Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely.
Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password must be kept secret from those not allowed access.” This is nothing new, but somehow passwords are still one of the weakest links in security. Whether it’s a user putting passwords on a post-it note or using broken authentication protocols, it’s just matter of time before a password attack pays off.
Weak passwords are a huge vulnerability that can be exploited by an attacker to gain access. No matter how updated you keep a system, you can’t patch a bad password. A weak password, coupled with the lack of an account lock-out mechanism, is a giant welcome mat to any hacker. Even though password attacks aren’t as sexy as ‘sploits, they’re a huge part of pentesting.
We start with password guessing:
For password guessing, Medusa stands a head above the rest. We recently chose Hydra by THC but after some tinkering we find that Medusa is a more versatile password guessing tool available from the Foofus Group. Medusa is a command line tool with support a wide range of available protocols. You might ask, “why use Medusa when Hydra is already installed?” The simple answer is that Medusa is faster and more stable. The longer answer can be found at foofus.net.
Next, post exploitation would be far from optimal if you didn’t crack some password hashes.
In today’s world, the average person has 25 separate accounts that require a password but uses only 8 unique passwords. It is abundantly obvious that most users reuse the same password over multiple accounts. If passwords from a target machine are cracked, it can be assumed that at least one of those passwords will grant us access somewhere else.
Cracking a hash can be being boring to some, but it is still something that must be done. That being said, cracking a hash can be optimized a few different ways.
First off, and often overlooked, is optimizing your dictionaries and wordlists. This process is easily done with some simple grep commands. To make sure you aren’t wasting CPU cycles, tailor your wordlists for the target. Keep your targets password rules in mind. If you know the password has to be at least eight characters long, then any attempt of less than 8 characters is a wasted cycle. Also, consider the type of hash and how it is created. For example, the algorithm used for a LANMAN hash capitalizes the password. Therefore, using lower case characters wastes CPU cycles. Another option would be to create a custom wordlist for your specific target, based on information gathered from the target’s website or social networking pages. There are tools to do this, such as Wyd, Dictionary Generator, CeWL (by Digininja) or you can do it manually with wget and grep. There are even scripts that can download a twitter users tweets and use them to craft a targeted password list. All in all, a bigger wordlist doesn’t equate to a better wordlist.
|More Information and Resources:||Wordlists:|
|Wyd – The Password Profiler|
Dictionary Generator 1.0
CeWL – Custom Word List Generator
Tweet Downloader Script
Matt Weir – Defcon 16
Next up is optimization. Like the old adage “do what you can with what you have.” We know of a few tricks to streamline cracking given your setup. First comes CUDA. According to NVIDIA, “CUDA™ is a general purpose parallel computing architecture that leverages the parallel compute engine in NVIDIA graphics processing units (GPUs) to solve many complex computational problems in a fraction of the time required on a CPU.” CUDA cracking takes advantage of the multiple cores on a GPU and “increases the recovery speed by an average of 10 to 15 times.” Backtrack 4 Pre Final comes ready to build and run CUDA enabled applications. Elecomsoft makes software that uses CUDA technology to crack passwords. Unfortunately, their tools are pay-only and come at a pretty high price. Interestingly enough, they are also trying to patent GPU password cracking. One of the only free tools we can find in the wild (also mentioned by pureh@te in the below article) is CUDA-Multiforcer by Bit Weasil at cryptohaze.com. There are rumors of the Errata Security Folk and some university research projects working on getting John going with CUDA but so far it’s just vaporware.
John the Ripper is one of the best known and most widely used hash cracking tools around. There is a reason it has earned this reputation: it’s good, really good. Although John is stellar standalone, we can tweak it in ways that speed up cracking for our particular setups. JtR, by default, doesn’t extend to faster processor instructions sets and also is designed to use only one core of a processor. There is a patched version of John that allows it to use the SSE2 processor instruction set. With SSE2, John can crack up to 400% more efficiently, depending on the hash algorithm. As for multicore or distributed cracking options, we can do a few things. One is to set John up to use Message Passing Interface (MPI). Wikipedia says that “MPI is a language-independent communications protocol used to program parallel computers.” For hash cracking, MPI allows multiple machines to work together to crack a hash. The speed increase is fairly linear. Five machines, working together, will crack a hash about five times faster. While writing this article, another option for John was brought to our attention. This option requires no extra patches. It is a simple way to distribute John using the built in -external=parallel option. This can be used to utilize multiple cores on a single machine or multiple separate machines. A quick edit is required to john.conf (john.ini for windows) to let it know how many machines or cores you are using. This needs to be done for each instance of John. All of the current discussion and research for distributing John can be found on the openwall JtR mailing list where you can interface with John creator solar designer himself.
|More Information and Resources:|
|Parallelization of JtR using MPI|
Backtrack JtR MPI Instant Cluster
Distributed GPU Hash Cracking
Secrets of Top Pentesters
JtR Mailing List Excerpts
Another option is to use rainbow tables. Rainbow tables are a form of time memory tradeoff (aka space time tradeoff). How rainbow tables work is fairly complicated, but knowing that they work is more important. By precomputing some of the cracking process, at the expense of hard drive space, you can save a significant amount of time. Each rainbow table will work for only one type of hash. Many testers carry an external hard drive containing rainbow tables for different types of hashes. Rainbow tables are also rather useless when it comes to hashes that use a salt. Ophcrack offers free rainbow tables for Lanman hashes that have a reported 99.9% success rate on a single portable dvd ISO image. Creating rainbow tables for NTLM is much harder to do. These tables exist but are limited in their character sets and lengths of passwords. The freerainbowtables.com has some tables available for free.
|More Information and Resources:|
|Wiki – Space-time Tradeoff|
Wiki – Rainbow Tables
Shmoo Group Rainbow Tables
ohpcrack Rainbow Tables
The last and sexiest option (in our opinion) is the Pass the Hash attack. With this attack, there is no need to crack the hash at all. Instead, we pass the still encrypted password directly to the service that was expecting it, in this case, lsass.exe in Windows. Pass the Hash can be executed with the Pass the Hash toolkit (made by CORE security), a patched version of Samba (deve’d by the Foofus group), or with Metasploit (windows/smb/psexec). After compromising a target and dumping the hashes, you no longer need to spend days, or weeks, cracking them. To attempt to access other systems, you simply use what you have and go with it.
As boring and repetitive as password attacks may be, it is part of the job. The faster it gets done, the more time you have left for the fun stuff. If you know of other tools or methods for optimizing hash cracking, let us know.
We know that there are applications that do GPU and paralleled password attacks for WEP/WPA/WPA2/md5 . These are for a future article =)