Sunday, November 11, 2007

Password cracking - A brief intro to how they work and to bypass them...

Passwords are everywhere...

Take any application, and it is probably very likely protected by some security measure (most likely a password). Passwords have become the most widely used, and one of the most dependable security measures in present cyber society. Take your email account. It is saved by a password. Your social account - may be in orkut or myspace or any other social network is protected by a password. Your own Operating system is probably password protected. Even your screen saver is protected by a password. Passwords are virtually everywhere. You simply cannot avoid them.

Since this blog is largely about bypassing these passwords, we shall first know how these passwords work. That is the very basis of all types of hacking and cracking.

So, let's end all the crap talk and jump to the real thing...

Passwords, are basically encrypted and stored in a separate file, which is checked, when authentication mechanism comes into play. The algorithm of encryption varies from system to system. In case of operating systems, it is stored in such a location where only the superior most user has access. In case of *nix platforms, it's the /etc/shadow or the /etc/passwd file. In case of windows NT, it's in the registry, or the SAM database. The passwords are encrypted using a predefined algorithm and then stored in these files. When the user has to be authenticated, the authentication program is run and the user has to enter the password, which is then encrypted to match with the already encrypted password present in the file. If it gives a positive ID the user is authenticated, otherwise, access is denied. In case of passwords in online accounts, the password may not be stored in the local computer. It is stored in the remote computer's password database. So, when you login to your computer, the password database used is (may be not in some cases, if your computer is a terminal to another server machine.) present in the local computer. In case of online accounts, as in the case of mail accounts, the password you enter is checked with the one in the server's database.

The very fact that the password is stored in a file in some storage media, is the vulnerability, that is exploited. All we have to do is get the file, and then crack the password. But again, we need to know the algorithm used to encrypt the password. "How to do that?" is the next question that comes in the mind. Fret not. The Internet has the answer to this. Once we get to know the algorithm, we can directly switch over to cracking the passw0rd. It is taken for granted that the reader knows programming. Even if the reader expertise any specific programming language's knowledge, still it is mandatory to learn C. It is the most powerful language I have come to know about, in the sense that it gives control over every single bit, in any memory location.

Now I shall tell about the various techniques of cracking passwords.

There are basically three different ways of cracking a password:

(1) Dictionary based cracking - Where we try out common passwords.

(2) Brute force cracking - Where we try all possible combinations of letters, numbers, and/or special characters.

(3) Rainbow tables - These are my favorite type of attack. It uses a database of preencrypted passwords, using a certain algorithm. This is used as a substitute to brute force, as brute force is a very tedious process, it takes a lot of time to crack a password. As the maximum amount of time is consumed in encryption of passwords, what we do is, encrypt the passwords, and store them in a database. When we have to crack a password, we have to do a simple lookup in the database. This makes the process real fast. The time consumption, thus becomes a one time affair - in the generation of these databases.

A more elaborate descriptions of these methods, along with sample programs is expected to be provided in a later post. Keep checking in...

No comments: