1
00:00:00,330 --> 00:00:03,690
‫So in the previous lecture, we couldn't crack the password of the user.

2
00:00:03,900 --> 00:00:04,830
‫Cyber Lab.

3
00:00:05,310 --> 00:00:08,190
‫So let's try to crack it with the brute force attack.

4
00:00:08,970 --> 00:00:13,320
‫Brute force attack means a lot of time because it tries all the possibility.

5
00:00:14,040 --> 00:00:19,650
‫So if you choose the correct character, set the success rate of cracking a password by brute force

6
00:00:19,650 --> 00:00:22,350
‫attack is theoretically 100 percent.

7
00:00:23,070 --> 00:00:27,490
‫But how long will it take if the password length is more than eight?

8
00:00:27,510 --> 00:00:34,410
‫It will take months, years or thousands of years to try all the password possibilities for any ordinary

9
00:00:34,410 --> 00:00:34,980
‫computer.

10
00:00:37,230 --> 00:00:42,540
‫So as you see in the table, the LM password is not empty for Cyber Lab.

11
00:00:43,960 --> 00:00:44,680
‫A tip here.

12
00:00:45,310 --> 00:00:51,310
‫The hash of an empty password starts with a D and ends with four e.

13
00:00:52,300 --> 00:00:57,100
‫Look at the LM hash of the guest user, split the hash into two identical parts.

14
00:00:57,670 --> 00:01:03,340
‫You'll see two hashes that start with add and end with four each.

15
00:01:04,710 --> 00:01:11,940
‫As I mentioned before, the method splits the password into two seven character passwords and then takes

16
00:01:11,940 --> 00:01:17,010
‫the hash, which means we have to crack to seven character passwords.

17
00:01:17,400 --> 00:01:18,240
‫Well, fair enough.

18
00:01:18,550 --> 00:01:23,760
‫L.A. Method converts the password to all caps, so the character set is not so big.

19
00:01:24,620 --> 00:01:28,340
‫We can crack an LM hash in an acceptable time interval.

20
00:01:29,180 --> 00:01:35,120
‫So right click on the Cyber Lab line and brute force attack, select Elon hashes.

21
00:01:36,270 --> 00:01:42,210
‫The brute force attack window is a bit different from the dictionary attack window and, as expected,

22
00:01:42,360 --> 00:01:43,740
‫no dictionary list now.

23
00:01:44,070 --> 00:01:47,700
‫Instead, we have a character set combo box.

24
00:01:48,600 --> 00:01:52,980
‫The default character set are just uppercase letters and numbers.

25
00:01:53,280 --> 00:01:55,560
‫No alphanumeric characters in the set.

26
00:01:55,860 --> 00:01:58,980
‫So to keep the demo fast, let's just go with this set.

27
00:02:00,030 --> 00:02:06,000
‫It says to two hashes loaded and as you know, the hash value is split into two identical parts.

28
00:02:07,590 --> 00:02:14,010
‫On the upper right hand corner, we can choose the minimum and the maximum length of the passwords for

29
00:02:14,340 --> 00:02:17,070
‫Method Max, maxlength for the password is seven.

30
00:02:17,340 --> 00:02:19,620
‫So this configuration is perfect.

31
00:02:21,050 --> 00:02:23,510
‫Now, I pressed the Start button to start the attack.

32
00:02:25,050 --> 00:02:25,620
‫Wow.

33
00:02:26,250 --> 00:02:29,820
‫It found the value of one of the hashes in milliseconds.

34
00:02:30,390 --> 00:02:31,710
‫So let's look at the hash file.

35
00:02:32,550 --> 00:02:34,200
‫Yeah, it's the second part.

36
00:02:34,740 --> 00:02:37,620
‫So that means that the password ends with cue.

37
00:02:38,650 --> 00:02:45,070
‫I think the password of the Cyber Lab user is the same with the passwords of the administrator except

38
00:02:45,430 --> 00:02:46,540
‫the dot at the end.

39
00:02:46,840 --> 00:02:47,620
‫But we'll see.

40
00:02:48,190 --> 00:02:50,140
‫So let's look at the key rate.

41
00:02:51,270 --> 00:02:54,780
‫Cain tries more than 10 million passwords in a second.

42
00:02:55,080 --> 00:02:56,520
‫Now that's pretty fast.

43
00:02:57,470 --> 00:03:04,190
‫In the time left frame, we can see that the trying all possible passwords will take about two hours

44
00:03:04,490 --> 00:03:05,950
‫unless Cain cracks it.

45
00:03:06,510 --> 00:03:08,330
‫So let the Cain run for a while.

46
00:03:11,430 --> 00:03:12,690
‫All right, and we're back.

47
00:03:13,020 --> 00:03:15,810
‫It took more than an hour, and here's the result.

48
00:03:16,260 --> 00:03:23,370
‫We're lucky because no alphanumeric character is in the password and we succeeded to crack it.

49
00:03:24,260 --> 00:03:28,220
‫The first part is one, two, three four QQQ.