Flashcards in Book Two- Chapter Seven-Password Security Deck (10)
What is a password cracker?
A program that is used to identify an unknown or forgotten password to a computer or network resource. It can be used to obtain unauthorize access to resources.
*use 2 primary methods to discover paswords:
brute force and dictionary searches.
*A brute force cracker runs through combinations of characters of a pre-determined length until it finds a combination accepted by the system.
dictionary-search cracker- When conducting a dictionary search, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variet of topics, including politics, movies, and music groups.
Some password crackers search for hybrids of dictionary entries and numbers. Ex: when a password cracker of this type reaches the word: ants: in it's dictionary, it may search for ants01, ants02, and ants03, and so on. This can be helpful when users have been advised to include numbers in their passwords.
A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer's memory, the program may be able to decrypt it. It could also use the same algorithm as the target system to create an encrypted version of the password that matches the original.
How does a password cracker work?
In order to understand how a password cracker works, it is important to understand how a password generator works. Most password generators use some form of cryptography to encrypt the passwords.
Software is aailable on the Internet that can creat strong, difficult-to-crack passwords.
In the cracking process, the word list is sent through the encryption process, genrally one word at a time. Rules are applied to the word and word is again compared to the target password, which was encrypted using the same rules. If no match occurs, the next word is sent through the process. Some password crackers perform this task differently by taking the entire list of words, applying a rule, and from this, deriving their next list. this list is then encrypted and matched against the target password. The second technique is usually much faster. If a match occurs, the crack is successful: The plaintext word is then sent to a file for later use.
The majority of password-cracking utilities are not user riendly. When execcuted, some of them output nothing more than a cryptic message.
Why is a rule-based attack considered more powerful than other password-cracking methods?
This type of attack is used when an attacker already has some information about the pasword. he/she can then write a rule so that th pasword-cracking software will generate only passwords that meet this rule.
Ex: if the attacker knows that all passwords on a system
consists of 6 letters and 3 numbers, he/she can craft a rule that genreates only these types of passwords.
*******This is considered the most powerful attack, because the cracker can narrow down the possibilities considerable. This technique combines brute-force, dictionary, and syllable attacks
How is password-cracking software classified?
Classified as either system software password cracking or application software password cracking
What is system-level password cracking?
Passwords for system software are created to prevent access to system files and other secured info that is used during a system's boot process. There are several ways to access a system by cracking these passwords:
Bypassing the BIOS Password:
BIOS manufacterers provide a backup passwords that can be used to access the BIOS setup if the password is lost. The passwords that manufacturers provide are case sensitive. If a particular backdoor password does not work, then various case-sensitive combinations of the password should be tried.
The manufactuer's documentation must be read prior to trying the backdoor passwords because BIOS comvinations will lock the sytem completely if the password is typed wrong.
Removing the CMOS Battery:
A battery attached to the motherboard buffers the CMOS's settings. If the battery is removed and replaced after waiting 20-30 minutes, the password will reset itelf. Some manufactuerers back up the power to the CMOS chipset using a capacitor, so if removing and replacing the battery after 30 min does not work, replace the battery after at least 24 hrs. Some CMOS batteries are soldered onto the motherboard;trying to remove a soldered CMOS battery may damage the motherboard and other components.
To clear the CMOS settings by removing the battery, follow these steps:
1. shut down the computer and disconnect power cord
2. locate the battery on the motherboard (approx 1/2 inch in diameter)
3. carefully lift it from the socket and place aside
4. leave it for 20-30 mintues
5. replace it in the socket
6. plug in and restart the computer
7. as the computer begins its start up process, press the DEL, F10, or F1 key, depending on the specific computer, to get into BIOS/CMOS setup
8. look for the option to set the BIOS/CMOS to its default settings
9. check the settings of CPU, memory, and hard drive type and size
10. finalize all adjustments, save the settings, and restart the computer
By adjusting the jumpers or dipswitches on a motherboard, all custom settings, including the BIOS passwords, will be cleared. The location of these jumpers or dispswitches on the motherboard varies, so refer to the system's doumentation. If the documentation is not available, the jumpers and dipswitches can sometimes be found on the edge of the motherboard, next to the CMOS battery or near the processor. On a laptop computer, the dipswitches are usually found under the keyboard or in a compartment at the bottom of the laptop. Some manufacturers may label the jumpers and dipswitches as one of the following:
to reset CMOS using jumpers or dipswitches, follow these steps:
1. shut down computer and disconnect the power cord
2. locate the jumpers or dipswtches to reset the BIOS/CMOS
3. Make a note of the default positions of these jumpers/dipswitches
4. Change them to the position to reset the BIO/CMOS
5. Leave the jumpers in place for 20-30 seconds
6. Now change them back to their ddfault positions
7. As the computer begins its startup process, press the DEL, F10, or F1 key, depending on the specif computer, to get into BIOS/CMOS set up
8. Look for the option to set the BIOS/CMOS to its default
9. Check the settings of CPU, memory, and hard drive type and size
10. Finalize all adj, save the settings, and restart the computer.
Tools for System Software Password Cracking:
If there are no jumpers/dipswitches for resetting the system password and the battery cannot be removed, then either the BIOS/CMOS chip will have to be fashed by the user or the manufactuer, or the following tools may be used to crack the password:
Tool: Windows XP/2000/NT Key Generator:
revoers most passwords and resets the domain administrator password for Active Directory domain controllers directly from a bootable CD-ROM. It also supports Windows 2003 Server
Tool: CMOSPWD decrypts passwords for multiple BIOS types
Tool: ERD Commander in MSDaRT 6.5
Microsoft Diagnostics and Recovery Toolset (MSDaRT) 6.5 hels diagnose and repair a system that has trouble starting or has other issues. When you start the system using the Emergentcy Repair Disk (ERD), a System Recovery Options dialog box appears. A graphical encironment and a comman-line console are avail
Describe Distributed Network Attack (DNA)
Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks. This type of attack takes advantage of the specific capacity limits that apply to any network resources – such as the infrastructure that enables a company’s website. The DDoS attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly.
What are rainbow attacks?
Based on the cryptanalytic time-memory trad-off technique. Cryptanalytic time-memory trad-off is a method that requires less time for cryptanalysis. It uses already calculated information stored in memory to crack a code, such as a password. In a rainbow attack, a passowrd hash table called a rainbow table is created in advance and stored into memory. This rainbow table is a table of password hashes created by hashing eveyr possible password and variation therof to be used ina rainbow attack to recover a plaintext password from a captured ciphertext.
During the recovery of the password, the cracker will simply look up the precalculated hash in the rainbwo table to find the associated password. This atack reduces the time required to find complex passwords, but it will not work on all passwords.
Differentiate between syllable, rule-based, and hybrid password attacks
A syllable attack is the combination of both a brute-force attack and a dictionary attack. This is often used when the password is a non-existent word. The attacker takes syllables from dictionary words and combines them in every possible way to try to crack the password.
Used when an attacker already has some inforamtionn about the password. He/she can then write a rule so that the password-cracking software will geneerate only passwords that meet this rule. if the attacker knows that all passwords on a system consists of 6 letters and 3 numbers, he/she can craft a rule that genreates only these types of passwords.
Based on the dictionary attack. Often, people change their passwords by just adding numbers to their old passwords. In this attack, the programs adds numbers and symbols to the words from the dictionary.
What is a default password DB?
Provides a list of vendors and information related to their products' default settings, such as protocols used, usernames, passwords, levels of access, and validation of the passwords. Some of the databasws allow users to add to the DB by submitting the default information for their equipment. Some of these DB can be found at the following Web sites: