Join Malcolm Shore for an in-depth discussion in this video Password testing, part of Learning Kali Linux.
- [Instructor] The most common way of controlling access to computers is using passwords. But this often fails because users don't take enough care when selecting them. Many systems enforce password construction rules, such as a mix of uppercase and lowercase letters plus numerics. But even so, the results will often be spectacularly bad. The best way to educate organizations on the importance of password strength is to demonstrate how easy to is for an adversary to recover them.
A hacker will gain unauthorized access into a system and then copy the password file to their own system to subsequently run password recovery tools on it. Once they retrieve passwords, they have valid credentials to use for access, which of course the system thinks are authorized. Passwords are not stored in plain text on a system, because that would make it just too easy for them to be exposed. Instead, they're stored using a one-way hash algorithm such that the hash is related uniquely to a password and easy to create.
But it's impossible to reverse the algorithm and recover the password from the hash. There are three main ways to recover a password from a hash. Trying every possible combination of letters, numbers, and symbols until one matches. Using a technique called rainbow tables, in which every possible hash is created and using a fast searching algorithm to match the hash. And using a dictionary of plain text passwords to see if one matches. First of all, let's take a look at the Password Attacks menu in Kali.
I'll click on the fifth application menu, Password Attacks. And here we see three submenus, Offline Attacks, Online Attacks, and Pass the Hash. Each of the submenus contains a set of tools specific to the submenu topic. The Offline Attacks menu provides a set of tools to recover passwords from files that have been extracted from their host systems, although some are used directly on the host. The Online Attacks are used to try to directly enter a system online.
Passing the hash is a method of using a hash to gain access to a system without recovering the related password. Dictionary attacks are much faster than brute force. And having access to a good word list is important. Let's have a look at what word lists are available in Kali. I'll click on the word list entry at the bottom on the right. We can see there are a number of directories containing word lists for various tools.
First an archive called rockyou.txt.gz. This contains a useful, general-purpose password file, so extract it and list some of the contents. Okay, there's a lot of candidate passwords in that file. The directory also contains the nmap.lst file, which is a short set of words used by nmap for its dictionary searching. Let's have a look at the contents of the metasploit directory. Here we can see the files used by metasploit when it's doing dictionary tests.
Let's clear the screen.
This course will give prospective ethical hackers a short overview of the tools in Kali Linux. Cybersecurity expert Malcolm Shore shows how to set up a virtual environment for testing, configure Kali Linux, and install toolsets for information gathering, vulnerability assessment, password and hash cracking, and target exploitation.
Because businesses are connected, they are also exposed. Vulnerability testing helps organizations limit that exposure. This course will help you explore the careers, techniques, and tools behind ethical hacking—one of the most competitive and sought-after IT security skills.
- Overview of Metaploit, Maltego, and Wifite
- Setting up a virtual lab with Oracle VM
- Installing virtual machines and appliances
- Exploring the Kali Linux applications
- Gathering information with DMitry and DNSenum
- Conducting a vulnerability assessment
- Installing OpenVAS and Vega
- Testing passwords
- Exploiting targets
Skill Level Beginner
Q: This course was updated on 06/12/2017. What changed?
A: The following topics were updated: setting up a virtual lab, installing appliances, Windows Credential Editor, using John for Windows passwords, pass the hash, using rainbow tables, exploiting with Armitage, pivoting through a network, and getting stealth and persistent access. In addition, a new video was added that shows how to create Trojans with msfvenom.