Enviar pesquisa
Carregar
Ceh v5 module 13 web based password cracking techniques
•
3 gostaram
•
2,321 visualizações
Vi Tính Hoàng Nam
Seguir
Ceh v5 module 13 web based password cracking techniques
Leia menos
Leia mais
Tecnologia
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 40
Baixar agora
Baixar para ler offline
Recomendados
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Vi Tính Hoàng Nam
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Recomendados
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Vi Tính Hoàng Nam
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
Session Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
sabulite
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
Ch20
Ch20
Joe Christensen
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Network Security
Network Security
Manoj Singh
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Adam Nurudini
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Malware analysis
Malware analysis
Prakashchand Suthar
System hacking
System hacking
CAS
Password Cracking
Password Cracking
Sina Manavi
File000139
File000139
Desmond Devendran
Mais conteúdo relacionado
Mais procurados
Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
Session Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
sabulite
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
Ch20
Ch20
Joe Christensen
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Network Security
Network Security
Manoj Singh
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Adam Nurudini
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Malware analysis
Malware analysis
Prakashchand Suthar
System hacking
System hacking
CAS
Mais procurados
(20)
Module 2 (footprinting)
Module 2 (footprinting)
Session Hijacking ppt
Session Hijacking ppt
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Ch20
Ch20
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Network Security
Network Security
Footprinting and reconnaissance
Footprinting and reconnaissance
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Malware analysis
Malware analysis
System hacking
System hacking
Destaque
Password Cracking
Password Cracking
Sina Manavi
File000139
File000139
Desmond Devendran
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Mike Barker
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
File000133
File000133
Desmond Devendran
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
Ethical Hacking
Ethical Hacking
Pallavi Sonone
password cracking and Key logger
password cracking and Key logger
Patel Mit
Password craking techniques
Password craking techniques
أحلام انصارى
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Vuz Dở Hơi
Password Attack
Password Attack
Sina Manavi
Intro to White Chapel
Intro to White Chapel
Rob Fuller
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Shweta Sharma
Destaque
(13)
Password Cracking
Password Cracking
File000139
File000139
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
File000133
File000133
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Ethical Hacking
Ethical Hacking
password cracking and Key logger
password cracking and Key logger
Password craking techniques
Password craking techniques
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Password Attack
Password Attack
Intro to White Chapel
Intro to White Chapel
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Semelhante a Ceh v5 module 13 web based password cracking techniques
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
Improving Password Based Security
Improving Password Based Security
Rare Input
Password hacking
Password hacking
Mr. FM
Password hacking
Password hacking
Abhay pal
Personal Internet Security System
Personal Internet Security System
Matthew Bricker
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Network Security Tools and applications
Network Security Tools and applications
webhostingguy
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
Cedar Consulting
How to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
Password Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
Ch07.ppt
Ch07.ppt
ImXaib
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
Information security & ethical hacking
Information security & ethical hacking
eiti panchkula
Network security-1195284736736860-4
Network security-1195284736736860-4
nayamat32
18 hacking
18 hacking
Sai Srinivas
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
cougarcps
Semelhante a Ceh v5 module 13 web based password cracking techniques
(20)
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Improving Password Based Security
Improving Password Based Security
Password hacking
Password hacking
Password hacking
Password hacking
Personal Internet Security System
Personal Internet Security System
Password cracking and brute force tools
Password cracking and brute force tools
Network Security Tools and applications
Network Security Tools and applications
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
How to hack or what is ethical hacking
How to hack or what is ethical hacking
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
Password Strength Policy Query
Password Strength Policy Query
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Ch07.ppt
Ch07.ppt
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Information security & ethical hacking
Information security & ethical hacking
Network security-1195284736736860-4
Network security-1195284736736860-4
18 hacking
18 hacking
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
Mais de Vi Tính Hoàng Nam
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
Vi Tính Hoàng Nam
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Vi Tính Hoàng Nam
Catalogue 2015
Catalogue 2015
Vi Tính Hoàng Nam
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
Vi Tính Hoàng Nam
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
Vi Tính Hoàng Nam
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Vi Tính Hoàng Nam
Các loại cáp mạng
Các loại cáp mạng
Vi Tính Hoàng Nam
Catalogue 10-2014-new
Catalogue 10-2014-new
Vi Tính Hoàng Nam
Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
Camera QTX-1210
Camera QTX-1210
Vi Tính Hoàng Nam
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
Vi Tính Hoàng Nam
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
Vi Tính Hoàng Nam
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
Vi Tính Hoàng Nam
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
Vi Tính Hoàng Nam
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
Vi Tính Hoàng Nam
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
Vi Tính Hoàng Nam
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Vi Tính Hoàng Nam
Mais de Vi Tính Hoàng Nam
(20)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Catalogue 2015
Catalogue 2015
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Các loại cáp mạng
Các loại cáp mạng
Catalogue 10-2014-new
Catalogue 10-2014-new
Qtx 6404
Qtx 6404
Camera QTX-1210
Camera QTX-1210
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Último
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Último
(20)
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Ceh v5 module 13 web based password cracking techniques
1.
Module XIII Web-based Password
Cracking Techniques Ethical Hacking Version 5
2.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: • Authentication • Authentication Mechanisms • Password Cracker • Modus Operandi of an Attacker Using Password Cracker • Operation of a Password Cracker • Classification of Attacks • Password Cracking Tools • Password Cracking Countermeasures
3.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Understanding Authentication Authentication Mechanisms Password Cracker Modus Operandi of an Attacker Using Password Cracker Operating a Password Cracker Attacks - Classification Password Cracking Tools Password Cracking Countermeasures
4.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Authentication – Definition Authentication is the process of determining the user’s identity In private and public computer networks, authentication is commonly done through the use of login IDs and passwords Knowledge of the password is assumed to guarantee that the user is authentic Passwords can often be stolen, accidentally revealed, or forgotten due to inherent loopholes in this type of authentication
5.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Authentication Mechanisms HTTP Authentication • Basic Authentication • Digest Authentication Integrated Windows (NTLM) Authentication Negotiate Authentication Certificate-based Authentication Forms-based Authentication RSA Secure Token Biometrics
6.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited HTTP Authentication There are two techniques for HTTP authentication. They are: • Basic • Digest
7.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Basic Authentication It is the most basic form of authentication available to web applications It begins with a client making a request to the web server for a protected resource without any authentication credentials The limitation of this protocol is that it is wide open to eavesdropping attacks The use of 128-bit SSL encryption can thwart these attacks
8.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Digest Authentication It is designed to provide a higher level of security vis-à-vis Basic authentication It is based on the challenge- response authentication model It is a significant improvement over Basic authentication, as it does not send the user’s cleartext password over the network
9.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Integrated Windows (NTLM) Authentication It uses Microsoft’s proprietary NT LAN Manager (NTLM) authentication program over HTTP It only works with Microsoft’s Internet Explorer browser and IIS web servers Integrated Windows authentication is more suitable for intranet deployment In this type of authentication, no version of the user’s password ever crosses the wire
10.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Negotiate Authentication It is an extension of NTLM authentication It provides Kerberos-based authentication It uses a negotiation process to decide on the level of security to be used This configuration is fairly restrictive and uncommon except on corporate intranets
11.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Certificate-based Authentication It uses public key cryptography and a digital certificate to authenticate a user It is considered as an implementation of two-factor authentication. In addition to something a user knows (his password), he must authenticate with a certificate A user can be tricked into accepting a spoofed certificate or a fake certificate Very few hacking tools currently support client certificates
12.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Forms-based Authentication It does not rely on features supported by the basic web protocols like HTTP and SSL It is a highly customizable authentication mechanism that uses a form, usually composed of HTML It is the most popular authentication technique deployed on the Internet
13.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Things to Avoid in Passwords Do not add a single digit or symbol before or after a word – for example, “microsoft1" Do not double up a single word – for example, “msoftmsoft" Do not simply reverse a word – for example, “tfosorcim" Do not remove the vowels – for example, “io" Key sequences that can easily be repeated – for example, “qwerty,” “asdf,” etc. Do not garble letters – for example, converting e to 3, L or i to 1, o to 0, as in "z3r0-10v3"
14.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Changing Your Password Change your password regularly, such as once a month Change your password after you return from a trip You should also change your password whenever you suspect that somebody knows it or even that they may guess it – for example, if someone stood behind you while you typed it
15.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Examples of Bad Passwords “james8" - Based on the user’s name; also, too short. “samatha" - The name of the user’s girlfriend; easy to guess “harpo" - The user’s name (Oprah) backwards “superstitious" - Listed in a dictionary " sUperStiTIous " - Just adding random capitalization doesn't make it safe. “kadhal - Listed in a Tamil foreign language dictionary “obiwan" - Listed in word lists “spicer" - Listed in a geological dictionary "qwertyuiop" - Listed in word lists
16.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited The “Mary Had A Little Lamb” Formula Consider a phrase: “Mary had a little lamb. The lamb had white fleece.” 1. Consider the first letter of each word, i.e.: MHALLTLHWF 2. Every second letter of the abbreviation can be put in the lower case, i.e. MhAlLtLhWf 3. Replace “A” with “@” and “L” with “!”. Thus, a new alphanumeric password with more than eight characters will be formed 4. New Password: Mh@l!t!hWf
17.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How Hackers get hold of Passwords ? Steal it • Shoulder surfing – watching while you type the password • Retrieving the paper you wrote the password on Guess it • Simply guess the password • Psychologists say that most men use four-letter obscenities as passwords, and most women use the names of their boyfriends, husbands, or children A brute force attack • This is where every possible combination of letters, numbers, and symbols is used in an attempt to guess the password. While this is an extremely labor-intensive task, with fast, modern processors and software tools, this method is not to be underestimated. A Pentium 100 PC can typically try 200,000 combinations every second, which would mean that a six-character password containing just upper- and lower-case characters could be guessed in only 27½ hours A dictionary attack • Dictionaries with hundreds of thousands of words, as well as specialist, technical, and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords, such as "qwerty", and "abcdef”
18.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Windows XP: Remove Saved Passwords 1. Click Start & Select ->Run 2. Type "rundll32.exe keymgr.dll, KRShowKeyMgr“, the stored Usernames and Passwords are visible 3. Select -> any of the entries -> select Properties to view the existing information 4. Select-> any entries -> select Remove, to remove a saved password 5. Then, Click -> OK & thus, the account will be removed 6. After using the interface click -> Close button
19.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What is a Password Cracker? According to Maximum Security definition, “A password cracker is any program that can decrypt passwords or otherwise disable password protection” Password crackers use two primary methods to identify correct passwords: brute force and dictionary searches A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer's memory, the program may be able to decrypt it
20.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Modus Operandi of an Attacker Using Password Cracker The aim of a password cracker is mostly to obtain the root/administrator password of the target system The administrator right gives the attacker access to files and applications and can install a backdoor, such as a Trojan, for future access to the system The attacker can also install a network sniffer to sniff the internal network traffic so that he will have most of the information passed around the network After gaining root access, the attacker escalates privileges to that of the administrator In order to crack passwords efficiently, the attacker should use a system that has a greater computing power
21.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? 1. To understand how a password cracker works, it is better to understand how a password generator works. Most of them use some form of cryptography 2. Crypto stems from the Greek word kryptos. Kryptos was used to describe anything that was hidden, obscured, veiled, secret, or mysterious. Graph is derived from graphia, which means writing
22.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? (cont’d) 3. Cryptography is concerned with the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers, and other methods, so that only certain people can see the real message 4. Distributed cracking is where the cracker runs the cracking program in parallel, on separate processors. There are a few ways to do this. One is to break the password file into pieces and crack those pieces on separate machines
23.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? (cont’d) 5. The wordlist is sent through the encryption process, generally one word at a time. Rules are applied to the word and, after each application, the word is again compared to the target password (which is also encrypted). If no match occurs, the next word is sent through the process 6. In the final stage, if a match occurs, the password is then deemed cracked. The plain-text word is then piped to a file
24.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Attacks – Classification The various types of attacks that a hacker performs to crack a password are as follows: • Dictionary attack • Hybrid attack • Brute force attack
25.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Query String The query string is the extra bit of data in the URL after the question mark (?) that is used to pass variables The query string is used to transfer data between client and server Example: http://www.mail.com/mail.asp?mailbox=sue&c ompany=abc%20com Sue’s mailbox can be changed by changing the URL to: http://www.mail.com/mail.asp?mailbox=joe&c ompany=abc%20com
26.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Cookies Cookies are a popular form of session management Cookies are often used to store important fields, such as user names and account numbers All the fields can be easily modified using a program like Cookie Spy
27.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Dictionary Maker This tool can build your own dictionaries to create word lists
28.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Password Crackers Available LOphtcrack John The Ripper Brutus Obiwan Authforce Hydra Cain And Abel WebCracker Munga Bunga PassList ReadCookies.html SnadBoy WinSSLMiM RAR Gammaprog
29.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Brutus Brutus is an online or remote password cracker Brutus is used to recover valid access tokens (usually a user name and password) for a given target system
30.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Authforce Authforce is an HTTP Basic Authentication brute forcer Using various methods, it attempts to brute force user name and password pairs for a site It is used to test both the security of a site and to prove the insecurity of HTTP Basic Authentication based on the fact that users usually do not choose good passwords
31.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Hydra Supports several protocols like TELNET, FTP, HTTP, HTTPS, LDAP, SMB, SMBNT, MYSQL, REXEC, SOCKS5, VNC, POP3,IMAP, NNTP, PCNFS, ICQ, Cisco auth, Cisco enable, Cisco AAA Through the parallizing feature, this password cracker tool can be fast depending on the protocol This tool allows for rapid dictionary attacks and includes SSL support
32.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Cain & Abel Cain & Abel is a password cracking tool for Microsoft operating systems It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using dictionary, brute force, and cryptanalysis attacks & so on It contains a feature called APR (ARP Poison Routing), which enables sniffing on switched LANs by hijacking IP traffic of multiple hosts at the same time
33.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: WebCracker WebCracker is a simple tool that takes text lists of user names and passwords and uses them as dictionaries to implement Basic authentication password guessing It keys on the "HTTP 302 Object Moved" response to indicate successful guesses It will find all successful guesses given in a user name/password
34.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Munga Bunga It's a brute forcer, which uses the HTTP protocol to establish its connections
35.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: PassList PassList is another character-based password generator
36.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: SnadBoy http://www.snadboy.com "Snadboy Revelation" turns back the asterisk in password fields to plain text passwords
37.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures Choose Passwords that have at least eight characters Passwords should have a combination of lower- and upper-case letters, numbers, special characters, etc. Do not use words that can be easily found in a dictionary as passwords Do not use Public information, such as social security number, credit card number, and ATM card number as passwords Never use Personal information as passwords User names and passwords should be different
38.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures (cont’d) Managers and administrators can enhance the security of their networks by setting strong password policies. Password requirements should be built into organizational security policies Systems administrators should implement safeguards to ensure that people on their systems are using adequately strong passwords When installing new systems, make sure default passwords are changed immediately
39.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures (cont’d) The user can use the SRP protocol. SRP is a secure password-based authentication and key-exchange protocol. It solves the problem of authenticating clients to servers securely, where the user of the client software is required to memorize a small secret (like a password) and carries no other secret information
40.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Authentication is the process of checking the identity of the person claiming to be the legitimate user HTTP, NTLM, Negotiate, Certificate-based, Forms-based, and Microsoft Passport are the different types 0f authentications Password crackers use two primary methods to identify correct passwords: brute force and dictionary searches LOphtcrack, John the Ripper, Brutus, Obiwan, etc. are some of the popular password-cracking tools available today The best technique to prevent the cracking of passwords is to have passwords that are more than eight characters long and to incorporate upper- and lower-case alphanumeric, as well as special, characters into them
Baixar agora