L0phtCrack

L0phtCrack Is a password cracker that will take encrypted Windows NT passwords and compute the plain text password. L0phtCrack – SANS GIAC LevelOne ©2000, 2001 1 Thank you, and welcome to SANS LevelOne. We will be covering L0phtCrack. Hello, my name is Eric Cole and I will be explaining L0phtCrack to you. If you have any questions or comments regarding L0phtCrack please contact me at eric7095@aol.com. 1 Password Cracker Details • Name: L0pht Crack • Operating System: Microsoft NT • Methods: dictionary attack, brute force attack and hybrid attack. • Brief Description: A password cracker that will take encrypted NT passwords and compute the plain text password. L0phtCrack – SANS GIAC LevelOne ©2000, 2001 2 L0phtCrack (zero, not the letter O) is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operating system. The operating system does not store the user passwords in their original clear-text form for security reasons. The actual user passwords are encrypted because they are sensitive information that can be used to impersonate any user, including the Administrator of the operating system. L0phtCrack computes the password from a variety of sources using a variety of methods. The end result is a state-of-the-art tool for recovering the passwords that users use. L0phtCrack operates in three attack modes to crack a user’s password. They are a dictionary attack, a brute force attack, and a hybrid attack. Each of these will be covered in detail in later slides. 2 Checklist • The following are the objectives for this course. After completion a user should understand the following: – what password cracking is – why it is important – methods of password cracking – weaknesses in Windows NT’s implementation of encryption – what L0phtCrack is – how to install and run L0phtCrack – how L0phtCrack works – how to protect against password cracking on Windows NT – password security features in Windows NT – features of a strong password L0phtCrack – SANS GIAC LevelOne ©2000, 2001 3 This page intentionally left blank. 3 How are passwords stored on a system? • User passwords must be protected against: – unauthorized disclosure – unauthorized modification – unauthorized removal • Solution: Store only encrypted password L0phtCrack – SANS GIAC LevelOne ©2000, 2001 4 In most companies, passwords are the first and only line of defense to protecting their information and servers. Since most user IDs consist of the first initial / last name of an employee or some combination, it is fairly easy to find out valid user IDs for individuals at a company. Based on this, the only other piece of information you need to gain access is a user password. Therefore, they need to be protected and very hard to guess. The key things passwords need to be protected against are: unauthorized disclosure, unauthorized modification, and unauthorized removal. If users write down their passwords or share them with other people, then the user’s password is compromised and can be used as an entry point into the system. Being able to modify a password is just as risky because as long as an attacker knows what password is associated with a user ID, they can use it to gain access. It does not matter if the real user knows it or not. This is potentially dangerous [for the attacker] because if the user tries to get in and cannot, they might be suspicious of foul play. In order to protect passwords, operating systems use encryption, which basically hides the originally content so if someone gets the encrypted password they will not be able to determine what the original password was. 4 Encryption 101 • Encryption is the process of converting plain text into cipher text. • The goal is the make the original text unreadable. • Three basic methods: – symmetric - single key – asymmetric - two keys (public and private) – hash - one way algorithm, no key L0phtCrack – SANS GIAC LevelOne ©2000, 2001 5 This section will cover a brief overview of encryption so that you can understand why and how password cracking works. For additional details, there are several good cryptography books on the market. (Editor’s Note: Applied Cryptography by Bruce Schneier is generally considered one of the best references on cryptography. - JEK) In its most basic form, cryptography is the process of converting plaintext into ciphertext with the goal of making the original [plain] text unreadable. Basically, plaintext is the original, “human readable” message and ciphertext is the unreadable message in its encrypted form. Therefore, since the goal of passwords is to make them unreadable, they are stored in encrypted form. There are three basic type of encryption. Symmetric encryption uses a single key to encrypt and decrypt the message. If two people wanted to communicate, they would both have to have the same key and one person would use it to encrypt the message and the other person would use the same key to decrypt it. (Editor’s note: Symmetric encryption is also known as private key cryptography because a single, private key is used for encryption and decryption. – JEK) Asymmetric encryption uses two keys, a public and a private key. The public key is given to everyone and is used to only encrypt The private key is known by only the owner and is used to decrypt messages. (Editor’s note: Asymmetric encryption is also known as public key cryptography because it uses both a private key and a public key to encrypt and decrypt information. – JEK) Hash functions are considered one-way functions because they perform a one-way transformation of information that is irreversible. Basically, given an input string, the hash function would produce a fixed-length output string, and from the output string there is no way to determine the original input string. NT uses hashing to store its passwords. Basically, it would take a user’s password, run it through a hash algorithm, and store the hash of the password. When someone tries to log on to the system, it takes the passwords the user enters, runs it through the hash, and if there is a match then it is the same password. 5 ... - slideshare.vn