Password cracking software

advertisement
Password cracking software
These tools require physical access on the tested computer:
• John the Ripper (www.openwall.com/john)
• pwdump2 (razor.bindview.com/tools/desc/pwdump2_
readme.html)
• Crack (coast.cs.purdue.edu/pub/tools/unix/pwdutils/
crack)
• Brutus (www.hoobie.net/brutus)
• Pandora (www.nmrc.org/project/pandora)
• NTFSDOS Professional (www.winternals.com)
Windows usually stores passwords in these locations:
• Security Accounts Manager (SAM) database
(c:\winnt\system32\config)
Password dictionary download
_ ftp://ftp.cerias.purdue.edu/pub/dict
_ ftp://ftp.ox.ac.uk/pub/wordlists
_ packetstormsecurity.nl/Crackers/wordlists
_ www.outpost9.com/files/WordLists.html
Cracking passwords with pwdump2 and John the Ripper
The following steps use two of my favorite utilities to test the security of current
passwords on Windows systems:
88 Part II: Putting Ethical Hacking in Motion
_ pwdump2 (to extract password hashes from the Windows SAM database)
_ John the Ripper (to crack the hashes of Windows and UNIX passwords)
This test requires administrative access to either your Windows NT/2000
stand-alone workstation or server:
1. Create a new directory called passwords from the root of your
Windows C: drive.
2. Download and install a decompression tool, if you don’t have one.
FreeZip (members.ozemail.com.au/~nulifetv/freezip) and IZArc
(www.webattack.com/get/izarc.shtml) are free Windows decompression
tools. Windows XP includes built-in decompression.
3. Download, extract, and install the following software, if you don’t
already have it on your system:
• pwdump2 — download the file from razor.bindview.com/
tools/desc/pwdump2_readme.html
• John the Ripper — download the file from www.openwall.com/john
The network administrator remembers some great password-cracking
utilities from ElcomSoft (www.elcomsoft.com) that can help him out. He
may see something like Figures 7-5 and 7-6.
Keystroke logging
One of the best techniques for cracking passwords is remote keystroke
logging — the use of software or hardware to record keystrokes as they’re
being typed into the computer.
Be careful with keystroke logging. Even with good intentions, monitoring
employees can raise some legal issues. Discuss what you’ll be doing with
your legal counsel, and get approval from upper management.
Logging tools
With keystroke-logging tools, you can later assess the log files of your application
to see what passwords people are using:
_ Keystroke-logging applications can be installed on the monitored computer.
I recommend that you check out eBlaster and Spector Pro by
SpectorSoft (www.spectorsoft.com). Another popular tool that you
can use is Invisible KeyLogger Stealth, at www.amecisco.com/iks.htm,
as well as the hardware-based KeyGhost (www.keyghost.com). Dozens
of other such tools are available on the Internet.
_ Hardware-based tools fit between the keyboard and the computer or
replace the keyboard altogether.
See ip progession below….
netstat -an
Awareness and Training
Greenidea, Inc. Visible Statement (www.greenidea.com)
Interpact, Inc. Awareness Resources (www.interpactinc.com)
SANS Security Awareness Program (store.sans.org)
Security Awareness, Inc. Awareness Resources (www.securityawareness.com)
Dictionary Files and Word Lists
ftp://ftp.cerias.purdue.edu/pub/dict
ftp://ftp.ox.ac.uk/pub/wordlists
packetstormsecurity.nl/Crackers/wordlists
www.outpost9.com/files/WordLists.html
Default vendor passwords www.cirt.net/cgi-bin/passwd.pl
General Research Tools
CERT/CC Vulnerability Notes Database www.kb.cert.org/vuls
ChoicePoint www.choicepoint.com
Common Vulnerabilities and Exposures cve.mitre.org/cve
Google www.google.com
Hoover’s business information www.hoovers.com
NIST ICAT Metabase icat.nist.gov/icat.cfm
Sam Spade www.samspade.org
U.S. Securities and Exchange Commission www.sec.gov/edgar.shtml
Switchboard.com www.switchboard.com
U.S. Patent and Trademark Office www.uspto.gov
US Search.com www.ussearch.com
Yahoo! Finance site finance.yahoo.com
Hacker Stuff
2600 — The Hacker Quarterly magazine www.2600.com
Computer Underground Digest www.soci.niu.edu/~cudigest
Hackers: Heroes of the Computer Revolution book by Steven Levy
Hacker t-shirts, equipment, and other trinkets www.thinkgeek.com
Honeypots: Tracking Hackers www.tracking-hackers.com
The Online Hacker Jargon File www.jargon.8hz.com
PHRACK www.phrack.org
330 Part VIII: Appendixes
Linux
Bastille Linux hardening utility www.bastille-linux.org
Debian Linux Security Alerts www.debian.org/security
Linux Administrator’s Security Guide www.seifried.org/lasg
Linux Kernel Updates www.linuxhq.com
Linux Security Auditing Tool (LSAT) usat.sourceforge.net
Red Hat Linux Security Alerts www.redhat.com/support/alerts
Slackware Linux Security Advisories www.slackware.com/security
Suse Linux Security Alerts www.suse.com/us/business/security.html
Tiger ftp.debian.org/debian/pool/main/t/tiger
VLAD the Scanner razor.bindview.com/tools/vlad
Log Analysis
LogAnalysis.org system logging resources www.loganalysis.org
Malware
chkrootkit www.chkrootkit.org
EICAR testing string www.eicar.org/anti_virus_test_file.htm
McAfee AVERT Stinger vil.nai.com/vil/stinger
PestPatrol’s database of pests research.pestpatrol.com/PestInfo/
pestdatabase.asp
Rkdet vancouver-webpages.com/rkdet
The File Extension Source filext.com
Wotsit’s Format at www.wotsit.org
Appendix A: Tools and Resources 331
Messaging
GFI e-mail security test www.gfi.com/emailsecuritytest
smtpscan www.greyhats.org/outils/smtpscan
How to disable SMTP relay on various e-mail servers www.mailabuse.org/
tsi/ar-fix.html
mailsnarf www.monkey.org/~dugsong/dsniff or ww.datanerds.net/
~mike/dsniff.html for the Windows version
Rogue Aware by Akonix www.akonix.com
NetWare
chknull www.phreak.org/archives/exploits/novell
Craig Johnson’s BorderManager resources nscsysop.hypermart.net
NCPQuery razor.bindview.com/tools/index.shtml
Novell Product Updates support.novell.com/filefinder
Remote packetstormsecurity.nl/Netware/penetration
Rcon program at packetstormsecurity.nl/Netware/penetration/
rcon.zip
Userdump www.roy.spang.org/freeware/userdump.html
Networks
dsniff www.monkey.org/~dugsong/dsniff
Ethereal network analyzer www.ethereal.com
ettercap ettercap.sourceforge.net
Firewalk www.packetfactory.net/firewalk
Firewall Informer www.blade-software.com
332 Part VIII: Appendixes
Foundstone FoundScan www.foundstone.com
GFI LANguard Network Scanner www.gfi.com
MAC address vendor lookup coffer.com/mac_find
Nessus vulnerability assessment tool www.nessus.org
Netcat www.atstake.com/research/tools/network_utilities
NetScanTools Pro all-in-one network testing tool www.netscantools.com
Nmap port scanner www.insecure.org/nmap
Port number listing www.iana.org/assignments/port-numbers
Qualys QualysGuard vulnerability assessment tool www.qualys.com
SuperScan port scanner www.foundstone.com
WildPackets EtherPeek www.wildpackets.com
Password Cracking
LC4 www.atstake.com/research/lc
John the Ripper www.openwall.com/john
pwdump2 razor.bindview.com/tools/desc/pwdump2_readme.html
NetBIOS Auditing Tool www.securityfocus.com/tools/543
Crack ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack
Brutus www.hoobie.net/brutus
Pandora www.nmrc.org/project/Pandora
NTFSDOS Professional www.winternals.com
NTAccess www.mirider.com/ntaccess.html
TSCRACK softlabs.spacebitch.com/tscrack/index.html
TSGrinder www.hammerofgod.com/download/tsgrinder-2.03.zip
Appendix A: Tools and Resources 333
War Dialing
Palm ToneLoc Viewer chroot.ath.cx/fade/projects/palm/pTLV.html
PhoneSweep www.sandstorm.net/products/phonesweep
THC-Scan www.thc.org/releases.php
ToneLoc www.securityfocus.com/data/tools/auditing/pstn/tl110.zip
ToneLoc Utilities Phun-Pak www.hackcanada.com/ice3/phreak
Web Applications
2600’s Hacked Pages www.2600.com/hacked_pages
Archive of Hacked Websites www.onething.com/archive
BlackWidow www.softbytelabs.com/BlackWidow
Flawfinder www.dwheeler.com/flawfinder
ITS4 www.cigital.com/its4
Netcraft www.netcraft.com
Nikto www.cirt.net/code/nikto.shtml
RATS www.securesoftware.com/auditing_tools_download.htm
Sanctum AppScan www.sanctuminc.com
Shadow Database Scanner www.safety-lab.com/en/products/6.htm
SPI Dynamics WebInspect www.spidynamics.com
Windows
Amap www.thc.org/releases.php
DumpSec www.somarsoft.com
Legion packetstormsecurity.nl/groups/rhino9/legionv21.zip
Microsoft Office Patches office.microsoft.com/officeupdate
334 Part VIII: Appendixes
Microsoft Security Resources www.microsoft.com/technet/security/
Default.asp
Network Users www.optimumx.com/download/netusers.zip
Rpcdump razor.bindview.com/tools/files/rpctools-1.0.zip
SMAC MAC address changer www.klcconsulting.net/smac
Vision www.foundstone.com
Windows Update Utility for Patching windowsupdate.microsoft.com
Winfo www.ntsecurity.nu/toolbox/winfo
Wireless Networks
AirJack 802.11ninja.net/airjack
AirMagnet www.airmagnet.com
AirSnort airsnort.schmoo.com
Cantenna war-driving kit mywebpages.comcast.net/hughpep
Fluke WaveRunner www.flukenetworks.com
Kismet www.kismetwireless.net
Lucent Orinoco Registry Encryption/Decryption program www.cqure.net/
tools.jsp?id=3
Making a wireless antenna from a Pringles can www.oreillynet.com/cs/
weblog/view/wlg/448
NetStumbler www.netstumbler.com
Pong wireless firmware vulnerability testing program www.mobileaccess.de/
wlan/dl.php/pong_v1.1.zip
Security of the WEP Algorithm www.isaac.cs.berkeley.edu/isaac/
wep-faq.html
The Unofficial 802.11 Security Web Page www.drizzle.com/~aboba/IEEE
Wellenreiter www.wellenreiter.net
WiGLE database of wireless networks at www.wigle.net
WildPackets AiroPeek www.wildpackets.com
Appendix A: Tools and Resources 335
336 Part VIII: Appendixes
Download