Quebrando Hashes de Senha na Prática
•Transferir como PPTX, PDF•
0 gostou•316 visualizações
O documento discute técnicas para quebrar hashes de senha, incluindo brute force, lookup tables e rainbow tables. Ele também aborda ferramentas como Hashcat e John the Ripper, além de estratégias como priorizar hashes curtos e usar dicionários com regras para aumentar a probabilidade de quebra. O objetivo é fornecer conhecimentos práticos sobre como identificar senhas a partir de hashes de forma ética durante testes de penetração.
Recomendados
Recomendados
Mais conteúdo relacionado
Destaque
Destaque (20)
Quebrando Hashes de Senha na Prática
- 1. O MAIOR EVENTO DE HACKING, SEGURANÇA E TECNOLOGIA DO BRASIL DO CONTINENTE
- 2. Quebrando Hashes de Senha na Prática Ulisses Castro
- 3. O QUE SÃO HASHES? 26/05/2016 3
- 6. 26/05/2016 6 Como “quebramos” um hash?
- 8. Técnicas mais utilizadas • Brute Force* • Lookup Tables • Rainbow Tables 26/05/2016 8
- 13. PENTEST + HASH CRACKING 26/05/2016 13
- 14. Cenários Comuns • Man in the middle • SQL Injection • Windows Cached • Shadow, MySQL, MSSQL, Oracle • Wifi 26/05/2016 14
- 16. Desafios • Complexidade • Tempo • Poder Computacional • Algoritmos • Salt 26/05/2016 16
- 17. Ferramentas • Hashcat / oclHashcat • OphCrack / Rcracki_mt • John the Ripper • Table Lookup Online*** 26/05/2016 17
- 19. Fast VS Slow 26/05/2016 19 Rápidos Lentos MD5 PBKDF2 SHA1 SCRIPT NTLM PHPASS … …
- 23. Performance • CPU • GPGPU (GPU) • FPGA • Amazon EC2 (GPU) • HPC 26/05/2016 23
- 25. 26/05/2016 25
- 26. Ferramentas • Hashcat / oclHashcat (PACK) • OphCrack / Rcracki_mt • John the Ripper (hpc patch) • Cryptohaze-Multiforcer • Table Lookup Online*** 26/05/2016 26
- 28. Depende… Quantidade de hashes Tempo Poder Computacional 26/05/2016 28
- 29. Estratégias <100 hashes Rainbow Tables Brute Force (Poder Computacional) Brute Force Dic. Brute Force Dic. + Rules (rand) Hash Cracked + PACK == +Rules Loop 26/05/2016 29
Notas do Editor
- Como exemplo tirei uma foto do help(hashlib.md5()), para entender de forma suscinta o que é entendido como “HASH”.
- Aqui gerei um
- Tirar foto de um fluxo desenhado em uma folha de papel.
- The simplest way to crack a hash is to try to guess the password, hashing each guess, and checking if the guess's hash equals the hash being cracked. If the hashes are equal, the guess is the password. The two most common ways of guessing passwords are dictionary attacks and brute-force attacks.
- Lookup tables are an extremely effective method for cracking many hashes of the same type very quickly. The general idea is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup table data structure. A good implementation of a lookup table can process hundreds of hash lookups per second, even when they contain many billions of hashes.
- Rainbow tables are a time-memory trade-off technique. They are like lookup tables, except that they sacrifice hash cracking speed to make the lookup tables smaller. Because they are smaller, the solutions to more hashes can be stored in the same amount of space, making them more effective. Rainbow tables that can crack any md5 hash of a password up to 8 characters long exist.
- Salt ensures that attackers can't use specialized attacks like lookup tables and rainbow tables to crack large collections of hashes quickly.
- Explicar um pouco sobre algoritmos rápidos(MD5, SHA1, NTLM..), vs lentos (PBKDF2, bcrypt, script, PHPASS). Salt ensures that attackers can't use specialized attacks like lookup tables and rainbow tables to crack large collections of hashes quickly, but it doesn't prevent them from running dictionary or brute-force attacks on each hash individually. High-end graphics cards (GPUs) and custom hardware can compute billions of hashes per second, so these attacks are still very effective. To make these attacks less effective, we can use a technique known as key stretching. The idea is to make the hash function very slow, so that even with a fast GPU or custom hardware, dictionary and brute-force attacks are too slow to be worthwhile. The goal is to make the hash function slow enough to impede attacks, but still fast enough to not cause a noticeable delay for the user.
- Explicar um pouco sobre algoritmos rápidos(MD5, SHA1, NTLM..), vs lentos (PBKDF2, bcrypt, script, PHPASS).
- Explicar um pouco sobre algoritmos rápidos(MD5, SHA1, NTLM..), vs lentos (PBKDF2, bcrypt, script, PHPASS).
- General-purpose computing on graphics processing units. FPGA (Field Programmable Gate Arrays). Amazon EC2 (com e sem GPU) Tesla High-performance computing (HPC) is the use of parallel processing for running advanced application programs efficiently, reliably and quickly. The term applies especially to systems that function above a teraflop or 1012 floating-point operations per second.
- For example, PC3 can do 250360 Mh/s against NTLM, which actually means 250,360,000,000 tries per second.
- For example, PC3 can do 250360 Mh/s against NTLM, which actually means 250,360,000,000 tries per second.
- Levando em consideração os cenários mencionados anteriormente, e levando em consideração o tempo que tem em mãos. Qual seria a melhor estratégia de ataque contra hashes capturados durante um pentest.
- Password Analysis and Cracking Kit