Password forensics

- [Instructor] Password cracking is a valuable tool for attackers and it also plays a role in the forensic analysis toolkit. Cyber security analysts conducting a forensic analysis may uncover password files stored on disc and can use password cracking tools to attempt to retrieve the passwords from those files. Let's take a look at how passwords are stored and how we can use password cracking utilities to access stored passwords. When a user attempts to log into a system, the login process checks the password file to determine whether the password is valid. Now of course, the file doesn't simply contain a copy of the password, that would be an easy target for attackers and would also allow system administrators to know all of the user passwords on a system. Instead the password file contains a password hash, shown here, computed using a one way hash function. When the user logs in, the log in process takes the password, computes a hash, and then compares that hash with the one stored in the file. If they match, the user is logged in. This approach is still vulnerable to password cracking attempts because the user who obtains a copy of the password file, which must be publicly accessible on the system for a number of technical reasons, can simply start guessing passwords and comparing the hashes offline in a brute-force attack. The first step in securing this approach is to remove password hashes from the publicly accessible ETC password file. You can see that that's been done in this copy of the password file. But in this approach, how does the system log users in? The hashes still exist but they're stored in a separate file, known as the shadow password file. Unlink the password file, the shadow file can be locked down and highly restricted so only the superuser, root, may access it. I mentioned hashing a little earlier but let's take a deeper look. A hash function is a mathematic function that takes a variable-length input and translates it into a fixed-length output in a manner that is collision resistant. The hash function has to be constructed so that it meets several criteria. First, any change in the input, no matter how minor, produces a completely different output. Second, it has to be computationally infeasible to retrieve the message that was fed into a hash function from the output, another way of saying this is that the hash function is irreversible. And finally it has to be computationally difficult to find two different inputs that produce the same hash output. When this occurs it's a situation known as a collision. This sometimes breaks down however and collisions occur. This is because of mathematical phenomenon, known as the birthday problem. The birthday problem states that collisions may become very common when the sample becomes large enough. It gets its name from some statistics around birthdays. How many people do you think you would need to get in a room to find two that share the same birth month and day? Obviously if you have 367 people in the room, you're covered, at least two of those people must have the same day and month of birth. But would you have guessed that if you have only 23 people in the room you still have a 50% chance that two will share a common birthday? And if you get up to only 70 people you have an extremely high, 99.9% probability that a collision will occur. Hashing algorithms must be carefully designed to avoid the birthday problem. So how do password cracking attacks work? Passwords are hashed, so if someone gets the file they can't just read the passwords. If the hash function is well designed, they can't reverse the hash either. Instead, they need to guess the password, run that guess through the hash algorithm and then compare the results. There are four common types of password attacks. In a brute-force attack, the attacker simply guesses all possible password combinations. This attack is only effective against short, non-complex passwords. Dictionary attacks assume that people use words as passwords and they simply try all the words in the English language first. Hybrid attacks take common variations on those words into account as well, such as adding a year to the end of a word or replacing the letter O with a numeral zero, and similar twists. Finally rainbow table attacks go a step further by precomputing common password hashes and saving a computational step during the attack. Let's take a look at a password attack in action. I'm connected here to a Linux server that I control over an SSH connection. You won't need to do this yourself on the exam but if you'd like to try this, you'll need to setup your own Linux server. If you'd like to do that, check out the Lynda.com library where there are courses on setting up a Linux server. As we get started, let's go ahead and add some user accounts. I'm going to use the user add command to add an account with a name matt and then I'm going to create a password for that account and for this first account I'm going to use something very simple, I'm just going to use the dictionary word apple and type that in twice. I've now set the account for matt to apple. Let's do this again with the user chris, and I'm going to give chris a little bit more complicated password, I'm going to set his password to his name chris and the year, 2015. We'll do this, just a couple more times, let's create an account for the user ricky and for ricky's account we're going to try one of those common twists, and I'm going to use the word hockey but I'm going to replace the letter O with the number zero. And then finally I'm going to create an account for myself and on that account, I'm going to use a very strong password, I'm going to choose H4M9LMPQR. Okay, I've now created four accounts on this Linux system. Now let's go take a look at those password files. The first one I'm going to look at is the ETC password file and as you can see here, we've created our four user accounts but there aren't any password hashes listed in this file. And now if we look at the shadow password file, you'll see that the file contains the password hashes. I'm now going to run a command called, unshadow. What this command does is it combines the original password file and the contents of the shadow file into a single file that we can then do a little more work on. I'm going to store those in a file called passwords. If I look at that file, you'll see that it looks like a password file with all that information together. Now comes the attack. I've already installed a utility on this system called John the Ripper, that's a password cracking tool and I'm going to run it against that password file I just created. It's now running. And as you can see, it's very quickly cracking two of those easy passwords, it got the word apple and it got my common name chris with the year attached to the end of it. If we let this run a little further it would probably pretty quickly discover the hockey with the zero replacing the letter O. These attacks happen every day. Hackers often post cracked password files on public websites just to make a public display of security vulnerabilities. John the Ripper is one password cracking tool When you take the exam, you should also know that the tool Cain and Abel performs a similar function.