1
00:00:00,860 --> 00:00:07,460
‫Password hashes are one of the most important findings of the penetration tests we have seen how to

2
00:00:07,460 --> 00:00:09,680
‫use these hashes without cracking.

3
00:00:10,220 --> 00:00:11,810
‫Remember the past the hash lectures?

4
00:00:12,850 --> 00:00:20,050
‫All other mechanisms, except India Lim or LMA authentication, we need to crack the passwords to be

5
00:00:20,050 --> 00:00:20,800
‫able to use them.

6
00:00:22,610 --> 00:00:28,910
‫Password cracking is the process of recovering passwords from data that have been stored in or transmitted

7
00:00:28,910 --> 00:00:30,230
‫by a computer system.

8
00:00:30,860 --> 00:00:37,730
‫A common approach is try to guess repeatedly for the password and check them against an available cryptographic

9
00:00:37,730 --> 00:00:38,840
‫hash of the password.

10
00:00:40,490 --> 00:00:44,660
‫But we can talk about three basic types of password cracking here.

11
00:00:45,720 --> 00:00:48,720
‫There's, of course, the one that everybody knows brute force attacks.

12
00:00:49,620 --> 00:00:55,590
‫They work by calculating every possible combination that could make up a password and testing it to

13
00:00:55,590 --> 00:00:56,760
‫see if it's the right one.

14
00:00:57,920 --> 00:01:04,880
‫As a password length increases, the amount of time to find the correct password increases exponentially.

15
00:01:06,090 --> 00:01:12,420
‫As you see, the possibility to find a password using a brute force attack is theoretically 100 percent,

16
00:01:13,320 --> 00:01:19,500
‫but cracking the password can take many years, depending on the password complexity.

17
00:01:20,650 --> 00:01:27,910
‫To make the possible value set smaller, it's probably better to use this method if we know something

18
00:01:27,910 --> 00:01:32,290
‫which will reduce the number of tries, such as the length of the password.

19
00:01:33,990 --> 00:01:42,300
‫Now, since users tend to use known words in dictionary attack, we can use previously prepared dictionaries

20
00:01:42,510 --> 00:01:43,800
‫to find the passwords.

21
00:01:44,400 --> 00:01:51,270
‫It's the smarter method as opposed to the brute force attacks and reduce the number of tries dramatically.

22
00:01:55,120 --> 00:01:58,360
‫But in this case, finding the password is not guaranteed.

23
00:01:58,990 --> 00:02:02,470
‫You can find the password only if it's not complicated enough.

24
00:02:03,780 --> 00:02:09,750
‫And of course, it's a good approach to prepare SECTOR-SPECIFIC or company specific dictionaries to

25
00:02:09,750 --> 00:02:10,920
‫increase the chance.

26
00:02:12,580 --> 00:02:20,290
‫A rainbow table is a listing of all possible plain text permutations of encrypted passwords specific

27
00:02:20,290 --> 00:02:21,640
‫to a given hash algorithm.

28
00:02:22,920 --> 00:02:29,610
‫The password cracker compares the rainbow tables, pre compiled list of potential hashes to hashed passwords

29
00:02:29,610 --> 00:02:30,330
‫in the database.

30
00:02:31,520 --> 00:02:37,280
‫The rainbow table associated plain text possibilities with each of those hashes, which the attacker

31
00:02:37,280 --> 00:02:41,690
‫can then exploit to access the network as an authenticated user.

32
00:02:42,590 --> 00:02:46,160
‫Rainbow tables make password cracking much faster than the earlier method.

33
00:02:47,040 --> 00:02:52,980
‫Such as brute force cracking and dictionary attacks, depending on the particular software, rainbow

34
00:02:52,980 --> 00:02:58,800
‫tables can be used to crack 14 character alphanumeric passwords in about 160 seconds.

35
00:02:59,640 --> 00:03:04,350
‫However, the approach uses a lot of RAM due to the large amount of data and such a table.