Mississippi State University Digital Forensics 1

Password Cracking and Live CDs

Alex Applegate

Mississippi State University Digital Forensics 2

Overview

•  Passwords •  Attacks Against Passwords •  Defenses Against Password Attacks •  Locations of Password Files •  LiveCDs •  Examples of LiveCDs

Mississippi State University Digital Forensics 3

Password Security

NOTE: Not my actual password!

Mississippi State University Digital Forensics 4

Passwords

•  All major operating systems (that use password authentication) accepts a password from a user and applies some hash algorithm to store in a file

•  When the password is given again, the hash is applied to the supplied password and compared against what is in the file (remember, a hash is a one-way operation)

Mississippi State University Digital Forensics 5

Attacks Against Passwords

•  Brute Force – Try every character combination

•  Social Engineering/Targeted – Birthday, Kids’ names, favorite food, etc.

•  Rainbow Tables – Pre-generated hash tables

•  Keystroke Capture – Intercept credentials as they are entered

Mississippi State University Digital Forensics 6

Defenses Against Password Attacks

•  Longer Passwords –  Particularly important in Windows systems –  LanMan passwords are clipped at 14 characters and

broken into two 7-character parts –  In newer versions, passwords over 14 characters do not

store a LanMan password, only NTLM –  LanMan capability should be turned off in eligible

systems

•  Increased Number of Valid Characters •  Salting

Mississippi State University Digital Forensics 7

Salting

Mississippi State University Digital Forensics 8

Security Keyfob

Mississippi State University Digital Forensics 9

Cracking Statistics

Mississippi State University Digital Forensics 10

Cracking Statistics

Mississippi State University Digital Forensics 11

Locations of Password Files

•  Windows XP and Later –  %windows%\system32\config\SAM

•  Unix and derivatives –  /etc/passwd –  /etc/shadow

Mississippi State University Digital Forensics 12

Live CDs

•  A LiveCD is a media-based bootable environment –  Usually on CD, but may also be on DVD or

thumb drives •  Pre-configured with tools to perform a

specific task or set of tasks

Mississippi State University Digital Forensics 13

Examples

•  Forensics and Incident Response –  SIFT: SANS Integrated Forensics Tools –  Helix –  DEFT –  Knoppix STD

•  Penetration Testing –  Backtrack –  BlackBuntu

Mississippi State University Digital Forensics 14

SIFT 2.0

Mississippi State University Digital Forensics 15

Summary

•  Passwords •  Attacks Against Passwords •  Defenses Against Password Attacks •  Locations of Password Files •  Examples of a Live CD

Mississippi State University Digital Forensics 16

Password Cracking and LiveCDs

QUESTIONS?