Password Cracking COEN 252 Computer Forensics Social Engineering

  • Slides: 12
Download presentation
Password Cracking COEN 252 Computer Forensics

Password Cracking COEN 252 Computer Forensics

Social Engineering n Perps trick Law enforcement, private investigators can ask. n Look for

Social Engineering n Perps trick Law enforcement, private investigators can ask. n Look for clues: n n Passwords frequently use SSN, names of boyfriend, girlfriend, dog, sled, …

Dictionary Attacks n n n Passwords need to be memorizable. Most Passwords based on

Dictionary Attacks n n n Passwords need to be memorizable. Most Passwords based on actual words. Dictionary attacks uses a dictionary: n n n Try all words in dictionary with slight changes. Typically very fast.

Brute Force n n Just try out all combinations. 8256 possibilities for a UNIX

Brute Force n n Just try out all combinations. 8256 possibilities for a UNIX password. n n n But only if all letters are equally likely. Not feasible on a single machine. But possibly in a P 2 P system. n Using Seti@home technology.

Keystroke logging / sniffing n n n Surveillance of suspect can yield passwords. Keystroke

Keystroke logging / sniffing n n n Surveillance of suspect can yield passwords. Keystroke loggers can be set up to automatically reveal typed in passwords. Same for network sniffers.

Default Passwords n Many applications come with a default password. n n VMS used

Default Passwords n Many applications come with a default password. n n VMS used to have a default super-user password. Often, the default password is the same as the default user name. In principle, the sys-ad changes the default password. Recently, applications are no longer shipped with default passwords.

Bios Password n Stored in CMOS n Remove power from CMOS and CMOS is

Bios Password n Stored in CMOS n Remove power from CMOS and CMOS is reset. n n Looses valuable forensic data such as the system clock. Some BIOS can be programmatically cleaned. n Looses valuable forensic data such as the system clock.

Windows 9 x n Windows 9 x stores the login password n n n

Windows 9 x n Windows 9 x stores the login password n n n in. pwl file in the c: windows directory in encrypted form. Obtain the password from the file. Use an offline password cracker that attacks the weak encryption.

Windows 9 x n n n Windows screen saver password is stored in user.

Windows 9 x n n n Windows screen saver password is stored in user. dat file in c: windows. Password is in simple ASCII encryption. The screen saver password is very often the system password.

Windows NT and up Unix n n n Only hash of password is stored.

Windows NT and up Unix n n n Only hash of password is stored. Computationally impossible to calculate password from the hash. Can use the hash for a dictionary or brute force attack.

Various Applications n Some applications store the password in clear text in a hidden

Various Applications n Some applications store the password in clear text in a hidden location. n n n Registry in Windows. Some file attached to the application. Or using easily breakable encryption of password in known place.

Multiple Passwords n Since few users can remember many passwords, any password for a

Multiple Passwords n Since few users can remember many passwords, any password for a given application might also unlock other passwords.