You're reading from Ethical Password Cracking Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781804611265

Length 168 pages

Edition 1st Edition

Languages

Tools

Nmap

Concepts

Ethical Hacking

Author (1):

James Leyte-Vidal

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1: Introduction and Setup

2. Chapter 1: Password Storage: Math, Probability, and Complexity FREE CHAPTER

3. Chapter 2: Why Crack When OSINT Will Do?

4. Chapter 3: Setting Up Your Password Cracking Environment

5. Chapter 4: John and Hashcat Rules

6. Part 2: Collection and Cracking

7. Chapter 5: Windows and macOS Password Cracking

8. Chapter 6: Linux Password Cracking

9. Chapter 7: WPA/WPA2 Wireless Password Cracking

10. Chapter 8: WordPress, Drupal, and Webmin Password Cracking

11. Chapter 9: Password Vault Cracking

12. Chapter 10: Cryptocurrency Wallet Passphrase Cracking

13. Part 3: Conclusion

14. Chapter 11: Protections against Password Cracking Attacks

15. Index

Why subscribe?

16. Other Books You May Enjoy

How are passwords stored and used?

While it may seem simple, how a password is stored on a system can have a huge effect on its ability to be recovered via password-cracking operations and how long this can take.

You don’t always need to crack!

Most passwords are stored in authentication systems via some process that renders the password difficult to recover. However, it is not unheard of to come across systems that do not protect user credentials appropriately. You may recall that earlier in this chapter, we discussed the RockYou breach. In the case of RockYou, the company stored user passwords in plaintext (no hashing or encryption), which made recovering user passwords trivial. This meant that once user passwords were made publicly available, they were completely exposed – no password cracking or other complex operations were required; they were simply there for the taking.

Let’s talk about the two types of responsible password storage that we typically see: hashing and encryption.

Hashing

The idea behind password hashing is to store the user’s password so that it cannot be retrieved by anyone. There are several advantages to this approach:

For the company that stores the password, this represents a strong level of due diligence and may provide some protections legally
Passwords cannot be reverted to plaintext (the original password) from hash values, which means malicious insiders with access to the password storage cannot retrieve the password
The existence of standard functions to perform this hashing in many application frameworks means it is easy to implement

At its core, hashing takes a string of plaintext (the password) and converts it into a fixed-length string of unreadable data. This value cannot be reverted to plaintext, which is one of the core differences between hashing and encryption. Also, this hashing process will always return the same value for the same input; this is known as being deterministic. Some types of hashing can also add a salt, which adds additional entropy (randomness) to the generation of the hash value. This salt will be different for every password, which can negate the effectiveness of precomputation attacks – a type of attack that generates all possible hashes in advance of a cracking operation (you may have heard of rainbow tables, which are one type of precomputation attack). Hashing algorithms vary in terms of the number of rounds (hash operations) used to create the hash to be stored, the output length, and several other factors. We will discuss various hashing algorithms later when we dive into different types of password retrieval.

In the case of hashing, passwords are validated during the authentication process by taking the password from the user, hashing it, and comparing it against the stored hash. If they match, the password is correct; if they do not, the password that was entered was incorrect. Once again, hashing further protects the plaintext password during this process by ensuring the plaintext password is never handled by the system after hashing.

Encryption

Encryption differs from hashing in that the ciphertext (the product of the encryption algorithm) can be reversed back to the original plaintext (the password). To do this, one or more encryption keys must be generated and used for encrypt and decrypt operations.

Encryption has some liabilities for use as password storage. The most prominent one is that the ciphertext is reversible, which means that a malicious insider or an external party can retrieve the plaintext passwords if they can obtain the ciphertext and the encryption key(s). Additionally, because it is used in encrypt and decrypt operations, the key(s) must be retrievable, which further increases the potential for mishandling and/or disclosure of the keys.

Easy check for encryption as password hashing (or worse)

Have you ever forgotten a password and used a Forgot Password link or workflow in an application? Odds are, you probably have. If you have ever used the Forgot Password functionality and had your password sent to you via email or some other cleartext method (rather than being prompted to set a new password), this means that your password is stored on that system in an encrypted format. If password hashing was in use, they would not be able to retrieve your plaintext password.Well, there’s one other possibility – the system is storing your password in cleartext, similar to what RockYou did. We have seen how that is a very bad idea, but unfortunately, it is sometimes done.

In the case of authentication with encrypted passwords, the ciphertext can be compared (similar to authentication with hashing in use), or the password can be decrypted and compared to validate the password provided by the user.

While encryption has been noted here for completeness, it is not at all optimal to use encryption for password storage and is not recommended in the NIST 800-53 standards.