Post on 18-May-2015
transcript
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
DetailsPassword
Deal with Cracking
Passive ActionSimulationDiscussion
http://google.com/search?q=y3dips
PasswordWhy ?“Kata Kunci”
diansastro090382mickey
http://google.com/search?q=y3dips
PasswordPanjang Minimum 6 KarakterTidak Ber-Makna (bukan nama pacar, bukan tanggal lahir)Kombinasi Huruf, Angka dan karakter lainUsernameX PasswordPerlu Pengamanan extra
http://google.com/search?q=y3dips
PasswordPassPhrase ?
D1an545TR04m1nkExtravaganz4KaptenTSUBASA
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
Simulation !Cracking windows Password
via linuxvia windows
Cracking Linux PasswordRemote Cracking
http://google.com/search?q=y3dips
Cracking windows PasswordTools
Bkhive + sampdump2 (getting hash)Pwdump2 (getting hash)
John the ripper for cracking the hashDatabase password : SAM file , system
http://google.com/search?q=y3dips
Cracking Linux PasswordTools
Unshadow
John the ripper for cracking the hashDatabase password : passwd, shadow
http://google.com/search?q=y3dips
Remote CrackingBruteforcing via networkSlow speedBrutus, hydra, ssh crack, tftpd-bruteforce
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
Passive Action?Browser Ability?KeyloggerApplication/Engine HoleInsecure protocol/line
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
Browser AbilityWand/Remember PasswordHistoryCache abilityetc
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
KeyloggerMalicious ProgramKey stroke Passive tools
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
Bugs in ApplicationApplication/Engine Vulnerability Information disclosuree.g: phpnuke, postnuke, mambo
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
Insecure LinePlaintext protocol ( http, tcp, smtp )Plaintext DataSniff it & collect it ( ethereal, ettercap, dsniff, etc)
http:// clear text
Ahmad Muammar W. K.http://google.com/search?q=y3dips
http://google.com/search?q=y3dips
SurviveUsing a better pass phraseUsing secure line/protocolEncryption
Securing tools (firewall, antivirus)Update infoE.t.c
Ahmad Muammar W. K.http://google.com/search?q=y3dips