DEFCON 17: Cracking 400,000 Passwords, or How to Explain to Your Roommate why Power Bill is a High

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

I'm very new to crypto, but I didn't know JTR's source code was available. That's pretty sweet.

👍︎︎ 1 👤︎︎ u/DRUNKEN_SIDICATE 📅︎︎ Dec 08 2012 🗫︎ replies

34:06 butthole69 ಠ_ಠ

👍︎︎ 1 👤︎︎ u/Alpha_Q 📅︎︎ Jan 19 2013 🗫︎ replies

Captions

hey everyone thank you for making this to her last DEFCON talk for this year I really appreciate I'll try not to disappoint my name is Matt weir I'm a PhD student at Florida State University and let's go ahead and talk about some password cracking here so before I begin I just want to say I'm going to be using the word we a whole lot and that's not because I have some British royalty complex or anything like that but because I work with a really good team and I just want to acknowledge them right now so my major professor dr. Sudhir Agrawal is a very been very hands-on on this as well as that Professor Brent oh and they've helped me out quite a bit also I would like to thank National Institute of Justice and along with the National white-collar crime center for funding this research which I really do appreciate because that way I don't have to teach you know intro to C classes but also for providing us a little bit legitimacy to because when you have to go to your research Essex board that though you have to get this stuff approved with it really does help the BL go and said and say you know we're doing some password cracking research and they're like and then you can say but we're doing to help you out you know catch and prosecute child molesters and that kind of just gets us right on through there so as I just kind of mentioned there the main focus of my research is to help law enforcement that's what we're really focusing on here and I'll freely admit because law enforcement dealing with strong encryption and quite honestly there's no way I'm going to go ahead and be able to break a es it's just not something I be able do I just don't have that brain power to do it so really what we're focusing on instead is instead of attacking the ssin which is an extremely hard if not almost impossible problem we're going to be attacking the user because that's much more doable so what we're really trying to do is go ahead and create better models of how people create passwords in real life and then use those miles to go ahead and attack password creation strategies to do this what the first thing we need a course is to have an idea of what people create passwords with so we spend a quite a bit of time just going out on the internet and trying to find any disclosed password lists that are out there so these are lists I've just kind of popped up on the internet for whatever reason so like a hacker will break into a site they'll post a password list online saying how high look how great I am and we definitely go ahead and try to grab those and analyzed them also there's a lot of pasture cracking of forums and bulletin boards and stuff of that and we definitely go ahead and fish those as well now occasionally those passwords are in plain text and that's great because all we need to do is just go ahead and read them and we're done but my vast majority of these passwords here are hashed and this is a real chicken the egg problem for us because in order to figure out how people create these passwords we actually have to crack them first but that's actually kind of a good thing for us because it does force us to focus on the practical I mean we just can't sit back you know sip wine write research papers we actually have to go ahead and try to apply what we're talking about to real password lists and see if it works now on the flip side saying this here what's really been interesting me too is how does this apply to defender you know how can we go ahead and make password creation strategies better based upon our knowledge of cracking passwords and that's actually a much harder problem in my opinion it's much easier to break something it is to go ahead and fix it so I'm going to talk to me a little bit about that as well now for this talk here I'm really going to cut try to avoid focusing too much in detail on the tools or trivia because if I try to spend the next 50 minutes just going over every single command-line option of John Ripper or maybe going through pages upon pages of labor frequency analysis or you know how many people use the word our sports teams and their password that's not really a good use of your time there I mean that's why you know we invented the internet so I do maintain a password cracking blog and I do keep all my tools online as well and I occasionally try to you know document them so please go to this here if you're interested in this comment if you there something you'd like us to look at the please let us know like if do you think hey you're doing a stupid this is a better way are we really do appreciate the those type of comments as well just as long as you include that this is a better way portion of that there I also on the slides try to include links to all the different webpages for other tools that we talked about as well so when something flashes up on the screen you don't have to frantically write it down you can just go ahead and download slides there and I also include quite a bit of the tools on the CD itself now real quick just about couple different tools there we do have our like our dictionary based rainbow tables online we have loved password cracking cracking the scripts that we run some of the different rule sets that we use some of the parsing scripts that we use to analyze password lists and a couple of different custom word lists that we made as well of the custom word list probably the one that's most notable is we probably have the largest collection of one-line ASCII art porn on the internet oh yeah my parents were really proud of me as you can tell they're but I mean people create passwords that way so you go have to go ahead and attack that okay also I'm not going to go ahead and focus on like oh my god passwords suck you know users choose horrible passwords we're all doomed okay because I don't believe that well I believe users choose horrible passwords but just avoid the rest of that there I mean yeah I could spend the entire time making fun of users because they are hilarious but really I mean that's not that useful I mean we've known for years you know fire is hot water is wet given a chance that user will choose the password password one two three okay I mean that's not new knowledge I think we as a security community need to figure out what we're going to do about that though also I won't say that I'm optimistic but I'm not overly pessimistic about the future of passwords as well I mean we're stuck with stellar we're going to be using them forever because they are really nice and there's a lot of different factors of them that just make blow everything else out of the water with the exception of security but I mean it pasture cracking is game harp because people are actually starting to use a strong encryption they're starting to use stronger password hashes and treat those passwords better and I think that's actually why we're seeing such an explosion and password cracking research right now because land man's going out I mean Windows 7 hopefully will put the hard stake in the heart of a XP there we're starting to see less and less WEP even though that's all over the place too so right now I mean we are getting to the point where you actually do have to work at cracking passwords instead of just you know being out trivially break everything and that's actually an improvement so if I'm not going to go ahead and talk about tools trivia or make fun of users I mean what am I going to do so really why I kinda wanna focus on is what does a pass or crack session really looked like what are the real techniques that we're doing how do we start out how do we go ahead and go about trying to attack these lists here and in particular at what I really want to do is just focus on two different case studies so we've been collecting a lot of different passwords from everywhere but these two ones were pretty cool because they're very big lists and they're very public so we're going to talk about cracking both the PHP BB comm list and then our results was cracking the web hosting Talk Talk comm list as well and I'm going to start this off just by doing some a little bit of kind of a pasture cracking overview and it's not like a CSS P prep course but just mostly so we can agree on some basic you know language and terminology and then because I'm probably going to be running almost over then I'll definitely be available in the breakout room afterwards for questions we are starting to do some research on TrueCrypt it's nothing in advanced and we we are in the beginning parts there I can talk about some pass phrases and non-standard passwords and some different ways we're looking at attacking that and just and so on so please come to the QA and room grill me I'd love to hear what everyone has to think about this type of stuff so moving right along now there's really two different types of password cracking and they are very different the first type is online so this is what you see in all different movies you don't have access to the site at all and what you're trying to do is gain access to the site so you're trying different username and password combinations to try login now the main thing about this is that the defender has a lot of different options available to them to make attackers life hard which is really good because otherwise we'd be screwed but the main thing is the attacker or the defender can really limit them the mountain guesses that you can make what we're really focusing on in our research doe since we are worried about cops kicking down the door is the offline password cracking research so this is more of a forensic setting so the cops obtained a warrant hopefully first and then kick down the door see if the hard drive found you know TrueCrypt encrypted hard drive there and now they are really only limited by the amount of computer horsepower and time they can throw out the problem for these two different case studies though what really happened was an attacker broke into a website they managed to go ahead and downloaded all the passwords passwords and usernames and now the attacker really is only limited by the amount time they can throw out the problem now of course the question is you know why is the attacker bothering to crack passwords if they are gain you know full route access to the site and answer of course is people use password the same password everywhere so you want to go ahead and gain access to all these users now you know web mail accounts Bank counts PayPal or whatever now we don't do this may I stress I really do want we'd never verify these passwords so even though we cracked them we never try to log into sites we never try to log into any other sites and I'm just saying this because a lot of feds in the audience but it really is true - okay so there's really three different steps in cracking passwords and I want to differentiate these because I'll be referring back to them later because I've run into problems with each of these three different stages here the first stage when and first of all all the talking I'm going to be doing is being based on offline password cracking so the forensic setting so you've already obtained the password hash or you've got the you know full hard-driving Critic encrypted drive there so the first step you have to do though is just make a guess of what the user created a password as so of course the first one's gonna be like password 1 2 3 the second stage is you gotta go ahead and hashtag s using whatever hashing algorithm there is now ideally this is where you'd be spending the vast majority of time but a lot of different sites just use like simple md5 hash which is very quick so it this goes very much faster than this slide even but also when you're dealing full hard drive encryption what you're really doing is you're taking users password and turning it into an encryption key which in order to decrypt the file header but it's pretty much the same same steps are easy go ahead and compare it against the target hash to see if they match and if they do match you've cracked the password this actually gets much more difficult though when you're dealing with larger password a list as it takes more time to do the comparisons now if asked majority of time though it doesn't match so you go ahead and throw out all the results and you start again and that's password cracking a nutshell is just these three different things repeated over and over and over again until you grow bored and quit now I'm mentioning passwords salts quite a bit as well mostly when I'm talking about the web hosting talk list since that was a salted list and basically all a salt is is just just a value added to steal people's passwords so that even though two people might choose the exact same password which happens quite a bit to their password hashes are going to be different and that's really important it helps improve security quite a bit and if you're not using a password salt you really do need to especially on any online passwords that you're storing so but that's it it's not magic now people to have a tendency to want to go ahead and use the username as the password salt Microsoft but that's a really bad idea because a password salt also helps protect against a hash lookup attacks so that's where attacker goes and generates all the password hashes at one time and then when they need to crack a password a steal look upon it's very quick if you have a password salt though they can't do that unless they are a to hash look at people for every single password salt now with your Microsoft like domain logins they are stored with password salt of your username but in that case they're yeah an attacker might not want to generate a table for Bob and accounting but there's this user named administrator he or she is really popular I mean they're everywhere people really trust him or her so that's just kind of a fail right there now a couple important parts about the password salt though first of all it's not secret it's really good if you keep it secret but the security of it is not required the secret parts the user's password in the first place second user doesn't need to know it it's not something that the user ever has to see is stored on the server so that way you don't worry about the as far as users concerned password salt doesn't exist it should be unique per user and I'll get that into s'more but provides to have a herd protection when someone's trying to crack a lot of passwords and we'll see that too a pretty much extremely degree there when we talk about the web host and talk list and finally it's not some magical wind button okay it doesn't provide perfect security no matter what everyone tells you it seems like online basically if the attacker is really only trying to target one user in particular instead of trying to target whole bunch all the password salt does is protect against hash lookup attacks but all the other attacks attacker has are still different definitely open so you still have to make the password hash computationally expensive in order to limit the number of guests as an attacker can make so that wasn't too painful was it let's get on to the Kraken okay so everyone always ask me what my hardware setup is so this is my home computer where I started doing all the cracking because that way I didn't have to go into the lab which was wonderful but it it's nothing crazy it's about two year old computer I like it but it's not like some major massive password cracking machine I also use this MacBook quite a bit as well so the two computers unfortunately a couple weeks after that the power bill came in and had gone up about 75% oh now there were a lot of other factors that caused power bill to go up I'm very convinced to this but it's really hard to have that conversation with your roommate when your computer fans are just blaring in the background and they've been doing that continuously non-stop for the last couple of weeks and also it kinda hurt that the power bill kinda went back normal after I stopped so yeah I do pretty much all my password cracking now from our lab computer of at school which I previously been using the generate dictionary based rainbow tables but when you hear about people talking about you know racks of you know PlayStation 3s or you know botnets cracking passwords and stuff like that we don't have that I mean dude we have a Dell so really when you're looking at the threat modeling when I say something's hard I'm meaning it from this context right here so an attacker definitely can throw a lot more resources at this so the pH P BB comm list I'm going to refer to it as a PHP list uh from now on since I so I don't stumble over myself it was hacked back in January 14th and the list was posted online early February and when I say the list was posted online attacker posted a ton of information about the site password hashes user names user email accounts and also a really interesting write-up of how they did attack themselves which was pretty good reading now that list itself contained about two hundred fifty nine thousand unsalted md5 password hashes and was associated users it also had a three thousand salted hashes using the PHP BB three hash algorithm and basically what happened was they upgraded their site the new version of it use of stronger hashing algorithm but anyone hadn't logged in since the upgraded site they were still stuck with the old hash now we only attacked md5 hashes here since we are doing this from a research typesetting and tacking on salted list is a pain in the butt so we don't really learn that much from them so we only really focused on the md5 password list here and that's great to hear as a defender okay you salt your password list it's too much trouble the person just goes on something easier but I wanna stress that once again if your list gets disclosed and assaulted you still have to treat it as a serious event because it might be worth a while for an attacker to go ahead and attack that and I'll get into that what's the web hosting talk list now one other interesting saying is that the attacker actually tried to crack a lot of these passwords himself or herself the hacker submitted by 117,000 them to an online password cracker to go ahead and crack them and he did and just took them about one to two week period just to submit all of them and of that they cracked 28,000 passwords or about 24% of those passwords and he posted those crack passwords online as well so when you see people do an analysis of the PHP list there they're doing analysis generally of that 24 percent that the attacker cracked which as you can tell it's probably the weakest 24 percent of all of them and I have to say though that attacker was pretty much par for the course for his attack from what we've seen there's a great and wonderful site called hash killer calm most of it's in German but the Babel Fish is getting much better but what they do is not only do to have their own lawn line password cracker not only do you have like online password cracking forums and stuff like that but they keep track of how efficient all the other password crackers are out there and most online password crackers averaged about 20 to 40% the crack rate so of all the password hashes are submitted to them they'll crack about 20 to 40% of them there's actually a tool out there called md5 utilities which was done by some people on a remote exploit board that will submit a password list of password hashes to all the sites pretty much it's like 33 sites I think at the current count and taking this aggregate all these online pass crackers do pretty good what I want to warn you though about this is that there are some serious privacy concerns was doing this because if you don't think that these people are going heading collecting and keeping the password hashes you submit to them you're a very trusting person on the plus side this opens up a couple different honeynet the options as well moving on now there's a lot if you want crack the password yourself though there's a lot of different password crackers out there because as you can imagine it's been a problem for quite a while really of all of them though I have to recommend John Ripper first of all it's free and that's wonderful but the main reason though and the reason why it beats out most even paid for hazard crackers is that it's been around forever and the source codes available so basically if you can think of a problem someone's already implemented probably the solution in John Ripper it's like the freaking simpson's of password cracking and so I mean that's really good also it has this one option and I haven't really seen us a name to other major password crackers and this option makes it worthwhile for me and it's called a STD N and basically what this says is that going back to you know the the introductory slides there I don't want to have to deal with some all of the you know hashing and cracking and stuff like that from stages two and three but I don't like the the built in John Ripper rule sets so what I can do is I can go ahead and write my own program and then pipe all the guesses directly in the John Ripper and John Ripper will go ahead and hash them and try to crack the password so basically if you can think of a way of generating a password guess and you can code it up you can use it with John dripper and that's extremely powerful now I got kind of admit this here I was an idiot I know that's hard to believe but older versions of John the Ripper really choke when you feed them large password list it just takes forever to make a guess because that comparison portion there it was implemented pretty poorly now there was a patch it was released back in January there was actually uh someone had it was based on past someone else had done that's been out for a couple of years and I didn't realize this so I I went through a lot of pain dealing with an old version John Ripper to the point where I actually even started using Cain and Abel a little bit which I'm still ashamed of but really all you have to say is that John Ripper still being updated still being maintained definitely use a new version and the online mailing list up is actually very active which surprises living daylights out of me now even with all these problems that I was having this John Durr Ripper doe here's kind of the timeline of the cracking attack for hours and I have for hours in quotes because it took me a lot longer to go ahead and parse the password hashes out and do all our stuff there but once I started after four hours at cracks 38 percent of passwords and we're going to see that that's really slow actually after one week I'd cracked 62 percent of passwords after one months in one week I'd cracked 89 percent which is when I kinda made this Def Con talk and currently I'm at 95 percent of the total passwords cracked or 93 percent of unique hashes and the numbers are different because a lot of people choose the same password there so that's pretty bad actually now and I'm not the only person that's a obtain to success here I mean after my Def Con talk with postive had talked to a couple different people for example a Brandon Enright has also cracked about 95% of the md5 hashes there he cracked a 2500 that I missed and he I cracked 2600 uh he missed and we haven't exchanged the plain text password list just to do the privacy issues but we were just exchanging like digital ones I crack oh these are the ones I cracked okay and I actually got an email from another person yes the other day and he says he cracked 97 percent of them and I believe them because we're still cracking passwords and definitely uh I'm not the most leaked password cracker out there I mean I'm just a student trying to you know graduate so once again there's probably a lot better ways to do this so take everything I say with a grain of salt now the reason we cracked this many dough wasn't because I'm some elite hacker it's because in general those passwords are really poor the average lengths of all the passwords are cracked was 7.2 characters long and that's we can see that almost universally across different sets what was kind of surprising was this list though was only six percent of them contain an uppercase letter and only about 1% of them contained a special character and most all the empty did contain something else it was numbers and Aladdin did contain quite a few numbers though and but 51 percent of the passwords only contain lowercase letters which makes it a lot easier to go ahead and crack and I just wanna stress this doesn't count the 5% passwords we haven't cracked I'm going to see them they're a little bit stronger though just for my ego so once I really want stress with these password cracking sessions though is that we do have limited resources I mean we can't just brute force everything and what that means is that we have to kind of have an idea in our head of how the user created that password and attack that specifically but that means that there's a lot of different password creation strategies a lot different types of passwords we're just not going to try because we don't have that time to do it and you just have to accept that so what we're trying to do is crack the majority of passwords not all of the passwords and you really have to have that mindset when you're doing password cracking and for a defender that can be pretty good there I mean it's easy for an individual or it actually is not that easy but yeah it's it's easier for an individual to create a strong password because really what you need to do is make it long enough that you can't brute force it and then do something that no one else does and then we're just not going to go ahead and try to attack because you're the only person doing that it's really hard though from you know an organizational perspective though to make everyone unique we just don't do that as human beings we can't do different it's just not really built into us and that's why password cracking really is probably gonna keep on working pretty well there now the first type of attack I'm sure you all know about this one is just a dictionary tag and I just wanna stress when I say dictionary based attack I not only mean using an input dictionary but also all of the associated word mangling rules that you do to it like adding two numbers to the end or capitalizing the first letter now there's two main reasons why dictionary attack can fail first of all you just didn't try to write dictionary word so your password was zebra one two three and then zebra wasn't in your input dictionary the other way is they used to try to write Ward mangling rule so in that case you just didn't try number of the word are adding one two three to the end of your password and these you really have to balance them because you're always limited in the amount of time and amount guesses you can make so the bigger your input dictionary the less word mangling rules you can apply to it so and what if you want apply more bang rules you have to use a smaller input dictionary and what a lot of people do for this though is they do run multiple Impa dictionary so they'll run a really small word in put dictionary and have tons of war banging rules applied to that in a much larger input dictionary but only try a few word magnet rules on that as well now this really little controversial because I disagree with most our people in password cracking but it seems like when people start cracking passwords the first thing to do is try to collect as many input dictionaries as possible and it really kind of falls into this crazy cat lady syndrome there where I mean instead of just having a couple well maintained input dictionaries they just have like 50 or 60 of them running around the house about pooping all over the place so I really do believe though is if you do get these input dictionaries and you can have some they're extremely large you really just have to keep in the back your mind how are you going to use this and how does it fit into your crack and attack and really you do spend a lot of time trying to maintain these input dictionaries but it does pay to focus on just a few now that being said though if there's no password creation rule in a forest just kind of like what's that's PHP list here people aren't using word Magne rules they hate using people hate using word mangling rules if you give it a chance they'll just go ahead and type and password and be done with it so in that case if the chances are if you don't crack a password the reason is that you're not just wrong you're just not trying to write base word so the bigger the input dictionary you have the better off you are now probably one of the best big in petitioners I've ever seen though was done by a Sebastian review and I know I said his name wrong and I really do apologize and what he did was he downloaded Wikipedia all of it and all the sister projects as well and he created some massive word lists based upon that because I guarantee if someone you know knows of a word they're creating a Wikipedia article on it so that's an extremely good one but if ginormous so you really can't apply a lot of different word banking rules to it but it's great for catching those lower hanging passwords there and his a dictionary on his website there I can't give them enough props for that now if there is a password creation policy or you are getting into the upper levels where you're trying to crack stronger passwords though you do have to use a smaller input dictionary and by far the best of those input dictionaries are based upon previously crack passwords and I really do apologize but this is the one type of dictionaries I can't release to you guys just because of all different see issues with that but it really is kind of like a rich gets richer type of a thing where the more pass or cracking you do the better you get at it just simply because these lists grow on you here and we're actually starting to see a lot of the same users in different lists where they were part of different compromised websites and that's not actually the the users fault it's just that he got unlucky but yeah people use the same password all over the place what's also really useful is to go ahead and extract the base word from these passwords here for example the password Tiger Woods 1982 might not be that common but people use Tiger Woods in a password all the time so you want to go and extract that and I include some tools on the CD that allows you to go ahead and do that much easier but those work really well now for the word manly rules the default ones in John Ripper are really nice but they only crack weak passwords and they're designed to crack weak passwords really well but if you're trying to crack any type of strong pass where it's just not going to work you have to make your own word bang the rules for that I made some my older John rules available online for download the only other ones I've ever been able to find online are posted by mingi and he posted them on the John Ripper mailing list but yeah you have to make your own rules if you really want to go ahead and crack strong passwords one thing I've been working on though is trying to identify new rules just things that we didn't think about so another tool I include on CD there goes head and tries to parse a password list into two different sets passwords that we already know how they were created you know like past one two three and in passwords that it has no idea how they were created and that's really nice because you don't want have to look through 200,000 you know instances of like password one two three when trying to figure out how to find new rules so that provides you a very small list so you can go hey look you know people use emoticons you know smiley faces in their password or you identify new keyboard combinations it makes it much much easier do that now as I said I've been moving away from using a the John rippers built-in rules and working on customizing some of our own ways of generating guesses and probably what we've had the most success with is with our probabilistic password cracker and whenever I mentioned just to somebody of the the reactions universal their eyes kind of glaze over they kind of nod you know nicely there and they go well that sounds very interesting academic but you know what input dictionaries are using stuff like a and then you try move the conversation along and I have to say this is something that I really believe in strongly I mean I've been drinking the kool-aid and I we've been using this and it just keeps on getting better and better and really what we're trying to do here is you you hear about different optimizations and password cracking all the time you know there are certain words that are used more often others like password monkey and football so certain word Bangla rules are used more often you know the number number one two three double-oh-seven people tend to capitalize the first letter from more than anything else and so on the problem though is when your crane these a password cracking rules it becomes very hard to commen ad hoc basis to take advantage of all these optimizations here because you have to have a rule like try all the numbers you know try all dates at the end of a password and you have to have another rule that says try all four digit numbers after a password except for those dates that you try beforehand and this gets really pay in the but especially we have multiple word Mangan rules or multiple optimizations that you're doing probably the most extreme example of this I saw was one person John Rupert mailing list mentioned they had a over a 1000 or 12,000 rule John Ripper config file just trying to take advantage OLOL it up quite honestly I'm lazy I don't want have to do that so really what this Park probabilistic pass or cracker is trying to do is just to automate this for us so I mean and what this is really nice is what we're doing is we're assigning a probability to a password guess based upon all the different information that we know about this and this allows us to go ahead and rank password guesses in probability order and it just allows us to switch between different rule Mangan rules so I mean we can determine whether we want to try you know a very common password was a very uncommon word mangle rule before we want to try you know maybe a common word was a very uncommon word with a very common mate word mangle rule and vice versa now and we've been having a ton of success with this here so if we can't break this into two different parts one we have a training program that automatically parse is a known password list and generates what we call a grammar that has all this information in it and then we have two actual after cracker itself that uses these two grammars to go ahead attack passwords and say we assign probabilities just about everything probability that certain dictionary words can be used probability a certain word mangling rules like adding three numbers to the end of a password are being used in a specific replacement so like the probability to have two digit numbers used is that number twelve versus number 21 now I can keep on talking about this but what I really want to do is have something blow up in front of everybody here which is probably what's going to happen so we're going to do a live demo now I don't expect you to read all this here but basically I'm going to be doing is I'm going to run our probabilistic passer cracker I'm gonna be feeding it two different input dictionaries it actually supports up to ten if you really really want to get crazy there one input dictionary just contains common passwords and so I'm going to try to add a higher probability since they're very common and I'm gonna try a much larger input dictionary of less common words and it's a password crackers going to switch between the two of them what I'm gonna do after that though is I'm gonna pipe it right into John Ripper because as I said I want to create my own you know password hashing algorithm stuff like that and unfortunately we can't use the PHP list there since uh once again due to user privacy issues if showing you know crack passwords in front of the entire you know hacking audience might not be appreciated by our school in legal department so what we're at second be doing is running against MySpace list this is a list that was disclosed about two years ago and the thing about that is all the passwords were in just in plain text so you could read them so they've already been disclosed those users of our tip pretty much been hosed by now so we're not really claiming any additional danger but what we did though since cracking plain text passwords is pre pointless is we went ahead and we use hash them using md5 which is the exact same hashing algorithm that the PHP list was so this pretty much simulates the PHP attack here and it's gonna crack about 17,000 passwords and we actually split the password lists up into different parts just for different typical machine learning when you collect these so we have a training list and a cracking list that we use and now you can see it's going off right now these are all the passwords are being cracked right now and you can kinda see it's going a little bit fast I probably should use a slower pet hashing algorithm but it's a switching between different rules so it's not just trying you know try one digit and try two digits and so on it's trying you know some other distance some exclamation marks than number seven and periods you know it's going between this and it actually takes an account the wart password likes as well because people tend to you know make passwords at six seven or eight characters long there's actually a lot of different other optimizations that we're looking at building into it because this is definitely a work in progress one thing that we're looking at doing is incorporating you know targeted based attacks so instead of trying to crack a big old password lets you try to tack one person well all you need to do is just create another input dictionary of like their kids names their names you know birthdays and so on and you just try to listen Eyre probability now all the other passwords there so that way you still be trying all these common passwords but also try stuff targeted specifically to them now you also know it is starting to get a little bit slower there and that's kind of by design we'd love it if it just cracked everything immediately and went really fast but the thing is that it is based upon a kind of probability model so as a good crack initially it cracks all tasks was really quickly because there really you know easy to crack passwords but as it keeps on going on here it's kind of trying more and more you know or less less probable password guesses here so it takes more and more password guesses for it to crack new password now one other thing is that just based on a grammar here this will run pretty much forever so I mean you can just kind of let it go and it doesn't really run out rules there because it has you know it generates actually literally trillions of different rules that can use and most of me will never ever ever get to in a sort of password cracking session that you would have also you notice that these are still very you know weak passwords here and that's the reason is that this we're just starting the password cracking session so it's not going to try you know really complicated or advanced passwords until much later now if you do have like a password creation strategy though where you have to only attack strong passwords the way you deal with this here is that you just create your training list based upon only strong passwords and that way it will start off by trying only strong passwords out in the cracking session so I think that's pretty good there so you go ahead and stop this okay so they ran for about two minutes and 30 seconds and we cracked a little bit over 30% of the passwords in this list here this is actually one of like about a hundred different reasons to why I think that password changed policies are and stupid not in that order maybe but uh it's I'm really I think they do more damage to pass our to security than they actually help to tell you truth especially when you're talking about offline attacks unless you change your password every two minutes it really doesn't do much okay now brute force everyone can come puts us down is probably most misunderstood of all different attack techniques and saying is it's really really powerful but you just have to use a little bit of brains on that and let's talk about cup really quickly about a couple of the brief optimizations here the very basic thing though is you at the very least you should be doing layer frequency analysis if you're not you're probably using cable and picking your nose but I mean the and you can actually really get fancy with Slayer frequency analysis I don't think I need to explain it on just because I'm sure everyone's heard about it for example though you train it out you can train on previous passwords you can have different frequency analysis for the beginning and end of a password because feel ten put numbers in and capitalize the first letter and so on where it's also extremely useful though is trying to figure out what layers not to try for example Q doesn't occur that much so why bother trying this and your brute-force algorithm especially since you're not trying to crack every password you're just trying to crack a majority to pass words and was number letter Q you're gonna probably be trying to attack it you either let's say you know keyboard combinations like QWERTY or was you know dictionary based attacks anyway so you might as well drop that and some of the other less frequent ones as well now a much more advanced option though is Markov models and what this does is it takes the conditional probability of letters into account the scrabble example here is if you have two letter Q you pretty much hosed unless you have a letter U and your uh set as well because you always follows Q that's really all Markov model does it says if you're given this letter here what's the next letter that follows it and it's extremely powerful generating via brute force words that look like something that a human created and John Ripper uses an extremely powerful version that is here that actually not only takes an account the next letter but the letter after that as well and it runs extremely fast and not I'm just really impressed by it I know I'm trying to sell John Ripper here but the I apologize for that but it really is a good program that being said though you can actually add a lot more logic on top of that and using the user letter frequency or markov models as well and we can just call this a targeted brute-force attack and this is where you basically take the input of a brute-force message and apply you know basic dictionary word manly rules - its - the whole password guess as a whole so instead of trying you know the uppercase letters everywhere in your password won't you only try uppercase letters the very first character instead of trying you know numbers everywhere in your password won't you only try them at the very end and there's various uh you have just different rules in this just like you would have a divison dictionary based attack also you can take external knowledge into this account as well for this list here people use PHP BB a lot in their passwords well I mean if I already know what five characters of your password are it makes it a lot easier to brute-force there's actually a tool out there called crunched it does a very good job of this it's on the programming form of the remote exploit board there that's why I kind of show you an example of a brute-force attack I'm not going to run this but just to show you what trying to attack a strong password with brute force so the first thing I'm going to do is I'm going to run John to represent comb Alamo because I don't want to have to go ahead and write my own bark off models and it's just going to go ahead and generate the guesses based upon lowercase letters and these are actually the letters that John Ripper will go ahead and generate the very first layers of words they'll generate using a sink romantic mood if you read these these look a lot like dictionary words in fact a lot of them are like starless or dog or start a marine and that's the wonderful of using Markov models is because it does generate things that look like they're in a dictionary but it also generates words that are not in input dictionary but someone could definitely use like Stech so it's really really nice now this still won't attack a strong password though so for that we need to apply you know some additional logic so i just go ahead and pipe that to standard out and pipe that into a script of mine and all the script does is it just capitalized as the first letter as a special character the end and it has a digit and in this particular attack and now when we look at this it looks like a real strong password here it's going to any of these will particularly uh break out you know password creation policy and I project you off my lazy button spend five minutes to add something that will reject words that are certain size to you unless they're too small if they're too small but now we can go ahead and attack passwords that most people can say are strong using a brute force type method and then we just go hand-piped is alright back in the john ripper since i don't want to have to deal with that and just let John Ripper deal with all the password cracking there okay so that's nothing the PHP BB list though let's go ahead and talk a little a little bit about the web hosting talk list it was originally hacked in March 21st or at least that's when the list was disclosed and the attacker was real I really there's no other way to put it there but what they did was they posted over 200,000 usernames passwords and allowed our good information there online and then proceeded to go ahead and delete the website and delete all the backups as well which really sucked for the system administrators there now normally as I said before I don't go ahead and audit salted password list they're just they're just too much of a pain there's better lists for me to go ahead and try to crack with my Dell computer so the reason why I went ahead and tried to attack this list though was because of response once they got their site up on an operational because they actually had to Telus users that they were hacked because it's pretty hard to cover that up so they gave a little post about you know they've been hacked don't worry we're secure now and all it's our stuff but they gave a piece of advice I thought was really misleading and dangerous and they said and I quote passwords are hashed was assault it would be an unprecedented event to reverse engineer our passwords I changed my password periodically though so maybe today is a good day for that I mean that's that's like me saying hey guys you know the copy room is on fire but don't worry you know there's a sprinkler system here there is no way this building's going to burn down but you know occasionally I like to go out for lunch so maybe you should use maybe walk outside the building if you feel like it and that's why I decided to go hand crack this list here now the also posted online to absolutely no credit card or PayPal data was compromised and so a court apparently to tack or had full access to her site deleted error saying stuff like that but at PayPal and credit card data you know the who wants that so fail now what was even bigger fail though was yet after he got back it up and operational a couple weeks later the Hat site was hacked by the same exact guy over again uh and they posted all the username passwords online as well and he also posted you know two thousand credit card numbers and I won't even go into it but yeah the site was saying like well the only compromise two thousand credit card numbers the rest we think are still safe a nose and eyes won't really want to kind of State for the record here I mean people get hacked I'm not getting a hard time for that I mean as we've seen this last Wednesday here even everyone in security community scenes began hacked as well also getting someone out of your system is really hard to do especially when you have users yelling at you to get your system back up and operational right now as I said my main problem was the web hosting talk is the way to handle disclosure to data to users because as I said I felt that was really dangerous of them because you do at least have to give users a sense that there is a ticking clock they have to go out and change your passwords not only for this site but all of their other sites as quickly as possible and that's really important to do now one interesting fact I found one point out here is that if you compare the two lists that from when they were posted online only 1348 users had to actually change your password in a couple weeks period from when the sec op online after it been cracked and when it was cracked a second time there and that's less than 1% of the total users that's the point 6 percent to be exact so this can gives us a little bit of idea of the window of opportunity for an attacker to go ahead and break into a site or break these accounts and use those accounts against the site itself or other sites as well so the next thing though was to figure out whether this hash was really unbreakable or not so the I needed to go ahead and figure out what how you know forum software using so one Google search later is like the second option there I told me that yetis vBulletin forum and our Google sort search went ahead and told me that the forum of vBulletin de hash there was all it was was just two rounds of md5 so you take the user's password the hash it once with 75 they append the salt to that and they hashed out again with md5 so as I said really it's only two rounds of md5 to go ahead and do this but and I couldn't figure out that an option in Chuck John Ripper to do this so I actually at my own password cracker and I implemented it in there but the big question though was did he do anything special would I spend like the next you know a couple weeks trying to crack his passwords only find out that I had implement it wrong which happens all the time so the first way in or test is I just tried to password password and ran it through it and of that I cracked immediately 1109 people so yeah pwned but I mean what about that password salt and I'd say it really is a serious problem for an attacker which is great for the defender and why I keep on hyping this password salt here because every single users password salt was different and what that mean meant was stuff for every single guess I make I have to go ahead and hash that guess for each individual user and what that means is if it took me one hour to go ahead and try to run an attack against the PHP BB list which was just one md5 hash it would take me over to our taking around 200,000 hours to run that against this web hosting talk list here because I'd have to run as I said hash against each of those 200,000 users and I got Dell computer so that's a serious serious issue that being said I still managed to crack 34% of them in about a week and a half time and a vast majorities here was just going ahead and trying list of previously pet crack passwords now in fact almost all of these well that's all I did and actually on this was probably more effective to do this on this list here on on this list here then most likely fine because there's a significant overlap in the number of people that are interested in you know forum software like PHP BB calm and you know are interested in web hosting as well so there was quite a few people that we saw the exact same password in these two different sites here which really helped us out a lot and what I really want to stress here is because when I was just reading through all the different posts about this there's a lot of people that like would post your hash online I'd say look you know I saw my hash in here but don't worry about I chose a strong password he has a salt no one's ever going to go ahead and crack this and saying is I really want to stress the people that the salt does not protect individual users so don't be an idiot and post your password hash online if I was a real attacker and I was doing this for malicious and means here I wouldn't go ahead and try to crack every single person's password I won't try all you know 200 cells and you know hashes to be doing this what I'm going to do is I'm going to for all the people with admin or webmaster in their email address and I'm going to attack those guys specifically because there's a good chance that couple of those got people there use the same password on their site or at least I'll get a little bit information about them to attack their site more effectively and if I'm only trying a couple of people two rounds of md5 in fact if for a couple people you can even get down to one there PS because you don't have to the first round ones for everybody so I can watch some very advanced text attacks against specific users and that's what you really need to keep in mind here so even though the password list is salted you really do need to treat it the with care they're cool I actually got downtime - thanks for coming to Def Con I wish had a great time I'll be available for questions answered afterwards

Info

Channel: Christiaan008

Views: 288,207

Rating: 4.8811474 out of 5

Keywords: cracked, password, lists

Id: 0WPny7wk960

Channel Id: undefined

Length: 49min 0sec (2940 seconds)

Published: Sat Jan 15 2011