|
SOFTWARE CRACKING
Software cracking is the modification of software to remove
protection methods. This is a type of reverse engineering.
Reverse engineering means study the design, structure and
pattern of process to know how things are work and modify
them for some other use, mainly personal use.
The main reasons for software cracking is:
(1) For understanding algorithms used in software
for use in there own programs.
(2) Making shareware software full-version.
1. PASSWORD CRACKING
Password cracking is a type of software cracking.
Since password form one of the foundation of security for
most of the systems and networks, cracking password is high
on the list of priorities for the attackers trying to break
into and compromise such systems. Password cracking is the
process of recovering secret passwords. Main method of
cracking is guessing. So password cracking is the process of
guessing the password for an application or system until the
correct one is found.
Purpose of password cracking:
(1)Help a user to recover forgotten password.
(2)As a preventive measure.
Cracking password can be approached in two ways. They are:
Online Cracking and Offline cracking.
1.1.1 Online Cracking
This approach involves sniffing the network
traffic to capture authentication sessions and try to
extract passwords from the captured information. This is
generally slow and difficult to accomplish, but there are
some tools are available that are specially designed for
sniffing out password from network traffic.
1.1.2 Offline Cracking
This is the preferred method. This involves
compromising a system to gain access to the password file or
database and then running a tool called password cracker to
try to guess valid password for user account. Offline
cracking can be performed on the compromised machine or the
password file can be grabbed and copied to a machine located
outside the compromised network to be cracked at leisure,
even some worms such as Double Tap and Lion can
automatically grab passwords from infected systems.
1.2 Principal attack methods used in password cracking:
There are many methods that are used to crack
passwords. Some of them are given below:
(1) Weak
encryption.
(2) Guessing.
(3)
Dictionary Attack.
(4) Brute
Force Attack.
(5) Hybrid
Attack.
(6)
Precomputation
(7)
Memorization.
(8) Password
Grinding.
1.2.1. Weak Encryption
Sometimes we use cryptographically weak function
to store password. In most of the computers, before storing
the password into the database it encrypt the password and
stores in some place. Or it may use some hash function for
this. If the system uses some weak function to encrypt
password the cracker needs only a fewer operation to decrypt
this.
One example for this is LM hash that Microsoft
Windows uses by default to store user passwords that are
less than 15 characters in length. LM hash breaks the
password in to two 7-character fields which are then hashed
separately, allowing each half to be attacked separately.
1.2.2. Guessing
This is the simplest method. Not surprisingly
many of the people use very weak passwords such as blank,
the word 'password', 'passcode' and some other words having
the meaning of password, the users name or the login name,
the name some significant relatives of the user, their birth
place, date, pet’s name, passport number etc…… and some
users neglect to change the default password.
Sometimes it is very easy to crack the password
if we have a good idea about the behavior of the user. So by
guessing we can easily crack these passwords.
1.2.3. Dictionary Attack
This type of attack uses some password cracking
tools (we will discuss these later). The tool will be
equipped with a dictionary which contains some commonly used
passwords, name of places, common names, and other commonly
used words. The password cracking tool then encrypt these
words by using all commonly used encryption methods and then
by using some good searching algorithms check whether a
valid match is found or not.
This is a simple method. And also this is the
commonly used method. It can perform both online and offline
cracking.
1.2.4. Brute Force attack
In this method the cracker try all combinations
of letters and digits. This is the simplest and least
efficient method. This is the most time consuming method
.This is used when the dictionary fails. By using the
letters, digits and special symbols it generate every
possible length until the correct one is found or the
attacker gives up. The ease with which the password can be
cracked varies with different platforms and systems. OS much
as Microsoft windows server 2003 store the password securely
in encrypted form. To crack such passwords usually requires
at the minimum physical access to the system using
administrative credentials and even then Brute force is
usually the only the approach for extracting password.
User applications such as office productivity tools can
protect document with passwords, and these are generally
easier to crack. Older platforms such as windows 95 stored
password information in '.pwl' files that were weakly
encrypted and easy to crack. In this approach the feasibility
is dependent upon the length of the key, the computational
power available for the process, and the patients of the
attacker. This is also used in both online and offline
cracking.
1.2.5. Hybrid Attack
This is the combination of both Dictionary and
Brute force attack. In addition to cracking passwords it is
used for guessing community names on a network that uses
simple network management protocol. In a typical hybrid
attack the cracking program generates short strings of
characters and adds them to the beginning and end of the
dictionary words. Eg: A password such as “daisy 123 “ would
likely crack very quickly through a hybrid attack, which
would try the world “daisy “ with various short strings of
characters appended.
1.2.6. Precomputation
This involves hashing each words in the
dictionary and store in the form of <plain text , cipher
text> pairs in a way that enables lookup on the cipher text
field. This is very useful only when salt is not properly
used in the program (Salting will be explained later). By
applying time-memory trade-off, a middle ground can be
reached – search space of size N can be turned into an
encrypted database of size O(N 2/3) in which searching for
an encrypted password takes time O(N 2/3).
1.2.7. Memorization
This is a method similar to precomputation. This
is used to crack multiple passwords at cost of cracking just
one. Since encrypting a word takes much longer than
comparing it with a stored word, a lot of effort is saved by
encrypting each word only once and comparing it with each of
the encrypted passwords using an efficient list searching
algorithm.
1.2.8. Password grinding
This is manually trying to guess passwords for an
application, system, or network. This is a primitive form of
password cracking in which the attacker simply attempts to
log on repeatedly to the target machine, trying different
passwords until either the correct one is guessed or the
system locks out the attacker. While this might seem like a
fruitless activity, it is amazing how many users employ the
word password as their passwords and how many administrators
fail to change or disable the default passwords included
with devices such as routers they install on their networks.
Even considering the marked exaggeration of hacking
abilities depicted in movies like WarGames and Mission
Impossible, a knowledgeable cracker can occasionally succeed
using this simple method and then leverage the obtained
password to further compromise a target system or network.
1.3. MARKET PLACE
Password crackers have valid uses in business
environments. It provide legitimate tools and services to
companies that need to access password-protected document or
an administrator account or to disable screen savers. There
are many tools are used in the market to crack passwords.
Some of them are described below.
Popular Tools for Cracking Passwords:
1.3.1. L0pht Crack:
This is used for auditing account, passwords and
recovery lost password on Microsoft windows. Administrators
can use this to audit their network and detect weak
passwords that could constitute security vulnerabilities.
The tool can also be used as a password cracker, through a
“Hide” features allows administrators to configure it so
that it does not divulge passwords it has cracked but rather
simply displays auditing information such as length. It
works via dictionary attack. The current version is called
LC4.
1.3.2. John the Ripper
This is another type of password cracking tool
available for Linux /Unix open ums and Microsoft Windows. It
also uses Dictionary attack, it has numerous rules for
permitting dictionary entries to guess passwords that might
be thought difficult to attack. This is intended to produce
for detecting weak Unix passwords. The Architecture of this
tool is extensible , allowing custom cracking modes to be
defined using C code.
1.3.3. Ophcrack
Open source program used to crack windows
LMhashes( As described above) using rainbow tables. (They
are large pre-computed files). It can crack 99.9% of
alphanumeric passwords of up to 4 character length. The
rainbow tables reduces the time needed to crack password.
1.3.4. Rainbow crack
It also uses rainbow tables to crack passwords.
It reduce length of time needed to crack passwords.
1.4. PREVENTIVE MEASURES
Many people use the password cracking tools for
harmful purposes. So it is big need to know the preventive
measures.
The most important measure is use very strong
password. Don’t use any passwords related to our behavior,
or use any names or places related to us. If we use such a
password it will become very easy for a person who knows us
closely to crack those passwords.
Ensure that attackers cannot get access to even
encrypted passwords. It is accomplished by storing the
password some other place other than the default place,
because in most systems all the passwords are stored in some
particular system files.
Lock out an account that has been subjected to
“too many” incorrect password guesses. In this method
lockout the account if the user tries so many incorrect
passwords.
Salting: In this method a random string called
salt is suffixed or prefixed with the password before
encrypting it. This is mainly use to nullify precomputation
and memorization. Since salt is usually different for all
users, the attacker can no longer construct the tables with
a single encrypted version of each candidate password. Unix
system usually use 12-bit salt.
Password shadowing: This another type of
preventive measure used in Unix systems. This is done by
hiding the location of the password. On Unix system systems
user passwords together with user names and other
information concerning user are stored in a word readable
file called /etc/password. One of the main goals of
attackers trying to compromise such systems is “grabbing”
the password file and then trying to crack the passwords it
contains. Password shadowing separates the sensitive
information (such as passwords) in this file from its public
information (such as user names) and stores the sensitive
information in a different file called a shadow file.
Permissions on this shadow file are then configured as
root-readable, which means only root (super user) can access
its contents, making it much more secure than the password
file that anyone can access. The location of the shadow file
varies with different platforms; for example, /etc/shadow on
Linux and /etc/security/passwd on AIX.
1.5. PASSWORD RECOVERY
Another name for password cracking, guessing the
password for an application or system until the right one is
found. Usually used in the context of legitimate activity.
|
