Friday, 19 August 2011

Password-Cracking Tools

Today, I will start what will be an ongoing thread on password auditing.

Though stronger authentication methods are now in use these days such as tokens, smart cards and biometrics, most of the organisations still rely on passwords as an authentication method. Thus, one of the critical aspects to look at when conducting security audit is the password policy and the use of strong passwords of the organisation. Ironically, weak passwords are still considered at the top among the vulnerabilities.

Things to check are:

  •  Password management – the password policy such as password length and complexity, maximum password age, password history
  •  Account lock out policy – the number of log-in failed attempts that is allowed before the account is lock out, lock out duration
  •  Blank passwords – this should not be allowed
  •  Non-expiring passwords
  •  Force log off after a period of inactivity 
 To audit passwords, we can use tools such as DumpSec and Hyena, or view the Security Template, Local Security Policy or Group Policy settings that apply to the machine. However, no matter how strong the policy is, it would not be effective if there is one account in the system that has a weak password. We, in addition to the above-mentioned tools need to use password cracking tools to verify that weak password does not exist in the system. Using password cracking tools, we can assess the strength of the organisation’s password (for example, passwords that are vulnerable to dictionary-based attacks), particularly the administrator’s username and password for the network, and verify congruence with the security policy. Some of these password-cracking tools are Rainbow Crack, Cain & Abel Brutus, and John the Ripper to name a few. We can use these tools, with consent from the clients, or the clients can use them in their internal monitoring of their password policy management.

Hackers usually employ two types of attacks to crack passwords and therefore gain unauthorised access to IT resources: brute force and table precomputation. In brute force, an attacker tries all possible keys to encrypt a known plaintext for which he has the corresponding ciphertext. For table precomputation, precomputed encryptions of a chosen plaintext are already stored in a file or table.

RainbowCrack uses table precomputation. It precomputes and stores all possible password - LanManager hash pairs in files called "rainbow table". Any time the password of a LanManager hash is required, RainbowCrack just search at the precomputed tables and find the password in seconds. A rainbow table can be generated or even purchased. Its size can be at least a gigabyte. The more complex the password to crack is, the larger the size of the rainbow table that should be used.

RainbowCrack was developed by Zhu Shuanglei, and implements an improved time-memory trade-off (doing the long time computation in advance and store the result) cryptanalysis attack which originated in Philippe Oechslin's OphCrack.

How to use RainbowCrack?
Note: RainbowCrack can be detected by the antivirus program as spyware, preventing you to use it. Also, we can only use rainbowcrack after we have obtained the file containing the password dump of the target system that we want to test. We can get the password dump using pwdump or fgdump utility tools.

1. First, we need to download RainbowCrack (the latest) and then save the zip file in C:Audit Tools folder for our demo purposes. Below is a screen shot showing the contents of the zip file that we downloaded:

We can see three .exe files namely rcrack, rtgen, and rtsort. Rcrack is the RainbowCrack itself. Rtgen is used to generate our own rainbow table. Rtsort should be used after using rtgen, as rcrack does not use unsorted rainbow tables. For the command syntaxes on using these .exe files, the htm files rcrackdemo and rcracktutorial can be of great help, plus we can always use the “-?” in the command line to inquire on how the command should be typed.

The .txt files on the folder are samples of the password dumps that we can use to practice using the rainbow crack.

The only .rt file on the folder is the rainbow table that we started to generate using the rtgen.exe.

2. Generating our own rainbow table using rtgeg.exe:

As we already mentioned, we can either purchase or generate our own rainbow table. Using rtgen.exe, we will however generate our own rainbow table with the simplest configuration there could be, i.e for cracking passwords with character set as alpha. The configuration we are referring to as well as the commands to generate the tables are:

So we use the table precomputation commands for us to generate our own .rt files

And with so much time spent (that is why rainbow tables can be purchased!), we were able to generate the five files of rainbow table that we can use to crack the simplest configuration for passwords– alpha (ABZDEFGHIJKLMNOPQRSTUVWXYZ) and the size of them are 125mb each.

3. Sorting rainbow tables using rtsort.exe

To speed up the search of rainbow table, we need to sort them in advance. Also, rcrack only accept sorted rainbow tables. The commands used to sort the five .rt files are:

rtsort lm_alpha_0_2100x8000000_bla.rt
rtsort lm_alpha_1_2100x8000000_bla.rt
rtsort lm_alpha_2_2100x8000000_bla.rt
rtsort lm_alpha_3_2100x8000000_bla.rt
rtsort lm_alpha_4_2100x8000000_bla.rt

4. Cracking the LM (LanManager) hash in the sample “random_alpha.txt” file using rcrack and the sorted rainbow tables:

In the command line, get the dir of rainbowcrack folder (otherwise using the *.rt command would not work). After this is done, we can type the command to run rainbowcrack. The command is: rcrack [rainbow table filenames or use the *.rt ] –f [pwdump or fgdump file]. For our demo purposes, the command in cracking the sample “random_alpha.txt” file is shown in the screen shot below. In almost 11 seconds (total cryptanalysis time), rainbow crack was able to crack 10 passwords that use just the Alpha characters.

Some Limitations of RainbowCrack:
  1. RainbowCrack does not support rainbow table file equal or larger than 2GB. This is a limitation as we are using 32-bit value to store the file size. In fact, the rtgen utility will never allow you to generate a file with 134217728 or more rainbow chains, the rtsort and rcrack simply does not support large file.
  2. Salt is used to randomize the stored password hash. With different salt value, same password yields different hash value. The time-memory trade-off technique used by RainbowCrack is not practical when applicable to this kind of hash.

No comments: