[Music] all right next up passwords now password topic is a huge one but a beautiful one so let's see how would you go about breaking a password what would you do now the first one that might come into mind is an online brute force it's called online because we're interacting directly with the authentication server and it's brute force because we're basically attempting to send every possible password combination hoping that we're going to hit the right one now this is not gonna work first of all it might take you longer than the rest of your life and secondly it's extremely noisy everybody can take this attempt alright so you're gonna think let's make this more efficient why not just hack the server and just steal all the passwords in there well that's also not going to work because in most cases if not in all situations passwords are not stored in clear text in any linux windows environment or in any web application or they should not be stored in clear text and that's because passwords are not stored in clear text but as hashes now a hash is the result of a mathematical operation that takes any kind of input and produces a fixed length output preferably unique for each type of input that was provided so think of the hash as some sort of a fingerprint of that input data and very importantly this is one way we can only hash the original data into their resulting fingerprint we can never obtain the original data back from that fingerprint so generally the process of obtaining these hashes from an authentication server and attempting them to to crack them on your own time on your own machine this is considered to be an offline attack you just grab what you need and then go home and do your homework that's offline attack trying to crack those hashes and figure out which passwords were originally used to generate them and of course we do need to mention this this comic here as well because well social engineering is going to beat any cyber security attempt any penetration attempt every single time no matter how technologically advanced it is the human link is the weakest link so so when trying to breach a system when trying to breach security you're gonna have the most chances with a social engineering attempt but that's not exactly our focus this very moment so coming back here to our first method the first one was brute force which is basically just a way of trying attempting as many password combinations as we can now this is going to be really difficult to to perform on a live system so as an online kind of attack this is probably not going to work well simply because it's going to take you a very very long time and of course you could do this manually if you want you could try you know attempting password one password one two password one two three and then keep going until you realize that this is not the best approach so we're gonna have some automated tools that can do this for us some example here would be for example medusa we can use medusa to brute force into specific services we can load specific modules right here with the dash m parameter for ftp ssh http whatever type of service we want to crack and then specify the list of target ip addresses target usernames and target passwords to test so we can either use predefined lists of usernames and passwords or we can use medusa to perform brute force attempts using full char sets for example all the alphabet letters or the numbers for the punctuation characters and so on for passwords at least another one is hydra which can also be used to brute force into a number of services you can also provide the list of login usernames potential passwords and you can also see here the supported services and i'm sure you're going to recognize at least a few here for example http get or post ssh snmp smtp windows smb mysql and so on and so forth it's just a simple example here at the bottom how easy it is to use hydra with a predefined user list and a potential password list here try to crack into this ftp server and another one is john the ripper also called just john that's it brute force utility for password cracking and finally a very powerful tool is hashcat also for password cracking if we want to know more about hashtags we're going to have to open the manual page and among all the parameters here we're going to find some interesting stuff like the char sets or the character sets that it can use for pure brute force or the attack mode now straight is going to use a simple list of potential passwords that you can provide combination is going to mix and match brute force with that specific list that dictionary list for your brute force and you're also going to see the types of hash supported and this list is absolutely huge you can see it starts with md5 sha1 you can probably recognize a couple of here uh ntlm for uh for windows hashes shot 256 sha 512 and so on so for cisco pix asa wpa wpa2 for wi-fi even android pins so it does support quite a wide array of hashes that you can choose from and generally as you can see from most of the options in these utilities they support two approaches one of them is by using char sets that's character sets you're simply iterating through the entire alphabet and then all the combinations between alphabet letters and numbers and punctuation signs and spaces and so on now the other approach is by using a word list also called a dictionary that's because most passwords at least those that are generated by humans will be built by using some sort of a dictionary word if it's uh i don't know maybe it's a birthplace a person's name a pet's name it might be some superheroes name it might be something that can be found as a as a legitimate word in a dictionary now normally we're gonna have a hybrid approach where we try to crack passwords by combining these dictionary entries with charset combinations so that we can also find passwords like superman 123 or new york 86 now examples like that but the more complex the approach the more time is going to take you to break that password simply because you're going to have so many combinations to try and if you're doing this as an online attack as in you're interacting directly with the authentication service it's probably not going to work also because you're going to have a huge delay in each authentication attempt so think about it for example if you log into gmail or into facebook and you and you input your password wrong how quickly do you receive the response that your password is wrong it's pretty fast but it's not instantaneous it's still going to take you like one second well one second is huge when you need to try one trillion password variants or password combinations so it's simply not feasible now the second reason why this is not going to work is because as i said before this approach is very noisy it can easily be detected by any kind of application any type of authentication server anything can detect in high number of login of failed login attempts from the same user from the same ip address in a short time span this is a big indicator of a brute force attempt if it's not detected by the application it's gonna be detected by the firewall or by some ips device it's most likely not gonna be feasible in real life anyway and if you get detected doing this there are kind of two approaches that most applications take one of them is by implementing a back off uh try to mistype your phone spin a couple of times in a row right just type something something random in there now you're gonna see that after a couple of attempts the phone is going to tell you back off for a couple of seconds you can try again in 10 seconds if you fail again you're gonna have to try again in 30 seconds if you fail again you'll have to wait five minutes or more this is exactly designed to thwart these brute force attempts now in a more public environment for example a public login page on a website this might also translate into a permanent or temporary ban on your account if you failed your login too many times in a row you might get your account blocked so you might need some admin to intervene and you know unlock your account before you can try again again this is not going to work for a brute force attempt so we talked about hashes a number of times already let's just make sure that everybody here is on the same page now a hash is just a mathematical operation that transforms any set of data as an input to a fixed length unique output string let me show you how this works now hashing algorithms are public and well known which kind of means that you don't really have to implement anything you just have to use them as they are they are standardized and you can access them online you can find command line utilities small utilities on windows or linux that can calculate these hashes for you i can just start online and search for hash calculator that's it all right doesn't matter which one you choose here uh let me just find a random one here like i don't know onlinemd5.com you can pick whichever you you want if we scroll down here that's a hash generator for text all right we have md5 selected as the hashing algorithm which stands for message digest 5 by the way and you can see here here that we can provide any kind of input as text so if i just type i don't know one that's it that's going to be the resulting hash of number one pretty weird right i mean how did you get this from one now if i type two that's going to be a completely different type of hash now if i type for example uh password in here that's gonna be a different type of hash if i type password one the hash changes entirely if i change password one to password two again the hash is going to change entirely and it doesn't even matter what kind of input i have in here i mean i can just i don't know go ahead and copy the first paragraphs of uh you know the tesla article from from wikipedia and just paste it in here my hash is still going to be calculated and it's always going to be the exact same length and it also should be unique that is changing one single character in this text should provide me with a completely different hash value now another website that you can use to compare different types of hashes is this one right here so uh let's add a password one two three all right as a hash string let's calculate this and at the bottom of the page you're going to see pretty much all the hashing algorithms that we are using nowadays some of them have been deprecated of course because they're old and considered not so secure anymore but you can find md5 in here which is 16 bytes in length which is a 128 bits right that's the that's the md5 hash value in here a sha one which is 160 bits a bit larger sha 256 which is i'm gonna let you guess how many bits that is sha 3 84 512 and so on and so forth you can see that there are a bunch of hashing algorithms available uh available nowadays that's a very quick way of generating uh a valid hash from an uh from a text input or from a file you can see you can also upload uh files in here as well it doesn't matter what kind of input you provide you can just provide a string input you can upload a four gigabyte iso file it's still going to return a hash output of the same fixed length i mean you can even do it on the command line if you want so for example uh let's say if i want to echo iron man so that's the let's say that's the password that i'm going to use and then pipe this to something like md five sum right you can see it right here we have md5 sum uh the same we're going to have access to utilities that calculate sha so have sha 1 sharp 512 256 and so on right so if you just pipe this to md5 some that's going to be the md5 hash that you get from iron man now one gotcha here one cave yet if you are generating hashes like this keep in mind that the echo command also adds a new line at the very end so whenever you just echo iron man on the screen you're gonna see that the the output jumps to the next line and you get the the linux prompt again well that's because the it's not exactly just iron man it's iron man plus the new line character at the end and that character also gets hashed so if you want to skip that that character and just hash the actual letters that you're seeing on the screen add a dash n to the echo command now if you output this you're gonna see that the and the hash actually changes right so there are different values here because between this iron meta and this one here there's one extra character which is the new line character so careful with this in the command line if you want to prepare your scripts for example for your calculating hashes if you check the manual page for echo you're going to see that the first option here is do not output the trading new line so that's exactly what we did right here also one thing that's mandatory for a good hashing algorithm is that it's supposed to be irreversible so there should be no way of determining the original text or the original content from the hash value which is also why we use them to store passwords so we never store passwords in clear text we hash the password we store the hash and whenever the user comes in and wants to authenticate we recalculate the hash of whatever password they're providing and then we compare it with the one that we've stored so we're just comparing hashes we're never comparing passwords and this is also great because nobody can have access to a user's password not even the admin or the root user because they are simply not visible they're not there the password is never stored in clear text or shouldn't be stored in clear text regardless if we're talking about operating systems or web applications or any type of application you're never supposed to store a user's password in clear text so basically this brings us to the problem of what does cracking a password actually mean since we cannot find the actual password on stored on that server then cracking a password basically means finding the original string that generated the hash that is stored on that server now we also have to address the problem of hashing collisions and think about it this way so an md5 hash has 128 bits how many possible combinations can you have with 128 bits spoiler alert a lot but think about it from the other side on the input side if you're providing any kind of input that produces a 128 bit output let's say you're providing a one gigabyte file as an input one terabyte file as an input how many bit combinations are possible with a one terabyte file well again a lot but much much more than the possible combinations in the hash so which brings us to the problem of how likely it is that we could find two different inputs that can produce the same hash output and the answer is sometimes quite likely simply because we have so much potential input that has to fall into a unique 128 bits of value there's always going to be for each hatching algorithm at least two kinds of input at some point that will produce the same hash output and that's what we call a hash collision two different inputs producing the same hash output now why is this relevant well think about the fact that we're using these hashes to store passwords well what if we can find alternative inputs that produces the same hash output can that input be used as a valid password yes the answer is yes because the system doesn't look at the password only look at the resulting hash so if the hashes match it's okay from the system's perspective you are providing a valid password and actually this is something that has been uh studied before in statistics as it's called a birthday paradox the problem kind of says like this how many people do you need to have in a single room in order to have a 50 chance of any two of them sharing the same birthday how many do you think and you know many people would think about well 365 days in a year maybe i don't know 50 chance maybe half of that maybe 180 or something like that well no the answer is just 23. the trick here is that we don't need two of them to have a specific same birthday but we need them to have any birthday as long as they both share it if you increase this actually if you go up to 30 people the chances grow tremendously up to 70 percent if you go up to 70 people it's almost 100 confidence and that's exactly what happens with hash collisions as well basically the more hashes you can try the better chances you have to find such a hash collision and actually the the bad news here is that you don't even have to try that much right because your chances grow quite fast and that's exactly the reason why many of the hashing algorithms that you've seen on the previous webpage have now been deprecated because they have been proven to be very vulnerable to birthday attacks like this or collision attacks which make them completely unsafe for storing sensitive information or for hashing sensitive information like passwords so for example if we were to rely on finding cash collisions you know i might maybe my password which is password123 is going to generate this md5 hash right here i'm going to store this hash but who's to say that if i use the i really like cheeseburgers with barbecue sauce password is not going to generate the exact same hash value or even better i don't know maybe the first episode of the mandalorian is going to generate the same hash output as my password123 input right they are all potentially valid passwords now if you're able to upload the mandalorian within a password field that's going to be some tremendously awful input validation on that website so probably that's not going to be one option but you get the idea here and you get the potential repercussions of hash collisions and since we're talking about files the problem with hash collisions is not necessarily restricted to storing passwords because in many situations cyber security tools like antivirus anti-malware advanced you know intelligence software that looks at file behavior on your machine and scans those files is going to rely on file hashes so many enterprise solutions actually don't scan your files at all they just hash those files and then use an online reputation service to search that hash value and see whether it matches a uh a malicious file or if it's has been scanned before and has been validated that it's okay it's it's not malicious now having hash collisions in a security environment like this could potentially allow an attacker to upload and execute their own malicious code by crafting a malicious file that matches through a hash collision a well-known good reputation file now we've seen in a previous demo with the kane password cracking how long computing hashes in order to break passwords can actually take now fortunately or unfortunately depending on the site that you're on we do have a better solution for this and that one is called rainbow tables now rainbow table is just a file with pre-computed hashes for all possible character combinations that can be used as passwords pre-calculated and stored in a sort of a database the idea behind a rainbow table is that we are shifting the computing effort from calculating hashes to searching into a huge database and they can be actually be huge i mean we're talking about hundreds of gigabytes in size if not even terabytes that store all the possible password combinations calculated with a single hash algorithm so yeah of course you're gonna need different rainbow tables for different hashing algorithms of course somebody has to create these tables beforehand so somebody has to dedicate a huge amount of processing power into building such tables so that's you later on can just search quickly search through these through these databases now you have the options of downloading these tables if they have been previously generated by somebody else or you can just generate them on your own on your own machine now there are a few places online where you can just download these raymond tables for free this is one of those websites so for example you can download ntlm hashes sha-1 hashes md5 lan manager no probably not going to need this anymore but you can see that even for md5 which is a quite short hash just 128 bits long uh the entire data set here is 4.3 terabytes in size you can basically choose now which type of rainbow table you're going to have so for example if you're only interested in lower case alphabet letters ranging from one character to ten so this one here you can use it to crack md5 passwords that only use alphabet letters lowercase and they're at most 10 characters you can see that these are 179 gigabytes in size going further here uh mix alpha that's going to be lower and uppercase combined with digits at most nine characters that's going to be around one terabyte that's a rainbow table right there of course if you try to mix them up even more so for example if you add symbols as well as spaces uh ranging up to eight characters this time it's still gonna be one terabyte in size so they grow exponentially here the more complexity you add to the character sets that can be used inside of a password the larger the rainbow tables are going to be now these can be downloaded for free but you can also buy rainbow tables i mean if you think about how long it would take you to generate these rainbow tables uh buying them at some point might start making some sense and as you can see they're not cheap by far so as you can see rainbow tables can be quite dangerous from a cyber security perspective simply because instead of you know cracking a password and waiting days months or even years and using a huge computational power to do so you can just search a database like this and it's only going to take you like a couple of seconds or minutes at most you're going to find the exact password combination that generates that specific hash you're basically searching for a hash that's it so how do you mitigate this how do you fight against this now i would say that the first option would be to use very long passwords or pass phrases like entire sentences so that there won't be any possible rainbow table that can be generated for a password of 30 characters in length that's simply going to be computationally impossible but even so that's not going to be enough because you still risk running into hash collisions so even though your original password might have been 30 or 50 characters in length nobody can guarantee you that there isn't a 5 character password that can generate the exact same hash which might be available in some rainbow table out there so how do you stop this well the process is called password salting and this salting here actually means that instead of just taking the password and calculating an md5 hash of that password we're now taking the password and then adding something extra at the end like a simple suffix just a few bytes a few characters at the end or at the beginning doesn't matter and then we calculate the entire md5 hash of that resulting string that is the hash that we are going to store in our user database and you're gonna ask well how does this help me i'm still storing a hash i can still crack that hash right not exactly because what you're providing is just the password the salt is stored on the server which means that if you're using a rainbow table that is going to provide you with a valid password that can be used to generate the hash stored on the server well that valid password is not going to be valid because it's supposed to be concatenated with the salt with the extra suffix whenever it is sent to the md5 algorithm so let's see what happens with rainbow tables and hashing let's assume that we have a user here and their password is secret password now they try to authenticate so they're going to send this password to some hashing algorithm from the authentication server the hashing algorithm is going to combine their password with a salt in our case i'm going to assume that the salt is 1 2 3 4. so the resulting md5 hash let's say is going to be something like this and this is what's going to be stored in the database now assuming that an attacker comes in and tries to look up this hash in a rainbow table it might actually get lucky and find that they have a match for secret password one two three four because that's the exact string that was used to generate that hash now when the attacker tries to use the secret password one two three four as a login password this of course is going to end up in the same login mechanism the same hashing algorithm which is going to be combined with the salt again and of course the result is going to be different because the text that we're hashing is going to be now secret password one two three four one two three four and of course it's going to generate a different type of hash authentication is going to fail so password salting defeats rainbow tables simply because it would theoretically require you to have a rainbow table for each possible salt combination which is not feasible impossible to do now this salting behavior is present in most operating system by default for example on linux we can have a look inside the uh etsy shadow file which is going to store the password hashes for the users on our system and uh right here as you're going to see the actual hash of my password which has a couple of delimiters here the first one being the algorithm that is being used and the second one here this one is assault so the salt doesn't have to be secret can be stored on the same machine as the password it can even be stored in clear text it's not some sensitive piece of information it's simply there to make the use of rainbow tables well unusable okay so i've shown you how to download rainbow tables let me show you how to generate them on your own rt gen stands for rainbow table generator it's a small utility that's very powerful you can see how many hash algorithms are currently implemented so we have lm hashes ntlm md5 shaw hashes and so on at the bottom you can see an example here rtgen md5 specify what type of character set we're going to use lower alpha for example what's the minimum number of characters in the potential passwords what the maximum number that's going to be between 1 and 7 right here uh the rest of the values here uh these are the table index the chain length the chain number these are all parameters that specify how big the resulting tables are going to be and finally the last one is a part index just in case you know you're generating tables so big that they become unmanageable on the file system all right so we can try to generate one on our own here so rtg and md5 lower alphabet between one and three characters i know that's not much but i'm using at most three characters so that you can see this in real time and not wait for it right so let's start this probably gonna take just a couple of seconds here you can see the plain text text range that's gonna be between one and three characters and the charset data is this one right here that's just the alphabet lowercase all right we have 65 thousands of 100 generated so we're done in about 16 seconds here 17 seconds let's see what the tables were generated and by default that's going to be under user share rainbow crack and there it is that's the file that we just generated here md5 lower alpha between one and three characters 1.6 megabytes in size not too much but we did get it in just a couple of seconds now there's one thing we should still do before being able to use this table because we need to be able to search through rainbow table as fast as possible so there is also a sort operation that we can perform rtsort and we're going to perform it in the exact same location as our rainbow table all right sorted done now let's see how we can use this rainbow table to crack a simple password just a three character password first let's generate a valid md5 hash for a three character password just like that all right that's gonna be our md5 hash that we need to crack one more step here let's call our crack and provide rainbow table location and then the dash age argument which is going to include this exact same hash right what do we have here result this hash right here corresponds to the password x y z of course this was really fast here we only have a small rainbow table but you can see that we actually got it in under one second it's just three characters but it's a very good starting point if you want generate your rainbow tables make them big make them ready to crack more complex passwords but be aware of the fact that it's going to take a very very long time all right so i'm going to show you here how to crack a password using an utility called hashcat from a known hash value and i'm going to be using a word list they come embedded in most security oriented operating systems out there even in some general linux distributions one of them is this rocky txt file and my parrot security operating system that i'm running here in a virtual machine and you can see it has a bunch of commonly possibly used passwords that you can just take from this file and use in a brute force attempt now this file right here is quite big actually it's 134 megabytes in size of pure text and password combinations which is not bad okay so let's create some md5 hashes let's assume that one password here is superman we're going to pipe this through md5 some right so that's exactly the result that we're gonna get now in order to just get rid of this uh trailing spaces and the dash at the end we can also pipe this to the tr utility and make sure that we're eliminating the last part all right so we only have the md5 hash right now let's get this and redirect this into a hashes.txt file all right now let's generate some more right grab this go to a text editor paste it in here let's multiply this a bunch of times in here and add some more passwords so for example mario pizza password one password one two three uh qwerty and let's uh let's give it a more difficult one like pass w0 or all right so these are the commands that we'll be storing inside hashes txt let's uh paste these back in our terminal and execute them all right let's have a look inside hash's txt there we have them these are our hashes that we're supposed to crack right now okay now i'm going to use the manual of hashcat and to find exactly what we need here so let's go down here right so that's attack mode we're going to use 0 for straight attack that is just use the word list that i'm going to provide and also the hash type right remember we used md5 so i'm going to use the hash type of 0. let's exit this and use hash cat as follows right so we selected the md5 algorithm the attack type as direct as using a word list let's save the output in a passwords.txt file and provide the file with the hashes as well and the location of the word list like you right so let's see how this works all right give a couple of seconds here to initialize now normally this would work much better by the way if you were using a dedicated gpu like an amd or an nvidia gpu for this because it's basically the exact same of operations that we're doing when we're crypto mining we're calculating hashes okay so the status here is exhausted nobody's exhausted here but we did exhaust the entire word list which also means that we did not manage to recover all the passwords we did recover five out of seven though not bad right at least for i don't know an effort of four seconds not bad at all actually so let's have a look what this software did let's have a look inside password txt all right pseudo password txt so apparently it was able to crack superman password one two three mario password one and pizza it did not crack qwerty which was actually a typo on my behalf so this is my bed here this is supposed to be qwerty and it did not crack passwords written like this either that's simply because these are not dictionary words cannot be found inside of a dictionary but as long as it is part of a dictionary now you can see just how easy and how quick we can crack a password like there's actually multiple passwords now we weren't looking for one we we did correct five out of seven so good news right and you know what since we did not manage to crack those two passwords using a word list let's try cracking them through pure brute force right let's see how this works first let's get the hash for this weird password right here q w e r t and that one was second to last so this one right here let's copy this hash and try hash cat now in brute force pattern mode now if we look inside the manual of hashtag one more time we're gonna find that we have some built-in character sets so if you're just looking for alphabet letters this is going to be the pattern that we're going to be using for each letter let's see how this works okay so we have the same hashtag command here with the same md5 algorithm but this time the attack is going to be of type pattern this is the hash that we're trying to crack and then we need to specify the actual pattern remember that question mark l meant in alphabet letter so our password here is six characters in length so let's add six characters for the pattern in here well what do you know we just cracked it in one second here with this pattern here up to six characters and you can see here that the hash corresponds to our exact password q w e r t u typos and all right let's try doing the same thing but this time on our more advanced password right we're going to use this hash alright so let's grab the last hash last one which we did not manage to crack have a look inside the manual page for hashcat for the right pattern so there it is now you're basically gonna have to use pretty much everything in here right lowercase uppercase numbers and characters so i'm gonna use this question mark a which combines all the above right so question mark a that's going to be our pattern let's update our hashcat command paste our last hash in here and then update the pattern p a s s w o r d let's see how this goes okay so it does give us the ability to quit create a checkpoint pause resume later or check the status now let's check the status here all right so what do you have here that's the current speed at which we're checking our hashes and [Laughter] time estimated here is two years and 245 days all right so thanks for watching see you back in 2024 with the results no i'm just kidding of course but it does take quite a while so you can see the more complex the password is the longer the password is the time needed to crack it is going to grow exponentially now you're going to get better results on a graphics card but you're still going to be looking for a complex password into the range of months years if not even more alright let's see one more type of attack and this one is called horizontal brute force and this one is interesting because it approaches the problem of password breaking from a different perspective and the main idea here is that instead of choosing one user account and trying to break the password for that user account why not choose a password first like a common password password123 and then choose whether we can find a valid username that actually uses that password very useful approach when you can determine or when you know the exact naming conventions for the usernames inside of an organization for example just by looking at your email you can probably determine if if it's going to be like first name dot last name or something like that if you can figure out how is the naming convention designed within that company then you basically just by looking at linkedin or looking at the official company website you can determine how all the usernames are going to look like then well if you have 2 000 3000 employees and you know all their usernames let's see if any of them uses password123 so it's a reverse approach to password cracking we first choose a password and then find a matching username and what we just described here is called password spraying now the second type of horizontal brute force is going to be credential stuffing this one relies on the fact that perhaps at some point you've determined or you've managed to crack one password for one specific username and you know that you have a user password combination that is valid on one website on one service well what if that same combination is valid for other services as well or for other websites people reuse passwords all the time why not try that so this one is credential stuffing it's kind of a brute force where you choose one username and one password and you try multiple services just to see if that person has reused the same user and password combination on a different website now this really was a pretty huge chapter congratulations if you made it this far so for the exam make sure you understand everything we talked about password attacks starting with brute force and methods of performing brute force understand hashing that's really really important to understand what's going on how those hashes are calculated what are they good for and especially the fact that they should not be reversible also regarding hashes make sure you understand the implications of related attacks like collision attacks birthday attacks rainbow tables how are they built what are they used for and also how are they mitigated specifically know what password salting is and how it's supposed to be done so thank you for watching if you found this informative and useful make sure you like and subscribe because that's all i need to keep this channel going right that's that's all the support i need thank you so much for watching and good luck until next time [Music] you