Password Cracking


Most of us are familiar with usernames and passwords. Passwords are the most common tool to secure information from unauthorized access. But not everyone is familiar with the security requirements for strong passwords. Because of this reason a lot of user passwords can be easily guessed.

What is a password?

Passwords have been used since ancient times as a memorized secret to confirm an identity. They were also in use since the earliest days of computing. At that time they were stored as plain text, until the introduction of password hashes in the 1970s. Cryptographic hash functions are used to verify whether the input data maps to the stored hash value. It is difficult to reconstruct the input data by only knowing the stored hash value. Nowadays, the main storage methods of passwords are:

  • Plain text - if an attacker gains access to the storage, and passwords are stored as plain text, no cracking is necessary;
  • Hashed - a hash is vulnerable to ‘Rainbow table’ attacks, which are more time-effective than cracking;
  • Hashed and salted - the only way to obtain a password is cracking, salt is randomly generated data for each password which is processed with a hash function;
  • Encrypted - the attacker is required to obtain the encryption key, otherwise decryption is close to impossible.

Another problem in password security nowadays is password complexity. Keep in mind, the easier the password is to remember - the easier it is to guess for the attacker. Passwords written on sticky notes or stored in plain text negate the security of the password, no matter how sophisticated it is. To make passwords more memorable people re-use the same passwords over and over again. Also, the most common and the worst ideas for passwords are:

  • Pet names
  • A notable date, such as a wedding anniversary
  • A family member’s birthday
  • Your child’s name
  • Another family member’s name
  • Your birthplace
  • A favorite holiday
  • Something related to your favorite sports team
  • The name of a significant other
  • The word “Password”

The password strength is measured in its effectiveness against brute-force attacks - it estimates the average number of attacker trials to guess the correct password. The strength of the password can be implemented by the incrementation of length, complexity, entropy and security design.

Wordlists

A good wordlist, also called a dictionary, is an essential part of password recovery. Password cracking tools go through all the strings in the pre-arranged wordlist as a password candidate. Using a large wordlist is not the same as using an effective wordlist. Basic reconnaissance as preparation before the cracking will help you to learn the target and find a matching wordlist. Otherwise, you can create a custom wordlist by using crunch or an online wordlists generator.

Crunch

Crunch is a wordlist generator installed on Kali Linux by default and it will generate the wordlist from a given charset or a pattern.

It has multiple generation modes:

  • To create a dictionary with certain symbols:
root@kail:~# crunch 5 5 12345 -o output.txt
Crunch will now generate the following amount of data: 18750 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 3125

crunch: 100% completed generating output

root@kail:~# head output.txt
11111
11112
11113
11114
11115
11121
11122
11123
11124
11125
  • To create a dictionary from a certain pattern:
root@kail:~# crunch 9 9 qwe RTY 123 \#\@ -t Pa@s,o^d% -o ouput.txt
Crunch will now generate the following amount of data: 540 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 54

crunch: 100% completed generating output

root@kail:~# head output.txt
PaqsRo#d1
PaqsRo#d2
PaqsRo#d3
PaqsRo@d1
PaqsRo@d2
PaqsRo@d3
PaqsTo#d1
PaqsTo#d2
PaqsTo#d3
PaqsTo@d1
  • To create a dictionary by shuffling different strings:
root@kail:~# crunch 1 1 -p Range Force Pass
Crunch will now generate the following amount of data: 90 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 6
ForcePassRange
ForceRangePass
PassForceRange
PassRangeForce
RangeForcePass
RangePassForce

Types of password attacks

Brute-force attack

The simplest and the most time-consuming type of attack. Tries all the combinations in a keyspace.

Dictionary attack

Also known as a wordlist attack, is a straightforward attack (e.g. in hashcat), which simply reads a text file (dictionary) line by line and tries every line as a possible password candidate.

Combinator attack

Basically, a recompilation of a dictionary, where each word of a dictionary is appended to each word in a dictionary.

For example, if the dictionary contains these words:

one
two
three
four

The password candidates would be:

oneone
onetwo
onethree
onefour
twoone
twotwo
twothree
twofour
threeone
threetwo
threethree
threefour
fourone
fourtwo
fourthree
fourfour

Hybrid attack

A hybrid attack is a combination of a dictionary attack and a Brute-force attack.

If you have a dictionary with the word password in it, the hybrid attack will create a dictionary with all the possible combinations:

password001
password002
password003
...
password999
001password
002password
...
999password

Most of these types of attacks are supported by hashcat.

Unix Passwords

Unix systems use a one-way encryption function for passwords, which means they cannot be decrypted. Every time you enter your password to authenticate yourself on the Unix-based system it applies the same encryption to the input and compares it with the stored value in the /etc/passwd and /etc/shadow files.

/etc/passwd is the file which stores all the user data required during login. Additionally, the GECOS field contains general user information such as name and phone number.

/etc/shadow is the file which stores the hashed user’s password and the additional properties related to the password.

/etc/passwd

rangeforce:x:0:0:rangeforce:/home/rangeforce/:/bin/bash

1. Username.
2. Password field (x indicates that the encrypted password is stored in /etc/shadow file).
3. Reserved User ID (ID 0 is reserved for the root).
4. Group ID.
5. Gecos field contains additional info such as user’s full name, email, phone number.
6. Absolute path of the home directory, where the user will be after he/she logs in.
7. Absolute path to the shell the user uses.

/etc/shadow

rangeforce:$6$3A6480HDa$3a011416c644336.e802RF433af:18075:0:99999:7:::

1. Username.
2. Password hash:
Usually stored in the format $id$salt$hash, where the id identifies the hashing algorithm:

$1$ is MD5
$2$ is bcrypt
$5$ is SHA-256
$6$ is SHA-512

3. Days since last password change in Unix time.
4. The minimum number of days required between password changes.
5. The maximum number of days the password is valid.
6. The number of days before password expiration that user is warned that his/her password must be changed.

The /etc/shadow file stores the hashes of all the users in the system. The root user and all the privileged processes can read from it directly. For the unprivileged processes, authentication is implemented by the PAM (Pluggable Authentication Modules) library, which checks if the user password is correct without exposing the password hash.

If the attacker obtains the password hashes he will be able to perform a dictionary attack by hashing all the passwords in a wordlist and comparing the result. The most common software for this kind of password attack is John the Ripper.

John the Ripper

John the Ripper or just John is a password cracking tool which supports most of the commonly used types of hashes. It only works with salted hashes and it brute-forces passwords that are shorter than 8 characters.

Usage:

john [hash file] --wordlist=[wordlist path]

John will load the hashes, analyze the type of hash and identify salts. Afterward, it will proceed with the attack. Some of them might take a while as John the Ripper has a huge variety of attack modes, rules, filters, and utilities. As John itself works only with hashes, it can not work with encrypted files. That is when its utilities come in handy.

unshadow

Unshadow is a function to optimize the cracking of the user passwords. It combines the files passwd and shadow in a single file, so John can use the data from Gecos field to enhance the wordlist.

Usage: unshadow /etc/passwd /etc/shadow > unshadowed.txt

zip2john, rar2john

Converts compressed and password protected files from *.zip and *.rar to the suitable John format, which contains the password hash.

Usage: zip2john [compressed file] [hashfile]

THC Hydra

Hydra is another popular password recovery tool and is often referred to the same application area as John the Ripper, despite Hydra being an online password cracker.

It supports numerous protocols to attack and is intended for password brute forcing on remote systems.

root@kali:~# hydra -l root -P /usr/share/wordlists/rockyou.txt -t 6 ssh://192.168.1.1
Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2014-05-19 07:53:33
[DATA] 6 tasks, 1 server, 1003 login tries (l:1/p:1003), ~167 tries per task
[DATA] attacking service ssh on port 22

Patator

Patator was developed as a more flexible alternative to other brute-force tools such as THC Hydra. As patator is not as user-friendly as some of the other tools, let’s break down the example syntax.

patator http-fuzz auth-type=basic url=http://example.com >user_pass=admin:FILE0 0=wordlist.txt -x ignore:code=401

This command interprets into use HTTP Brute-force module to bypass basic authentication at target example.com for the user admin using the entries of wordlist.txt as password candidates, and ignore 401 Unauthorized responses.

Hashcat

One of the common tools which offer multiple attack modes for effective password recovery. It supports CPU and GPU-acceleration which helps to crack hashes in a shorter time. The principle of work in most of the password recovery tools is similar - by picking a possible candidate for a password from the predefined wordlist.

Usage of hashcat: hashcat [-m] [-a] [-o file] [hash-file] [wordlist]

-m - type of hash; -a - attack mode; -o - path for the output file;

root@server:~# hashcat -m 0 hashes rockyou.txt --force
hashcat (v4.0.1) starting...

OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Xeon(R) CPU E7- 4870  @ 2.40GHz, 256/739 MB allocatable, 1MCU

Hashes: 8 digests; 8 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Dictionary cache built:
* Filename..: rockyou.txt
* Passwords.: 14344391
* Bytes.....: 139921497
* Keyspace..: 14344384
* Runtime...: 3 secs

Brute-force countermeasures

If you set up a server, or any information system for that matter, it is important to also secure it as much as possible. A crucial part of that securing process is implementing an intrusion prevention system (IPS), which in turn includes adding protection against different types of brute-force attacks. With an IPS you can apply security on certain ports or services in your server (e.g. apache, ssh, ftp). There are a lot of ways to mitigate a brute-force attack. You can slow them down or to giving false-positive results to the attacker. These are not the best practical solutions though, as the attacker with an average level of expertise will know how to avoid them.

Fail2ban

Fail2ban is an IPS which mitigates brute-force attacks by monitoring log files and creating rules in the iptables configuration. Fail2ban can be installed using the following command: apt install fail2ban.

This will install a service with default settings into your server. The default configuration file for Fail2ban is /etc/fail2ban/jail.conf. As the default settings may be changed by package updates, it is not recommended to edit them nor apply any filtering in the default file. It is better practice to write the settings you want to customize into the /etc/fail2ban/jail.local file.

For example, to enable brute-force defence for Nginx, create a jail.local file and include the settings as shown below:

[nginx]
enabled		= true
port		= http,https
filter		= nginx-http-auth
logpath		= /var/log/nginx*/*error.log
maxretry	= 6
bantime		= 600

Explanation:

[nginx] - name of the jail
enabled = true - enable/disable the jail
port = http,https - ports which will be filtered
filter = nginx-http-auth - filters all nginx-http-auth lines from the error log
logpath = /var/log/nginx*/*error.log - the log file to be monitored
maxretry = 3 - number of failed attempts before banning
bantime = 60000 - time of ban in seconds, negative value is a permanent ban

To apply the new custom filtering in fail2ban, its service must be restarted: service fail2ban restart

Sshguard

Another way to harden the security on your server is using sshguard. Sshguard is a tool which protects hosts from brute-force attacks against SSH and a wide range of other services such as Dovecot, Postfix and ftpd.

It works by the same principle of monitoring the log for malicious activity and blocking the suspicious IP addresses for a certain amount of time. There is a feature in sshguard called threat-scoring, which means, the more frequently someone attacks you, the higher its ‘threat’ score becomes, which in turn extends its ban time. To install sshguard into your server use apt install sshguard.

Inspect your iptables for new filtering rules, which sshguard shall add automatically after installation:

root@server:~# iptables -S
-N sshguard
-A INPUT -j sshguard

If you cannot find the filtering rules in your iptables you need to apply them manually and restart the iptables service:

root@server:~# iptables -N sshguard
root@server:~# service fail2ban restart

Conclusion

Take as a rule to change your password periodically. When creating a password next time, keep in mind that:

  • It must be at least 8 characters long.
  • It must contain upper and lower case characters, digits and special characters.
  • You must not store your password anywhere, except in your mind.
  • Consider using two-factor authentication.
  • Consider using a password manager.
  • You can use a passphrase to easily remember complex passwords.

Disclaimer

All the information in this lab is strictly for educational purposes only. Usage of the methods and tools for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Mykyta Zaitsev