> 00:32:25,230 password hashes without resorting to a 594 00:32:21,930 --> 00:32:28,590 laborious cracking process 595 00:32:25,230 --> 00:32:30,809 the past the hash technique allows an 596 00:32:28,590 --> 00:32:34,039 attacker to authenticate to a remote 597 00:32:30,809 --> 00:32:37,860 target by using a valid combination of 598 00:32:34,039 --> 00:32:41,220 username and hash rather than a clear 599 00:32:37,860 --> 00:32:45,389 text password this is possible because 600 00:32:41,220 --> 00:32:48,360 LM and ntlm password hashes are not 601 00:32:45,389 --> 00:32:51,419 salted and remain static between 602 00:32:48,360 --> 00:32:54,510 sessions moreover if we discover a 603 00:32:51,419 --> 00:32:56,429 password hash on one target we can not 604 00:32:54,510 --> 00:32:59,070 only use it to authenticate to that 605 00:32:56,429 --> 00:33:02,250 target we can use it to authenticate to 606 00:32:59,070 --> 00:33:04,500 another target as well as long as that 607 00:33:02,250 --> 00:33:08,220 target has an account with the same 608 00:33:04,500 --> 00:33:12,620 username and password let's introduce a 609 00:33:08,220 --> 00:33:12,620 scenario to demonstrate this attack 610 00:33:12,970 --> 00:33:17,800 during our assessment we discovered a 611 00:33:15,490 --> 00:33:21,460 local administrative account that is 612 00:33:17,800 --> 00:33:23,770 enabled on multiple systems we exploited 613 00:33:21,460 --> 00:33:26,380 a vulnerability on one of these systems 614 00:33:23,770 --> 00:33:30,520 and have gained system privileges 615 00:33:26,380 --> 00:33:33,730 allowing us to dump local LM and ntlm 616 00:33:30,520 --> 00:33:36,190 hashes we've copied the hash of a user 617 00:33:33,730 --> 00:33:39,040 in the administrators group and can now 618 00:33:36,190 --> 00:33:41,740 use it instead of a password to gain 619 00:33:39,040 --> 00:33:45,280 access to a different machine which has 620 00:33:41,740 --> 00:33:48,760 the same local account and password to 621 00:33:45,280 --> 00:33:51,570 do this we'll use PTH Winx II from the 622 00:33:48,760 --> 00:33:55,740 passing the hash toolkit which performs 623 00:33:51,570 --> 00:34:00,190 authentication using the SMB protocol as 624 00:33:55,740 --> 00:34:02,980 a demonstration will invoke PTH Winx II 625 00:34:00,190 --> 00:34:05,560 on our Kali machine to authenticate to 626 00:34:02,980 --> 00:34:08,770 our target using a previously dumped 627 00:34:05,560 --> 00:34:10,840 password hash will gain a remote command 628 00:34:08,770 --> 00:34:13,530 prompt on the target machine by 629 00:34:10,840 --> 00:34:17,320 specifying the username and hash 630 00:34:13,530 --> 00:34:21,730 separated by a percent sign along with 631 00:34:17,320 --> 00:34:24,130 the SMB share in unc format and the name 632 00:34:21,730 --> 00:34:27,720 of the command to execute which in this 633 00:34:24,130 --> 00:34:27,720 case is CMD 634 00:34:28,500 --> 00:34:33,929 our command was successful using the 635 00:34:31,350 --> 00:34:37,250 captured hash as credentials we now have 636 00:34:33,929 --> 00:34:37,250 a shell on the target 637 00:34:38,480 --> 00:34:44,400 behind-the-scenes the format of the ntlm 638 00:34:41,430 --> 00:34:46,860 hash we provided was changed into net 639 00:34:44,400 --> 00:34:49,550 ntlm format during the authentication 640 00:34:46,860 --> 00:34:49,550 process 641 00:34:49,679 --> 00:34:54,510 we can capture these hashes using 642 00:34:52,619 --> 00:34:59,930 man-in-the-middle or poisoning attacks 643 00:34:54,510 --> 00:34:59,930 and either crack them or relay them 644 00:35:02,980 --> 00:35:08,380 password cracking encrypt analysis 645 00:35:07,060 --> 00:35:10,840 password cracking 646 00:35:08,380 --> 00:35:14,220 is the process of recovering a clear 647 00:35:10,840 --> 00:35:17,140 text pass phrase given its stored hash 648 00:35:14,220 --> 00:35:19,380 the process of password cracking is 649 00:35:17,140 --> 00:35:21,940 fairly straightforward at a high level 650 00:35:19,380 --> 00:35:23,530 once we've discovered the hashing 651 00:35:21,940 --> 00:35:26,140 mechanism we're dealing with in the 652 00:35:23,530 --> 00:35:28,960 target authentication process we can 653 00:35:26,140 --> 00:35:31,660 iterate over each word in a word list 654 00:35:28,960 --> 00:35:32,530 and generate the respective message 655 00:35:31,660 --> 00:35:35,440 digest 656 00:35:32,530 --> 00:35:37,540 if the computed hash matches the one 657 00:35:35,440 --> 00:35:40,260 obtained from the system we have 658 00:35:37,540 --> 00:35:43,330 obtained the matching plaintext password 659 00:35:40,260 --> 00:35:45,550 this is usually all accomplished with 660 00:35:43,330 --> 00:35:49,000 the help of a specialized password 661 00:35:45,550 --> 00:35:51,340 cracking program if a salt is involved 662 00:35:49,000 --> 00:35:53,460 in the authentication process and we do 663 00:35:51,340 --> 00:35:56,710 not know what that salt value is 664 00:35:53,460 --> 00:36:00,400 cracking could become extremely complex 665 00:35:56,710 --> 00:36:03,400 if not impossible as we must repeatedly 666 00:36:00,400 --> 00:36:07,180 hash each potential clear text password 667 00:36:03,400 --> 00:36:09,070 with various salts nevertheless and our 668 00:36:07,180 --> 00:36:11,350 experience we have almost always been 669 00:36:09,070 --> 00:36:14,200 able to capture the password hash along 670 00:36:11,350 --> 00:36:16,510 with the salt whether from a database 671 00:36:14,200 --> 00:36:20,170 that contains both of the unique values 672 00:36:16,510 --> 00:36:23,710 per record or from a configuration or a 673 00:36:20,170 --> 00:36:26,800 binary file that uses a single salt for 674 00:36:23,710 --> 00:36:28,990 all hashed values when both of these 675 00:36:26,800 --> 00:36:32,260 values are known password cracking 676 00:36:28,990 --> 00:36:34,720 decreases in complexity once we've 677 00:36:32,260 --> 00:36:37,359 gained access to password hashes from a 678 00:36:34,720 --> 00:36:39,400 target system we can begin a password 679 00:36:37,359 --> 00:36:41,530 cracking session running in the 680 00:36:39,400 --> 00:36:44,500 background as we continue on with our 681 00:36:41,530 --> 00:36:46,810 assessment if any of the passwords are 682 00:36:44,500 --> 00:36:49,480 cracked we could attempt to use those 683 00:36:46,810 --> 00:36:53,109 passwords on other systems to increase 684 00:36:49,480 --> 00:36:55,660 our control over the target network this 685 00:36:53,109 --> 00:36:58,660 like other penetration testing processes 686 00:36:55,660 --> 00:37:01,359 is iterative and we will feed data back 687 00:36:58,660 --> 00:37:04,390 into earlier steps as we expand our 688 00:37:01,359 --> 00:37:07,600 control to demonstrate password cracking 689 00:37:04,390 --> 00:37:09,880 will again turn to John the Ripper as it 690 00:37:07,600 --> 00:37:12,810 supports dozens of password formats and 691 00:37:09,880 --> 00:37:16,180 is incredibly powerful and flexible 692 00:37:12,810 --> 00:37:18,910 running John in pure brute force mode 693 00:37:16,180 --> 00:37:21,609 attempting every possible character 694 00:37:18,910 --> 00:37:24,250 combination and a password is as simple 695 00:37:21,609 --> 00:37:26,559 as passing the filename containing our 696 00:37:24,250 --> 00:37:30,869 password hashes on the command line 697 00:37:26,559 --> 00:37:30,869 along with the hashing format 698 00:37:31,490 --> 00:37:36,950 since we know the type of hash we're 699 00:37:33,740 --> 00:37:39,260 cracking we use the format option to 700 00:37:36,950 --> 00:37:41,830 crack the hashes that we dumped using 701 00:37:39,260 --> 00:37:41,830 Mimi Katz 702 00:37:42,040 --> 00:37:47,530 John recognizes the hash type correctly 703 00:37:44,350 --> 00:37:50,080 and sets out to crack it a brute-force 704 00:37:47,530 --> 00:37:52,600 attack such as this however will take a 705 00:37:50,080 --> 00:37:55,080 long time based on the speed of our 706 00:37:52,600 --> 00:37:55,080 system 707 00:37:57,370 --> 00:38:02,920 as an alternative we can use the word 708 00:38:00,040 --> 00:38:05,740 list parameter and provide the path to a 709 00:38:02,920 --> 00:38:08,710 word list instead which shortens the 710 00:38:05,740 --> 00:38:11,250 process time but promises less password 711 00:38:08,710 --> 00:38:11,250 coverage 712 00:38:11,460 --> 00:38:17,010 if any passwords remain to be cracked we 713 00:38:14,250 --> 00:38:22,160 can next try to apply JT ARS word 714 00:38:17,010 --> 00:38:22,160 mangling rules with the rules parameter 715 00:38:25,030 --> 00:38:31,510 next we'll see how John the Ripper deals 716 00:38:27,650 --> 00:38:31,510 with Linux password hashes 717 00:38:32,030 --> 00:38:36,920 in order to crack linux-based hashes 718 00:38:34,280 --> 00:38:39,470 with John we will first need to use the 719 00:38:36,920 --> 00:38:41,780 unshadowed utility to combine the 720 00:38:39,470 --> 00:38:44,450 password and shadow files from the 721 00:38:41,780 --> 00:38:46,880 compromised system let's quickly add a 722 00:38:44,450 --> 00:38:49,220 new user to our system with a relatively 723 00:38:46,880 --> 00:38:52,660 weak password so we can give John 724 00:38:49,220 --> 00:38:52,660 something easy to crack 725 00:38:58,160 --> 00:39:00,220 you 726 00:39:03,980 --> 00:39:10,400 now we'll use grep to extract the victim 727 00:39:07,280 --> 00:39:13,130 user details from Etsy password and Etsy 728 00:39:10,400 --> 00:39:13,940 shadow into two files in our home 729 00:39:13,130 --> 00:39:16,730 directory 730 00:39:13,940 --> 00:39:20,080 note that root permissions are required 731 00:39:16,730 --> 00:39:20,080 to read Etsy shadow 732 00:39:25,710 --> 00:39:27,770 you 733 00:39:27,970 --> 00:39:31,619 great let's continue 734 00:39:33,410 --> 00:39:38,710 John the Ripper requires a special hash 735 00:39:35,990 --> 00:39:41,990 format that is generated with unshadowed 736 00:39:38,710 --> 00:39:44,690 to use unshadowed we simply pass the 737 00:39:41,990 --> 00:39:46,670 password and shadow file names as 738 00:39:44,690 --> 00:39:49,819 arguments 739 00:39:46,670 --> 00:39:52,750 let's save this to a file so we can pass 740 00:39:49,819 --> 00:39:52,750 it to John 741 00:39:56,170 --> 00:40:01,599 we can now run John passing the word 742 00:39:58,839 --> 00:40:04,410 list and the unshadowed text file as 743 00:40:01,599 --> 00:40:04,410 arguments 744 00:40:10,500 --> 00:40:16,030 newer versions of John the Ripper are 745 00:40:13,170 --> 00:40:18,100 multi-threaded by default and this can 746 00:40:16,030 --> 00:40:21,940 be enabled on older versions with the 747 00:40:18,100 --> 00:40:23,860 fork option we can also distribute the 748 00:40:21,940 --> 00:40:28,080 cracking load across multiple computers 749 00:40:23,860 --> 00:40:28,080 with the node option 750 00:40:28,319 --> 00:40:33,640 refer to your lab guide for more 751 00:40:30,760 --> 00:40:38,280 information let's clean up our system 752 00:40:33,640 --> 00:40:38,280 and get rid of that new user we created 753 00:40:39,500 --> 00:40:44,810 while John the Ripper is a great tool 754 00:40:41,960 --> 00:40:47,360 for cracking password hashes its speed 755 00:40:44,810 --> 00:40:50,570 is limited to the power of the CPUs 756 00:40:47,360 --> 00:40:53,630 dedicated to the task in recent years 757 00:40:50,570 --> 00:40:56,600 GPUs have become incredibly powerful and 758 00:40:53,630 --> 00:40:59,380 are of course found in every computer 759 00:40:56,600 --> 00:40:59,380 with a display 760 00:41:01,930 --> 00:41:08,180 GPU cracking tools like hash cat 761 00:41:04,880 --> 00:41:11,900 leverage the power of both the CPU and 762 00:41:08,180 --> 00:41:15,410 the GPU to achieve incredible password 763 00:41:11,900 --> 00:41:18,680 cracking speeds if you'd like to learn 764 00:41:15,410 --> 00:41:20,839 more about GPU password cracking refer 765 00:41:18,680 --> 00:41:23,510 to your lab guide and the ample 766 00:41:20,839 --> 00:41:26,080 documentation available on the hash cat 767 00:41:23,510 --> 00:41:26,080 wiki 768 00:41:30,350 --> 00:41:35,020 wrapping up 769 00:41:33,040 --> 00:41:37,510 there are so many password attack tools 770 00:41:35,020 --> 00:41:39,910 and word lists available that it can be 771 00:41:37,510 --> 00:41:42,880 tempting to just jump in and fire away 772 00:41:39,910 --> 00:41:45,240 in search of that often elusive break 773 00:41:42,880 --> 00:41:47,890 during a penetration test however 774 00:41:45,240 --> 00:41:50,590 success lies in not only deeply 775 00:41:47,890 --> 00:41:53,470 understanding the usage and strengths of 776 00:41:50,590 --> 00:41:55,980 each tool but in learning to step back 777 00:41:53,470 --> 00:41:58,270 and apply these tools with wisdom 778 00:41:55,980 --> 00:42:01,690 honoring the balance of speed and 779 00:41:58,270 --> 00:42:03,790 precision as well as prioritizing the 780 00:42:01,690 --> 00:42:06,570 safety of the clients production 781 00:42:03,790 --> 00:42:06,570 environment 57550