AdSense
Showing posts with label PASSWORD ATTACKS. Show all posts
Showing posts with label PASSWORD ATTACKS. Show all posts
Sunday, October 15, 2017
Password profiling with CEWL / Wordlist mangling with JOHN THE RIPPER
PASSWORD PROFILING WITH CEWL / WORDLIST MANGLING WITH JOHN THE RIPPER
- Layout for this exercise:
1 - Password profiling with CEWL
- CEWL (Custom Word List generator) scans for a list of words and phrases taken from the web server of a targeted organization and returns a textfile with the corresponding wordlist.
- The option -m allows to specify the minimum length of the returned words:
- The option -w outputs the result to a textfile:
- Let's apply cewl to www.whitelist1.com, setting the minimum number of letters to 6, and outputting the result to the file whitelist_wordlist.txt:
- The number of lines is 7011:
- Let's see some of the strings found:
- Another interesting option is to create an email list with all emails founded by cewl, using these options:
- Applying cewl again to the web server domain:
- The new text file contains just 3 lines:
- Finally, the option -c counts for how many times words appear at the wordlist:
2 - Wordlist mangling with John The Ripper
- There are certain practices that users tend to apply to passwords in order to mutate them.
- For instance, adding numbers at the beginning and/or the end, swapping out to lower/uppercase letters, etc ...
- John The Ripper allows to modify a wordlist of passwords according to different criteria.
- For instance, let's add two numbers to the end of each password, just modifying the john.conf file:
- Now, the original whitelist1_wordlist.txt is modified to mutated_whitelist1_wordlist.txt
- The new file contains 1046909 strings, in comparison with the original one, containing 7011:
- Let's check how the last passwords of the wordlist have been modified:
Password wordlist generation with CRUNCH
PASSWORD WORDLIST GENERATION WITH CRUNCH
- Layout for this exercise:
1 - Introduction
- A dictionary attack is based on trying all the strings in a pre-arranged list, typically derived from a wordlist such as in a dictionary.
https://en.wikipedia.org/wiki/Dictionary_attack
- A password dictionary file or password wordlist is a text file containing a large number of potential passwords.
- Password wordlists are used in combination with cracking tools that accept those password files and attempt to authenticate a service.
- Linux includes by default a great number of wordlist files:
- However, an attacker could be interested in generating his own password wordlist based on different criteria like predefined character sets, number or characters, formats and patterns, ...
- Key-space brute force is a technique to generate all possible combinations of characters and using them for password cracking.
- For that purpose, crunch is a password wordlist generator that can be used for password dictionary attacks.
https://sourceforge.net/projects/crunch-wordlist/files%2Fcrunch-wordlist/
- Manual for crunch:
2 - Min-len, max-len and charset string
- In this first example crunch will generate a wordlist based on the following criteria:
i) minimum length = 3 characters
ii) maximun length = 4 characters
ii) charset = x9 (just two characters)
- The total number of strings is VR(2,3) + VR(2,4) = 2^3 + 2^4 = 24
- Output for crunch1.txt contains 24 lines, as expected:
3 - Increasing password complexity
- In comparison with the previous example, where the number of generated strings was small and easy to be cracked, let's create now a more complex wordlist.
- In this case the wordlist generator criteria is:
i) minimum length = 8 characters
ii) maximun length = 8 characters
ii) charset = 0123456789aeiouAEIOU (20 characters)
- The number of lines generated is huge VR(20,8) = 20^8 = 25600000000
- Let's notice that 214 GB of data is huge, making the task of brute forcing attack really difficult.
- The lesson is that the more complex to be the password, the less easy an attack to be successful.
4 - Using predefined charset lists
- Crunch allows to use a great number of predefined charsets. Some of them:
- For instance, let's take the symbols14 charset:
- Taking a minimum of 2 and a maximum of 4 characters, the number of generated strings is:
VR(14,2) + VR(14,3) + VR(14,4) = 14^2 + 14^3 + 14^4 = 41356
5 - Specifying a password pattern
- The crunch option -t allows to specify a password pattern with lower and upper case characters, numbers and symbols:
- For instance, taking 8 characters in total, 2 of them for each of these groups:
, -> 26 upper case characters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
@ -> 26 lower case alpha characters: abcdefghijklmnopqrstuvwxyz
% -> 10 numeric characters: 0123456789
^ -> 33 special characters: `~!@#$%^&*()-_=+[]\{}|;':",./<>?
- An instance of this pattern would be ABab01@#
- The total number of generated strings is:
VR(26,2) + VR(26,2) + VR(33,2) + VR(10,2) = 26^2 + 26^2 + 33^2 + 10^2 = 49764686400
- Some lines of the output illustrate the specified pattern:
6 - Combining words to generate a password
- The crunch option -p allows to combine (without repetition) different words into a single password:
- For instance, combining the 3 words hello bye 123 generates 3! = 6 lines. Let's notice that to include two numbers (any) into the command (1 1) is necessary, though they are ignored:
Subscribe to:
Posts (Atom)