Kenton McDaniel - Practical Password Cracking

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so who am i my name is kenton mcdaniel i love hacking things i love cracking passwords i get like super excited about cracking passwords so i tend to talk really fast and get way too excited about it um i was top 10 on hashes.org if any of you are familiar with that back before it went away it was a password cracking enthusiast kind of community site where you would grab word lists crack the passwords and recontribute for new word lists i had a 94 a 95 positive non-dupe rate which is pretty good so i love cracking passwords my favorite question i've ever been asked throughout my information security career is if i've ever heard of metasploit i was on a call with some clients and they asked me if i've ever heard of it because they didn't think i knew what i was talking about i have in fact heard of metasploit i've used it a time or two so this is this is me and two memes um so let me just take a look at those real quick so i want to cover a couple of the terms that i'm going to be talking about when we talk about cracking passwords the first one is our key space our key space is the total set of possible characters within the space of a password that could be created so we need to think about our key space when we're talking about how we're going to address cracking the passwords and a hash is a cryptographic output of a function that generates a fixed length and that length is different depending on the hashing algorithm but it takes in whatever the input is and generates a fixed length based on that input so it could be a file it could be some text it will generate a fixed length output based on the input and the ideas that i want to address are password cracking is approachable for everybody anybody who needs to crack passwords can you can craft your approach so that you can get the maximum output from your password cracking and it's not just peer brute forces it's not just dictionary attacks you want to have a consistent approach that you can follow that will give you good gains for your output on your password cracking and then once you've cracked those passwords cycle them back into your word list reuse the passwords that you've cracked to get even more cracks in the future or even to go back against your initial dump of password hashes so utilizing the information that you have beforehand utilizing the information that you gain during your cracking runs combining that all together to get a higher crack rate a lot of times when i work with when i talk to other penetration testers other red teamers the idea is we ship off the passwords they get cracked by the org any hashes any passwords that come back from those hashes i used right and that's not a bad approach but we can do better we can do better than just ship it off to the password cracking box and get back whatever we get let's be better and let's get more cracks and let's tailor it more specifically to our client as well a couple of clarification points when you're cracking a password you never actually recover the original plain text of a hash cryptic cryptographic hashes by nature are one way only you will never recover the original plain text but what you will do is generate a hash that has the same plain text with enough confidence to say that that is the cryptographic hash right so you put in the same plain text and it gives you the same the same result within a degree of confidence and this is important for salted functions right like bcrypt s crypt so with any degree of confidence for you to say yes this is the original plain text the more gpus you have the better time you're going to have but the approach that i'm taking is a single gpu so a single gpu you can recover hard to crack passwords we should all be familiar with password strength meters they're pretty common in the industry a lot of people say go look at a password strength meter it'll tell you if your password's good or not or we may even use them in our orgs right we may say okay go out to this password strength meter we put it in our a.d environment to gauge the strength of your password we want to crack those passwords right but password strength meters are bad and they should feel bad they are based solely on length and relative complexity not based on how we as humans can figure out how to crack passwords better so for example this password it said would take two months to crack in reality it'd probably take about 10 seconds to crack they just don't know how to efficiently gauge what the real strength of a password is right and so then this one it says my passwords take three years well that's not true it's in an already known dump of passwords in plain text so the last one is this one has anyone ever seen this password before i've got some xkcd fans out there right so past phrases right everyone's saying well use past phrases well passphrases are cool but most english words exist in most dictionaries and so if i have those english words in my dictionary i can use what's called a combinator attack to build combination word lists from english dictionaries stretch out my key space and get passphrases so if you're saying four or five so the practical limit for me with my single gpu is five words so at that practical limit so if you go six words due to my hardware constraints i'm not gonna get your password at five words i am gonna get your password if you're just chaining together dictionary words even if you're using separators with those dictionary words i'll get your password it's a function of time and investment right so if you include character substitutions that can make it a little bit more difficult but if you do like character substitutions of like three for an e that's way too easy to get um it's too normal of a character substitution so we can go over and over and we can rag on password strength meters all day but that's not what we're here for so the two tools that i use the most are hashcat and john the ripper i prefer hashcat but i still use john the ripper occasionally if the algorithm is not supported by hashcat so i have a full list of my preferred word lists rules and this methodology out on my github to github.com jerry blanks and password cracking methodology that's not my real name you probably noticed uh that's that's my alias right so that's my github where i have my password cracking methodology the words i like to use and hilariously rocky.text if any of you are familiar with it is still going strong it's still my go-to word list all the time use rocky.text first people don't change use rocky.text first and then expand onto your more complex ones different hashing elder algorithms have differing times to crack so for our for our blue teams right for our defenders use the strongest password hashing algorithm that you can always choose salted over non-salted use those strong algorithms because it takes longer to crack and at some point you give up right so if i'm going against bcrypt and i've already been trying running the cracking job for four days i'm probably gonna give up at day number five depending on how bad i really want that hash always use salted the more rounds the better so we're going to benchmark my cracking rig and see how quickly we can do some common hash algorithm so it's an ubuntu box and it's a single rtx 2080 super so that's something that should be approachable for most people um it's not bleeding edge gpu but it's a nice gpu right but it's just one so just a single rtx 2080 super and here you can see my crack rates so the top one is of course ntlm which is unsalted thanks microsoft so ntlms i'm going to crack them real fast everything else it kind of descends right you get to the bottom and it's decrypt yeah it's pretty slow so there's different approaches brute forcing dictionary mask and hybrid i'm going to talk a little bit about all of these and our source that we get for these is have i been owned is anybody familiar with have i been owned they offer you their entire data set as ntlms if you want it um and you don't even like have to ask it's just on the website so just so you know if you ever want all of the ntlms that i haven't been owned as they will give them to you so i went out and grabbed a thousand ntlms from have i been owned i will not show the passwords because these poor passwords are not very great so i won't show them we'll protect their innocence um so brute forcing is attempting all characters within an expanded key space forever the pros are given enough time and resources you'll eventually get that the gill eventually crack the hash the cons given enough time and resources you'll eventually crack the hash so it could take a very very long time and that's not practical right we want to talk about practical password crossing cracking so i don't have any any slides about brute forcing because it's not efficient it's not practical dictionary attacks so the idea is you use a set of predefined words that could be previously leaked passwords they could be passwords you've recovered in other ways so you use this dictionary to try to generate guesses against the hash that you have and then you can augment that with rules you can augment it with other things we're just going to talk about dictionary and rules real quick so the pros are it's very flexible and it's very fast you can swap out your dictionaries relatively easy it's incredibly quick to go the cons are your key space is still limited because you're only limited by what the transform of the rules allows you to do and you're limited by what is in your dictionary so using a dictionary i've already cracked passwords so for example my methodology would be use rocky first right rocky.txt first then use the roku plus best 64 rule then use rocky plus one rule and then switch over to hash killer which is another dictionary then use hash killer plus best 64 hash killer plus one rule so rotate your dictionaries rotate your rules so that you cover as much of the possible key space as you can while still having a relatively fast attack so password cracking rules are just a static set of transforms that you can apply against a dictionary that will perform functions on the words inside of the dictionary so we'll see here nothing and then reverse it so password gets flipped right uppercase everything and then simple number of pens at the bottom so these rules are designed to help you get permutations against your dictionaries those permutations on your dictionaries can then get you more cracks which you then cycle back into your dictionaries so you crack the passwords cycle those back in run those again with more permutations on the ones that you've cracked so what happens is especially when you're talking about things that are community type things like a website that has a community feeling where everybody is into that one thing that that website is all about right like let's say it's a forum for a popular game a lot of those people's passwords might be based on things from that game right and so if i can get a couple of the passwords i can start seeding my word list with those passwords and then applying more transforms and more rules and that's going to get me a greater crack yield because there's a community there right and the same thing can be said about organizations there's a community inside of that organization there's a community inside of that organization so you know that you once you get the first couple of cracks you can get a greater yield by cycling those words back through your word list and depending more try more guesses with the rules so dictionary attack first dictionary attack i did was again our data sets 1000 right so i just ran it through rock u hilariously we got 23 out of a thousand that's a pretty good recovery rate for a dictionary that's pretty old i can't remember exactly when rocky was leaked but it's pretty old dictionary but we still got a good recovery rate so now we're going to add some rules to it and look at the crack time but the time that it took by the way two seconds so without single gpu you can go through a thousand ntlms in two seconds that's pretty fast same single gpu now we're adding what i believe to be the most comprehensive password cracking rule out there it's called one rule to rule them all i have a link to it on my github so you add that to roku we went up to 5 minutes and 22 seconds and we got 443 so we're almost halfway right we almost have half of those thousand passwords just with rock you and one rule now we're going to talk about masks so a mask is a defined character set defined by a single wealth not a single but defined by two characters right so what we're saying is a mask is a representation of an entire character space that you can fit to append or prepend or use solely as a password cracking attack so question mark u is uppercase alpha question mark l is lowercase alpha d is digits s is special characters and a is everything so you can use these masks as substitutions or appends with your dictionaries or by themselves to get a better yield on your password cracking so for example we've got this one as we can see it's nine lower case right oh and by the way if you're noticing the recovered is always low it's because what i did is i went and cleared my pot file what hash cat does is it stores all the passwords you've cracked is in what's called a pot file for you to go back and recycle like i've been talking about i cleared my pop file that's why so each recovery percentage that you see excuse me is based solely on the one thing we're doing right then so i noticed it when i was making a slide so i thought some of you might notice it as well so just doing nine lowercase alpha got a 17. so not super great right we changed that around to nine characters but we did upper lower lower lower lower lower digit digit digit and that got us 55. so you can take and it's really quick 17 seconds to go through that entire key space that we've defined and looking for things so for example um if we did what's what season is it now it's fall right so if we did fall 20 20 special that's eight characters we can go through that in probably about 10 seconds right and we can even stretch that key space even more by adding more lowers if they're using autumn so we can use mask attacks for really quick if we think it fits within the defined key space that we know about so we can use mask attacks for really quick attacks also like company name right so acme corp we can do acme corp one exclamation point we can do that all through masks we could even just do acme and then a mask appended to it or prepended to it you can use your masks for flexibility for really quick attacks that will get you hashes really fast you can then put back into your dictionaries cycle through and crack some more so a hybrid attack is utilizing a mask and a dictionary so that you can append or prepend it to your dictionary to get more cracks as well the cons here are restricted to augment augmenting your guesses within a certain key space so you're augmenting your guesses but depending on what you define your key space as with the mask you're restricted to that key space so for example we did on this one rocky on the left side right so the rocky word first and then appended to it i did two digits and that only still took two seconds and it was 54 so better than just our run with rocky and then i took it and i prepended the two digits to rock you and got 54 so it's not great so you can append you can prepend you can put it anywhere on either side of the dictionary if you think you want to stretch the key space in a defined manner and then this one is like that attack i was talking about if you want to do like season year it's easy to do you can even build your own word list of seasons build your own word list of companies build your own word list of professional baseball teams that you can then append or prepend your masks to and get incredibly quick performance zero seconds it didn't even register as having taken time to try to crack it and i got 55 passwords so it's faster than rock u and better recovery rate because i i diminished the key space right i said the key space is small enough that hashcat was able to go through it incredibly quickly because humans do things with predictable patterns so it's kind of like if you're going to socially engineer someone you don't use the same pretext for everybody right same thing with cracking passwords don't use the same methodology same dictionaries for everybody because people are different people are going to be different based off of where you get your hashes from purple rain attacks i'm not going to dig into purple rain attacks if you ever want to it's really fun to watch it go hashcat will build custom dictionaries rules and masks on the fly for you and it will throw those sorry not hashcat but the purple rain preprocessor will build these on the fly throw them at hash cap for you and you can watch some of those more difficult hashes come in this takes a long time to run by the way it's very resource intensive takes a long time to run but it's pretty cool to watch the guesses fly through so i talked a little bit about a pop file so the beauty of a pop file is you want to recycle that as early and as often as possible you always want to have your pop file be your source for where you get your new list so you'll have your static list and sometimes new word lists get released um if you if you watch if you know where to look word lists come out fairly frequently there's a new rock you um rock you 2021 it's okay the original rocky still has the same recovery rate in my experience so i haven't switched because the new the new rocky is like twice the size so it's slower but not a better recovery rate so you can look out for new ones but your best source of more guesses is your pop file so recycle it back in with more masks and more combinations so what does this all mean um if we want to be safe we're hoping that people that build the software that we use use the strongest algorithms possible but we can't count on that right we can't count on the people that we are giving passwords to using the strongest algorithm possible and if you're cracking passwords update your word list frequently use your pop file find new mask combinations that you can use go out and join some of the password cracking communities that exist and get more ideas don't just rely on one fixed set of dictionaries that i use and that's it we can do better we can crack more we can recover more identify your client and identify their users i talked a little bit about this know who you're trying to crack the more you know about them the better you can recover their passwords so the standard strategy is for me is something like this take a dictionary run it through dictionary plus a rule dictionary plus another rule maybe i'll go one more and then i'll switch to another dictionary plus one rule plus another rule plus another and you repeat that on down based on your own recovery rate based on your own speed and processing power and then if it's a tailored strategy right then you build your custom word list and building custom word lists a lot of people are like just use crunch and build a word list of every single possible character combination i mean storage is cheap but not that cheap don't make crunch build an entire word list of every single alpha numeric character combination that there is we're not aiming for rainbow tables we're aiming for good word lists that get us through quickly don't trust anyone so if you have a password don't trust anyone with it so in an ideal world everyone's using salting and everyone's hashing passwords but they might not be so use a password manager with a minimum length of 36 that's my recommendation if you want to have confidence that your password will be relatively safe from being cracked use a password manager to generate it don't generate them yourself use a password manager generate it 36 should be your minimum length that you will give to anyone anywhere and i'm even talking about your ad so use a password manager for your active directory 36 characters especially if you're highly privileged i'm assuming since you're at this conference you have some level of privilege that's my recommendation and use mfa for everything that way when your password is cracked it's only one step of the process right so always use mfa and my master password recommendation i'm going to even go a little bit more crazy i would say i would recommend at least 24 to 36 for your master password for your password manager um and a lot of people are going to think i'm crazy it helps right because you can recover the hash of your master password from pretty much every password manager that exists if you're using a client based one there are tools that will extract the hash from it and then it's just a matter of once you crack the hash for the master password of the password management software then i have all your passwords right in an easily consumable state and easy to use i flew through that pretty quick does anyone have any questions so the question was what would i recommend for logging into windows right like normal user password policy and people are going to think i'm absolutely nutty um i still recommend at least 24 characters with complexity requirements maybe 36 depending on the sensitivity of what your organization does and password books um if your users can't remember their password if you're if we're saying okay no user is going to remember a password that long get them a book because now what we're talking about is we're going to talk about a physical intrusion versus just someone phishing us or someone getting in through a single factor vpn to me you have to identify your own threat model my personal threat model for physical intrusion is much much lower than it is for digital intrusion so i would recommend a password book somewhere where you write that password down and don't leave it as a sticky note on your monitor that's not great but have it in a book somewhere that you use that's better than having your password just be your favorite pet's name right so get a book write it down somewhere that's relatively safe but also again figure out your own threat model because that's that's a tough one right if your threat model has physical intrusion on it then that's tough then you gotta push down to the to the users and say no physical intrusion is in our threat model you got to remember that length of password and it could even say go 36 characters but i don't care if it's just a bunch of words strung together because once you reach 36 characters that becomes a lot tougher to crack anybody else have any other yeah the question was have i heard anything about threat actors pooling their work so there's the idea of collaborative hash cracking and yes they do because why wouldn't they right and how they pull their work is publishing word lists right so you publish these word lists and you publish these leaks that have these word lists in them and now everybody has the word list everybody has the passwords so that the next time you go to use them they're already in your word list and if you just go look people are selling credentials as well but that the kind of the idea is yes they are going out there sharing the credentials sharing the hashes and sharing the word list any other questions thank you very much for your time
Info
Channel: SAINTCON
Views: 2,023
Rating: undefined out of 5
Keywords: SAINTCON, SAINTCON 2021, Password Cracking
Id: l1WTxjOK_O0
Channel Id: undefined
Length: 24min 54sec (1494 seconds)
Published: Tue Nov 30 2021
Related Videos
SAINTCON Hallway - Deviant Ollam
SAINTCON
120
A-level Biology Paper 1 | Final advice | Good luck
Miss Estruch
16K
Parts from the Oil-cooled PC - Do they still work???
Linus Tech Tips
1.8M
SAINTCON Hallway - Jayson E. Street
SAINTCON
68
MicroPython Meetup May 2023. Development Update ESP-NOW
MicroPython
39
Making a pickproof lock to stop honest criminals.
Works By Design
823K
SAINTCON Hallway - Bill Swearingen
SAINTCON
75
SAINTCON Hallway - InfoSecSteph
SAINTCON
45
Rebuilding Our DIRTIEST Server - Remote Backup Server Build Log
Linus Tech Tips
2.2M
Mineral Oil Submerged PC Build Log Part 1 - Puget Systems Kit Case Assembly
Linus Tech Tips
3.9M
LayerOne 2023 - ESXicution (z0rro & museifu)
LayerOne Information Security Conference
25
3. Roadmap
Vince AS
9
How High Do You Have To Be To See The Curvature of The Earth 360/VR
Scott Manley
870K
Redirections in Linux | TatOG Explains
TatOG Tech
71
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.