Passwords & Attacks
In this article, I will explain what passwords are, what they consist of, and what makes them secure. I will also discuss various methods for attacking passwords.
Last updated
Was this helpful?
In this article, I will explain what passwords are, what they consist of, and what makes them secure. I will also discuss various methods for attacking passwords.
Last updated
Was this helpful?
A password is the first line of defense against unauthorized access, a secret word or phrase used to gain access to a system. It's a combination of numbers, letters, and symbols only known by the user
There are many ways to make a password secure, using a long and complex password by mixing numbers symbols and words is one way of doing it.
Multi-Factor Authentication
Another way to secure an account is by using multifactor authentication (MFA). MFA can include methods such as one-time passwords (OTPs) or security questions that must be answered after entering your password, adding another layer of security.
Having a strong and complex password is a must, but it will be for nothing if this password is stored as plain text, that's when hashes come into play by encrypting the passwords to make them unreadable by normal means.
For example:
this's how you type your password: iLOVEyou1
But this's how the password is getting stored as a hash: 20efeda48beb4736205ed025a632b491
But of course not all passwords are encrypted with the same format, that's why we're going to talk about different types of hashes
But if my password is stored as a hash, how can the system know if it's correct when I try to log in again? It’s really simple. Since the system already hashed the password once and stored it, this stored hash becomes a reference. So when you try to log in and enter your password again, the system rehashes your password and compares it to the original reference.
Hashes are a one-way encryption that is used to encrypt passwords or messages to make them unreadable to a normal person
Hash values are fixed in length and computed in a way that makes it impossible for the original text or its length to be recovered.
The primary application of hash functions in cryptography is message integrity. The hash value provides a digital fingerprint of a message's contents, ensuring that the message has not been changed or altered by a malicious person, malware, or other means. Hash algorithms are effective because of the extremely low probability that two different plaintext messages yield the same hash value. When this does occur, it is called a collision.
Hash collisions are where two different files or text are submitted and the same hash is generated for both of them. Since hashes produce a fixed-length output, the number of possible inputs to a hash algorithm could be larger than the number of outputs.
This is significant because the purpose of hashing a file or text is to create a unique numeric representation of that data. A hash collision undermines this uniqueness, which can compromise the integrity of systems relying on hash functions for security.
the answer is relatively easy since the problem occurs from using old hashing functions that have a low and limited number of outputs, we have to use new functions that provide larger output values like (SHA-256, and SHA-512).
These are designed to minimize the risk of collisions. These algorithms produce longer hash values, which reduces the chances of two different inputs generating the same hash.
LANMAN is a legacy password hashing mechanism used for early Windows NT systems. We still see this legacy password hashing mechanism in use on relatively modern Windows domain environments
The LANMAN hash is very weak and easily cracked even if the password is complex since the way it encrypts the passwords is very basic
When storing a password For example iLOVEyou1 in LANMAN the case sensitivity is not preserved, so the password is converted to all upper-case ILOVEYOU1. Next, the password is padded to 14 bytes, adding null bytes, which is the computer's way of assigning empty values with (0x00) to the remaining spaces. ILOVEYOU1\0x00\0x00\0x00\0x00\0x00.
Next, the password is split into two 7-byte part ILOVEYO and U1\0x00\0x00\0x00\0x00\0x00 Each part of those is converted into a key that is used to encrypt the string KGS!@#$%.
The output of those keys is then combined to make out the LANMAN (LM) hash
The use of LANMAN hashes in an organization is always going to be a major advantage for an attacker. Since passwords are not longer than 7 bytes (remember that the password is stored in two 7-byte chunks), and there is no case preservation (passwords are converted to uppercase), an attacker can brute-force the two parts of the LANMAN password hash to recover the plaintext password very quickly.
Another algorithm used to hash passwords is the NT Hash. A common misnomer is that NT hashes are really named NTLM hashes. They are not. NTLM is a network authentication protocol that uses NT hashes as its password hash algorithm.
NT hash is the currently used algorithm for storing passwords on Windows systems.
To create an NT hash, a password is converted to Unicode, then hashed using the MD4 function to create a 16-byte hash (The MD4 is a hash based algorithm It takes a message as its input and produces a 128-bit hash),
which is stored in the SAM (Security Account Manager) When the password is stored, it stores both NT hash and LANMAN hash. Unlike LANMAN, case sensitivity is preserved in NT hashes. If the password is greater than 14 characters, no LANMAN hash is stored (that's 15 or more characters), and only an NT hash is used for local authentication.
Although the NT hashes are significantly stronger, they still have some problems, most notably not using salts, increasing the likelihood that a password can be quickly recovered.
No salts are used for both LANMAN and NT hashes, speeding up the attack process. Without salts, users with the same passwords have the same hashed value. Thus, you can even precompute a dictionary of hashed passwords and compare them against each other.
Plain text Password
iLOVEyou1
NT hash
E4946703E766F05F9FA62DAA4C25DE77
Since NTLM uses MD4 therefore MD5 is an upgrade from the previous version, MD stands for Message Digest algorithm and is a widely used hashing algorithm using a 128-bit hash value.
Upgrade, But even though MD5 is an upgrade, doesn't mean that it's better. MD5 is considered highly insecure due to its shorter hash length and not using salts, which, increases the risk of an attacker successfully compromising the data.
There are many types of SHA: SHA1, SHA2, and SHA3, each of which incorporates increasingly stronger encryption and is still being updated in response to attacks
SHA1 is the earliest and weakest version of the SHA family and since attackers have developed attacks for this algorithm it's considered obsolete
SHA2
family on the other hand consisted of SHA2-224, SHA2-256, SHA2-384, SHA2-512.
The most famous form is SHA-256. It was a significant improvement from the previous algorithms since it used a longer hash length of 64 digits and the use of salt and more complex calculations
As of now, SHA2-256 is still considered secure, with no practical vulnerabilities known. However, The community wanted to have an alternative to SHA-2 in case future attacks were discovered, leading to the development of SHA-3
Designed as a backup in case of a breakthrough against SHA-2, it offers an additional layer of security with a completely different structure. It's resistant to certain theoretical attacks that could potentially threaten SHA-2. and since it provides more security than SHA-2 it can be considered an upgrade even though SHA-2 is still secure
When storing passwords there's a high probability that 2 users choose the same password, for example
User 1 password is Hunter1: 06775578EF6649D06A8048AC983BB827
User 2 password is also Hunter1: 06775578EF6649D06A8048AC983BB827
Notice how the two users chose the same password, so they have the same hash. This poses a huge security risk since an attacker can precompute a table of known hashes and compare the hash that they found, in this example Hunter1 hash, to the hashes in the table. So how can we prevent this? For passwords, we can use SALTS
Instead of calculating the hash using the password alone, we use salts, which is a small randomly generated text string that is added to the plain text password to add randomness to the hash calculated. The salt itself is not a secret (though the user's password still is), and the user doesn't need to remember it (or even know it is used).
Consider this example
Alice and Bob have the same password Spring2024 they'll get the same hash as shown in the example above but when we add salt the password is going to change like this
Alice password mC8FztMNSSpring2024: B4661C9BDFDE85F45C335F4DF7EA065D
Bob password 1SVtqMMeSpring2024: 111A318BC14EDF49D3E9C55E411DC4E9
Notice how even though the two users chose the same passwords, they ended up with 2 different hashes
Hashing rounds refer to the process of applying a hash function multiple times to a password or data before storing the final hash. Instead of hashing the password just once, why not do it 5,000 times or 10,000? Each round takes the output of the previous hash as its input for the next one, and the final hash is stored at the end.
Calculating the same hash function 5,000 times might take only a small fraction of a second, causing a negligible delay for a valid user logging into the system. However, for an attacker, this significantly slows down the password-guessing process, making brute-force attacks much less effective.
In order to crack passwords, you first need to get your hands on a list of password hashes. Most of the time, this list is acquired by searching the internet or buying password dumps. Password dumps happen after an online service gets breached, and user data is stolen. Afterward, the hacker can sell the information online or even just give it away for free.
The technique is simple. Even though hashing functions can't be reversed, they can always produce the same output, given the same input. Thus, the computer stores only the hashed passwords (rather than the original passwords) on disk. Password cracking is the process of trying to guess plain text passwords when only the hashed password is known. Instead of breaking the encryption, the attacker encrypts many potential passwords using the same hashing method and compares these new hashes to the original one to find a match.
Obtain a list of hashed passwords
Determine the encryption algorithm used
Create a list of possible passwords
Encrypt each password in the list
Determine whether there is a match with the collected hashes
Brute Force Attack
The most powerful cracking method is the brute force method. It will always recover the password no matter how complex it is—it's just a matter of time. Very complex passwords that contain a combination of symbols numbers and lower and upper characters might take so much time that trying to crack them is not
it simply try using different combinations of characters until the correct combination is found. This is kind of like a thief trying to break into a combo safe by attempting every possible combination of numbers until the safe opens.
Dictionary Attack
A dictionary attack involves testing all the words in a dictionary or word file against the password hashes. When a dictionary attack program finds the correct password, it displays the result. There are many websites that have downloadable dictionaries that you can use. These attacks are quite effective because people tend to choose dictionary words for passwords
Hybrid Attack
The hybrid attack builds on the dictionary method by adding numerals and symbols to dictionary words. Many users choose passwords such as he11o!!(instead of hello!! in which the ells are replaced by ones) just to satisfy policies and filters. These passwords are just dictionary words slightly modified with additional numerals and symbols. The hybrid attack rapidly generates these passwords and computes their hashes. As a result, this type of password is still easily trackable, even though it will pass through many password filters and policies. Precomputation Attack
Precomputation Attack
Also known as a Rainbow Table Attack, this method involves using a large database of precomputed hashes of common passwords. The attacker compares these pre-hashed values to the user's stored hash, attempting to find a match. If a match is found, the attacker can identify the original password without guessing it directly.
But let's say I only have a list of usernames, not passwords. Instead of trying a large number of passwords on a few accounts, attackers might choose a small number of common passwords and then "spray" these guesses across many usernames and systems, hoping that one of them works.
Notice how I'm trying the same password on multiple users until one of them works
John the Ripper is a popular password-cracking tool that can be used to perform brute-force attacks using different encryption technologies and helpful word lists.
Before starting on how to use, John let first know how it works and what it can do
if we use John with --list=formats we can see the supported hashes that John can crack
There are many more hashes than shown on the screen
Of these, the relevant password hashes to us are:
md5crypt
SHA1
sha256crypt
sha512crypt
Argument: -single
Features: Uses variations of account name, /etc/passwd account information, and more
Wordlist Mode
Argument: -wordlist filename
Features: Uses a dictionary wordlist file
Incremental Mode
Argument: -incremental
Features: Uses brute force guessing
Default Mode
Argument:
Features: John applies Single mode, then Wordlist, then Incremental
Using John is fairly simple you just need to give me the text file containing the hashes and you have the option to either let John use its own wordlist or supply it with your own, you also have the option to specify the hash type or let it figure it on it's own
in this example we have 2 text files one contains the hashes and one contains a large number of passwords in plain text
As you can see, John managed to crack the hashes and find the password of each user
let's break down this command
--format=raw-md5: this specifies the hash type to md5
--wordlist: tells John the location of the wordlist used to crack the hashes
/home/kali/Desktop/hashes: this is the location of the file containing the hashes
The same process is done for all different types of hashes like SHA256 or NTLM
Hashcat has largely taken the place of John the Ripper in password cracking. Hashcat offers much more flexibility with masking and offers better support for GPU based cracking. That said, we don't need to throw away John the Ripper, as it still has a place. JtR is much easier to use, and the syntax is much simpler. For example, with JtR, we can simply provide a hash file and let JtR autodetect the hashes. Also, if JtR detects multiple hashes or hash matches, it will show you other format options. Hashcat has an autodetect feature, but at the time of this writing it is not as friendly as JtR
Hashcat allows masking, allows you to easily append or prepend letters, numbers, or other characters
Hashcat has predefined character sets for use in mask attacks.
Lowercase: ?l
Uppercase: ?u
Numbers: ?d
Special: ?s
All: ?a
Let’s say the original password is 1234, and we prepend abc using the mask abc?d?d?d?d.
Before Mask: 1234
After Mask: abc1234
If the original password is 789, and we prepend Admin and append ! using the mask Admin?d?d?d!.
Before Mask: 789
After Mask: Admin789!
To append 4 digits at the end of each guess, we would use: -a 6 ?d?d?d?d
To prepend 4 digits at the before of each guess, we would use: -a 7 ?d?d?d?d
To append 2 digits and a special character to the end of each guess (a common format) use: -a 6 ?d?d?s
Cracking with Hashcat
let's break down this command
--username: since the file containing the hashes also contains the username for each user we need to use this argument
--m 0: this tells hashcat of the type of hash we're cracking, in this case MD5
-a 0: this specifies the attack type, which in this case is the dictionary attack
/home/kali/Desktop/hashes: this is the location of the file containing the hashes
/home/kali/Desktop/wordlist: this is the location of the dictionary file containing the passwords
As you can see here hashcat managed to crack the 4 passwords
Let's now take a look at the rules available in Hashcat
if you remember, we just talked about masks and how we can change the passwords in the dictionary a little by adding numbers or symbols
if we go to this path /usr/share/hashcat/rules/ we can find a bunch of pre-configured rules used by hashcat
In this rule file, you see that each word is attempted as is ( : ), reversed ( r ), and all uppercase ( u ), and the case of the first character is toggled ( T0 ). Additionally, each word ( $ ) is taken and a single digit is applied to the end of it ( $0 up to $9 ). We then have each word with a digit repeated twice ( $0 $0 )
The rules in this file go on and on and are often quite clever. Let's apply them to our cracking attempt with the -r option specifying this rules file:
if we add the -r and specify the path for the rule we can use the rules file
As we can see here, we managed to get yet another password that was present in the previous try. In this attack hashcat found the password iLOVEyou and using the rules added 123 at the end which resulted in finding the correct password iLOVEyou123
When launching Hashcat, the user must use the argument of -m followed by a digit associated with the specific hash type. Common hash types include 500 for salted MD5 (md5crypt) used in many Linux implementations, 3000 for Windows LANMAN, and 1800 for salted SHA512 (sha512crypt) used in some Linuxes. You can visit this site to find all the hash codes
