Anti-Hacker Tool Kit
Chapter 9 Password CrackingPassword Cracking
Brute-Force ToolsBrute-Force Tools
Vicky
Introduction
“Password” is the key
About the password
One-way hash
Plain Text WZYxAM$5IGD3yl
Solaris DES from /etc/passwd Mandrake DES from /etc/shadow FreeBSD MD5 from /etc/shadow OpenBSD Blowfish from /etc/master.pass
wd Windows 2000 from \WINNT\repair\SAM
Where is the password ?Shadow Password
Encrypted Password
Start to Cracking
John the Ripper Pwdump2 Pwdump3 L0phtCrack
SMBGrind Nbaudit
John the Ripper
• Get the file
• Uncompress
• make
1. Task Monitor
2. Find out PID
3. Get the hashs
Pwdump
Grab a text version of the SAM
Usage
Pwdump3
Pwdump2+remote access
Usage
L0phtCrack
Pwdump + Brute-Force Cracking
Removing the LanMan Hash
Why…
LanMan 69^7MD4 96^8
How to…
LaMan
LaMan LaMan
MD4
Lasdump
Dump the password from memory No cracking
Nbaudit
SMBGrind+ Scan address range Specify put file
Usage
Windows may be more security
Run secpol.msc
Summary: Strong password
好膽!賣走long
numbers
A-Z
a-z
!@#$%^&