Passwords are typically encrypted when they’re stored on a computer, using an encryption or one-way hash algorithm such as DES or MD5. Hashed passwords are then represented as fixed-length encrypted strings that always represent the same passwords with exactly the same strings. These hashes are irreversible for all practical purposes, so, in theory, passwords can never be decrypted. Furthermore, certain passwords such as those in Linux have a “salt” value added to them to create a degree of randomness. This prevents the same password used by two different people from having the same hash value.
Windows usually stores passwords in these locations:
• Security Accounts Manager (SAM) database
(c:\winnt\system32\config)
• Active Directory database file that’s stored locally or spread across domain controllers (ntds.dit) Windows sometimes stores passwords in either a backup of the SAM file in the c:\winnt\repair directory or on an emergency repair disk. Some Windows applications store passwords in the Registry or as plaintext files on the hard drive!
_ Linux and other UNIX variants typically store passwords in these files:
• /etc/passwd (readable by everyone)
• /etc/shadow (accessible by the system and the root account only)
• /etc/security/passwd (accessible by the system and the root account only)
• /secure/etc/passwd (accessible by the system and the root account only)
Password-Cracking Software
You can try to crack your organization’s operating system and application passwords with various password-cracking tools:
- pwdump3 extracts Windows password hashes from the SAM database.
- John the Ripper cracks hashed UNIX and Windows passwords.
- Proactive Password Auditor runs brute-force, dictionary, and rainbow cracks against extracted LM and NTLM password hashes.
- Cain and Abel cracks LM and NTLanManager (NTLM) hashes, Windows PWL passwords, Cisco IOS and PIX hashes, VNC passwords, ADIUS hashes, and more.
- RainbowCrack cracks LanManager LM) and MD5 hashes very quickly by using rainbow tables.
- Elcomsoft Distributed Password Recovery cracks Microsoft Office, PGP, and PKCS passwords in a distributed fashion using up to 2,500 networked computers at once.
- Proactive System Password Recovery recovers practically any locally stored Windows password, such as logon passwords, WEP/WPA passphrases, SYSKEY passwords, RAS/dialup/VPN passwords, and more.
- chknull checks for Novell NetWare accounts with no password.
- Pandora cracks Novell NetWare passwords online and offline
No comments:
Post a Comment