Explore the many techniques malicious parties use to acquire passwords. Lisa discusses the three ways users authenticate on most networks, biometrics, passwords, and physical tokens. Learn some of the best tips for securing your system, to keep black-hat hackers at bay. Understand how and where systems store user information and passwords.
- [Lisa] Authentication is proving your identity, like presenting your driver's license to the teller at the bank when you wanna cash a check. However, in a computing environment user authentication on the network can be done in one of three ways, what you know in the form of a password, what you are in the form of a biometric such as a fingerprint or facial recognition, or what you have such as a smart card. Although there are choices, authentication is commonly done in the form of a username and password.
Passwords are still widely used because they're cheap and easily enforceable. System hacking starts most of the time with attempting to obtain the password. When conducting ethical hacking, it's important to know where the passwords are stored in a system. In Microsoft, users' password are stored in the Security Account Manager or SAM database in a hashed format. And these can be found in this folder which is in the SystemRoot/system32 folder, which by default is accessible only with administrative privileges and is not available while the operating system is booted.
In an attempt to improve the security of the SAM database against offline cracking attempts, Syskey encrypts the password hash values for all local account stored in the SAM. This 128-bit RC4 encryption key is stored in the SAM registry hive, and this, again, is not accessible while the operating system is booted. There are a number of methods to obtain a password or password file, and these include passive sniffing of password using a packet analysis tool, or a man-in-the-middle attack such as a replay attack.
There's also what's called active online attacks. These would include any of the following: password cracking, Trojans, guessing, phishing, keystroke logging, or even Spyware. Another attack is called Pass the Hash. This is a hash injection attack which sends the hash value instead of the plain password and can be done against any service accepting LAN management or New Technology LAN Management authentication.
Offline, we obtain the hash file and we then would use a distributed rainbow table in order to obtain the password. Then there are a number of other methods we could use, such as shoulder surfing, dumpster diving, social engineering, and even buying a password, where a recent study shows that 27% of US office workers would sell their passwords. Now, user training would of course prevent this type of attack, but we must be vigilant because once we obtain the password, we can then gain access.
And that leads to the next step which is privilege escalation.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks