Most of us are familiar with usernames and passwords. Passwords are the most common tool to secure information from unauthorized access. But not everyone is familiar with the security requirements for strong passwords. Because of this reason a lot of user passwords can be easily guessed.
What is a password?
Passwords have been used since ancient times as a memorized secret to confirm an identity. They were also in use since the earliest days of computing. At that time they were stored as plain text, until the introduction of password hashes in the 1970s. Cryptographic hash functions are used to verify whether the input data maps to the stored hash value. It is difficult to reconstruct the input data by only knowing the stored hash value. Nowadays, the main storage methods of passwords are:
- Plain text - if an attacker gains access to the storage, and passwords are stored as plain text, no cracking is necessary;
- Hashed - a hash is vulnerable to ‘Rainbow table’ attacks, which are more time-effective than cracking;
- Hashed and salted - the only way to obtain a password is cracking, salt is randomly generated data for each password which is processed with a hash function;
- Encrypted - the attacker is required to obtain the encryption key, otherwise decryption is close to impossible.
Another problem in password security nowadays is password complexity. Keep in mind, the easier the password is to remember - the easier it is to guess for the attacker. Passwords written on sticky notes or stored in plain text negate the security of the password, no matter how sophisticated it is. To make passwords more memorable people re-use the same passwords over and over again. Also, the most common and the worst ideas for passwords are:
- Pet names
- A notable date, such as a wedding anniversary
- A family member’s birthday
- Your child’s name
- Another family member’s name
- Your birthplace
- A favorite holiday
- Something related to your favorite sports team
- The name of a significant other
- The word “Password”
The password strength is measured in its effectiveness against brute-force attacks - it estimates the average number of attacker trials to guess the correct password. The strength of the password can be implemented by the incrementation of length, complexity, entropy and security design.
A good wordlist, also called a dictionary, is an essential part of password recovery. Password cracking tools go through all the strings in the pre-arranged wordlist as a password candidate. Using a large wordlist is not the same as using an effective wordlist. Basic reconnaissance as preparation before the cracking will help you to learn the target and find a matching wordlist. Otherwise, you can create a custom wordlist by using crunch or an online wordlists generator.
Crunch is a wordlist generator installed on Kali Linux by default and it will generate the wordlist from a given charset or a pattern.
It has multiple generation modes:
- To create a dictionary with certain symbols:
root@kail:~# crunch 5 5 12345 -o output.txt Crunch will now generate the following amount of data: 18750 bytes 0 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 3125 crunch: 100% completed generating output root@kail:~# head output.txt 11111 11112 11113 11114 11115 11121 11122 11123 11124 11125
- To create a dictionary from a certain pattern:
root@kail:~# crunch 9 9 qwe RTY 123 \#\@ -t Pa@s,o^d% -o ouput.txt Crunch will now generate the following amount of data: 540 bytes 0 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 54 crunch: 100% completed generating output root@kail:~# head output.txt PaqsRo#d1 PaqsRo#d2 PaqsRo#d3 PaqsRo@d1 PaqsRo@d2 PaqsRo@d3 PaqsTo#d1 PaqsTo#d2 PaqsTo#d3 PaqsTo@d1
- To create a dictionary by shuffling different strings:
root@kail:~# crunch 1 1 -p Range Force Pass Crunch will now generate the following amount of data: 90 bytes 0 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 6 ForcePassRange ForceRangePass PassForceRange PassRangeForce RangeForcePass RangePassForce
Types of password attacks
The simplest and the most time-consuming type of attack. Tries all the combinations in a keyspace.
Also known as a wordlist attack, is a straightforward attack (e.g. in hashcat), which simply reads a text file (dictionary) line by line and tries every line as a possible password candidate.
Basically, a recompilation of a dictionary, where each word of a dictionary is appended to each word in a dictionary.
For example, if the dictionary contains these words:
one two three four
The password candidates would be:
oneone onetwo onethree onefour twoone twotwo twothree twofour threeone threetwo threethree threefour fourone fourtwo fourthree fourfour
A hybrid attack is a combination of a dictionary attack and a Brute-force attack.
If you have a dictionary with the word
password in it, the hybrid attack will create a dictionary with all the possible combinations:
password001 password002 password003 ... password999 001password 002password ... 999password
Most of these types of attacks are supported by hashcat.
Unix systems use a one-way encryption function for passwords, which means they cannot be decrypted. Every time you enter your password to authenticate yourself on the Unix-based system it applies the same encryption to the input and compares it with the stored value in the /etc/passwd and /etc/shadow files.
/etc/passwd is the file which stores all the user data required during login. Additionally, the GECOS field contains general user information such as name and phone number.
/etc/shadow is the file which stores the hashed user’s password and the additional properties related to the password.
2. Password field (x indicates that the encrypted password is stored in /etc/shadow file).
3. Reserved User ID (ID 0 is reserved for the root).
4. Group ID.
5. Gecos field contains additional info such as user’s full name, email, phone number.
6. Absolute path of the home directory, where the user will be after he/she logs in.
7. Absolute path to the shell the user uses.
2. Password hash:
Usually stored in the format
$id$salt$hash, where the id identifies the hashing algorithm:
$1$ is MD5
$2$ is bcrypt
$5$ is SHA-256
$6$ is SHA-512
3. Days since last password change in Unix time.
4. The minimum number of days required between password changes.
5. The maximum number of days the password is valid.
6. The number of days before password expiration that user is warned that his/her password must be changed.
The /etc/shadow file stores the hashes of all the users in the system. The root user and all the privileged processes can read from it directly. For the unprivileged processes, authentication is implemented by the PAM (Pluggable Authentication Modules) library, which checks if the user password is correct without exposing the password hash.
If the attacker obtains the password hashes he will be able to perform a dictionary attack by hashing all the passwords in a wordlist and comparing the result. The most common software for this kind of password attack is John the Ripper.
John the Ripper
John the Ripper or just John is a password cracking tool which supports most of the commonly used types of hashes. It only works with salted hashes and it brute-forces passwords that are shorter than 8 characters.
john [hash file] --wordlist=[wordlist path]
John will load the hashes, analyze the type of hash and identify salts. Afterward, it will proceed with the attack. Some of them might take a while as John the Ripper has a huge variety of attack modes, rules, filters, and utilities. As John itself works only with hashes, it can not work with encrypted files. That is when its utilities come in handy.
Unshadow is a function to optimize the cracking of the user passwords. It combines the files passwd and shadow in a single file, so John can use the data from Gecos field to enhance the wordlist.
unshadow /etc/passwd /etc/shadow > unshadowed.txt
Converts compressed and password protected files from *.zip and *.rar to the suitable John format, which contains the password hash.
zip2john [compressed file] [hashfile]
Hydra is another popular password recovery tool and is often referred to the same application area as John the Ripper, despite Hydra being an online password cracker.
It supports numerous protocols to attack and is intended for password brute forcing on remote systems.
root@kali:~# hydra -l root -P /usr/share/wordlists/rockyou.txt -t 6 ssh://192.168.1.1 Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2014-05-19 07:53:33 [DATA] 6 tasks, 1 server, 1003 login tries (l:1/p:1003), ~167 tries per task [DATA] attacking service ssh on port 22
Patator was developed as a more flexible alternative to other brute-force tools such as THC Hydra. As patator is not as user-friendly as some of the other tools, let’s break down the example syntax.
patator http-fuzz auth-type=basic url=http://example.com >user_pass=admin:FILE0 0=wordlist.txt -x ignore:code=401
This command interprets into use HTTP Brute-force module to bypass basic authentication at target example.com for the user admin using the entries of wordlist.txt as password candidates, and ignore 401 Unauthorized responses.
One of the common tools which offer multiple attack modes for effective password recovery. It supports CPU and GPU-acceleration which helps to crack hashes in a shorter time. The principle of work in most of the password recovery tools is similar - by picking a possible candidate for a password from the predefined wordlist.
Usage of hashcat:
hashcat [-m] [-a] [-o file] [hash-file] [wordlist]
-m - type of hash; -a - attack mode; -o - path for the output file;
root@server:~# hashcat -m 0 hashes rockyou.txt --force hashcat (v4.0.1) starting... OpenCL Platform #1: The pocl project ==================================== * Device #1: pthread-Intel(R) Xeon(R) CPU E7- 4870 @ 2.40GHz, 256/739 MB allocatable, 1MCU Hashes: 8 digests; 8 unique digests, 1 unique salts Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates Rules: 1 Dictionary cache built: * Filename..: rockyou.txt * Passwords.: 14344391 * Bytes.....: 139921497 * Keyspace..: 14344384 * Runtime...: 3 secs
If you set up a server, or any information system for that matter, it is important to also secure it as much as possible. A crucial part of that securing process is implementing an intrusion prevention system (IPS), which in turn includes adding protection against different types of brute-force attacks. With an IPS you can apply security on certain ports or services in your server (e.g. apache, ssh, ftp). There are a lot of ways to mitigate a brute-force attack. You can slow them down or to giving false-positive results to the attacker. These are not the best practical solutions though, as the attacker with an average level of expertise will know how to avoid them.
Fail2ban is an IPS which mitigates brute-force attacks by monitoring log files and creating rules in the iptables configuration. Fail2ban can be installed using the following command:
apt install fail2ban.
This will install a service with default settings into your server. The default configuration file for Fail2ban is
/etc/fail2ban/jail.conf. As the default settings may be changed by package updates, it is not recommended to edit them nor apply any filtering in the default file. It is better practice to write the settings you want to customize into the
For example, to enable brute-force defence for Nginx, create a
jail.local file and include the settings as shown below:
[nginx] enabled = true port = http,https filter = nginx-http-auth logpath = /var/log/nginx*/*error.log maxretry = 6 bantime = 600
[nginx] - name of the jail
enabled = true - enable/disable the jail
port = http,https - ports which will be filtered
filter = nginx-http-auth - filters all nginx-http-auth lines from the error log
logpath = /var/log/nginx*/*error.log - the log file to be monitored
maxretry = 3 - number of failed attempts before banning
bantime = 60000 - time of ban in seconds, negative value is a permanent ban
To apply the new custom filtering in fail2ban, its service must be restarted:
service fail2ban restart
Another way to harden the security on your server is using sshguard. Sshguard is a tool which protects hosts from brute-force attacks against SSH and a wide range of other services such as Dovecot, Postfix and ftpd.
It works by the same principle of monitoring the log for malicious activity and blocking the suspicious IP addresses for a certain amount of time. There is a feature in sshguard called threat-scoring, which means, the more frequently someone attacks you, the higher its ‘threat’ score becomes, which in turn extends its ban time. To install sshguard into your server use
apt install sshguard.
Inspect your iptables for new filtering rules, which sshguard shall add automatically after installation:
root@server:~# iptables -S -N sshguard -A INPUT -j sshguard
If you cannot find the filtering rules in your iptables you need to apply them manually and restart the iptables service:
root@server:~# iptables -N sshguard root@server:~# service fail2ban restart
Take as a rule to change your password periodically. When creating a password next time, keep in mind that:
- It must be at least 8 characters long.
- It must contain upper and lower case characters, digits and special characters.
- You must not store your password anywhere, except in your mind.
- Consider using two-factor authentication.
- Consider using a password manager.
- You can use a passphrase to easily remember complex passwords.
All the information in this lab is strictly for educational purposes only. Usage of the methods and tools for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.