passwords in the wild passwords in the wild who am i my
play

Passwords in the Wild Passwords in the Wild Who am I...? My - PowerPoint PPT Presentation

May 20, 2023 •101 likes •990 views

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86 My job... Tenable Network Security

  1. Passwords in the Wild Passwords in the Wild

  2. Who am I...?

  3. My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86

  4. My job... Tenable Network Security Makers of the Nessus vulnerability scanner I do research, reverse engineering Giving talks Plugins: ms10-070 remote ms10-075 remote Padding oracle checks ActiveSync audit (not yet released)

  5. My other job... Dash9Security.com Vulnerability assessment Penetration testing Training Etc. Local to Winnipeg. for now

  6. And finally... Developer for Nmap Wrote smb-* scripts Lots of http-* Conficker detection dhcp, ftp, etc etc. Next projects... IPv6? Other ideas?

  7. Outline Overview of password cracking John the ripper Dictionaries Password breaches How people choose passwords Cracking strategies

  8. Password cracking Hashing → One-way conversion of password hash Eg. md5, sha1, sha256, etc md5: Password: '123456' md5: e10adc3949ba59abbe56e057f20f883e

  9. Password cracking Salting Add something random to each password before cracking Eg: the username md5('123456') => md5('ron123456') Prevents pre-computation attacks Significantly slows down cracking: Algorithm c/s vs 1 hash c/s vs 90.000 hashes md5 (unsalted) 5.625.000 499.036.000.000 sha1 (unsalted) 2.613.000 107.168.000.000 sha1 (salted) 2.447.000 2.472.000 blowfish (x32) 753 754

  10. Why crack passwords?

  11. Password cracking Cracking a hash Essentially, a bruteforce Try every possible password for a hash, see what works eg. hash = e10adc3949ba59abbe56e057f20f883e md5('password') = 5f4dcc3b5aa765d61d8327deb882cf99 md5('qwerty') = d8578edf8458ce06fbc5bb76a58c5ca4 md5('123456') = e10adc3949ba59abbe56e057f20f883e → Found it!

  12. Password cracking Standard tool: john the ripper Free / opensource Created / maintained by Solar Designer (in Russia) Fast. customizable, etc Supports about 50 hash types Lanman NTLM MD5 with all kinds of salting SHA1 with all kinds of salting Linux. Unix. BSD password files SQL Server. Oracle

  13. John the Ripper password Password passwords password1 --wordlist Password1 Use your own base list drowssap 1password Default list is ~3100 entries PASSWORD --rules password2 Used for mangling password! password3 Each password becomes ~50 password7 Easily extensible in john's config password9 --stdin password5 password4 Write you own mangler. etc password8 Not compatible with --rules password6 --stdout password0 password. Output the candidates instead of checking password? psswrd drowssaP Drowssap passworD

  14. Dictionaries Use your own --wordlist Easiest/fastest way to crack passwords Can be general or specific to the breach List of general dictionaries: http://skullsecurity.org/wiki/index.php/Passwords

  15. Dictionaries Examples of general dictionaries English words German words Cities Names IMDB Facebook

  16. Quick aside – story!

  17. Dictionaries General dictionaries (continued) Words from the holy bible Words from various wikis Star Trek The Muppets (yes, the muppets) Wikis on Wikia (including Wikipedia) can be downloaded in .XML format

  18. Dictionaries General dictionaries (continued) Other breaches Nmap, john the ripper, Hydra, Cain&Abel, etc All have built-in dictionaries based on common passwords Among the most efficient for their size Available on my wiki http://skullsecurity.org/wiki/index.php/Passwords

  19. Dictionaries Site-specific dictionaries Let's say a Star Trek fansite was breached (okay. any geek site) First thing to try is Star Trek passwords The site itself wget -r The site's database carders.cc, phpbb I don't distribute these, generally

  20. Dictionaries Simplest command to build dictionary cat input.txt | tr 'A-Z' 'a-z' | sed -r "s/[^a-zA-Z0-9%_+-]/ /g" | tr ' ' '\n' | egrep -v '$^' | sort -S2048M | uniq -c | sort -S2048M -n -r > output-withcount.txt cat output-withcount.txt | cut -b9- > output.txt

  21. Aside: Carders.cc

  22. Aside: Carders.cc

  23. Breaches Will cover 10 different breached sites Normal sites: myspace, phpbb, rockyou Finnish sites: älypää, finnish-unknown Religious sites: faithwriters, singles.org Adult sites: tuscl, porn-unknown Hacking sites: carders.cc The incident, statistics, other details All breaches can be found on my wiki http://skullsecurity.org/wiki/index.php/Passwords

  24. MySpace Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

  25. MySpace Exposed by a phishing attack Poor quality Targeted “phishable” users Some users knew they were being phished One of the first major breaches – 2006 Target of significant research

  26. MySpace Top-10 passwords: Password Count password1 75 abc123 56 fuckyou 34 monkey1 29 iloveyou1 28 myspace1 24 fuckyou1 24 number1 18 football1 18 nicole1 17

  27. MySpace Dictionaries vs. MySpace 100.00% 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% German Muppets Star Trek Site itself Names English US cities Bible Nmap John

  28. PHPBB Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

  29. PHPBB Exposed by SQL Injection Biggest breach at the time – January/09 Second biggest (public) breach of all time Passwords were MD5 hashed Currently. 184.389 out of 189.667 are cracked That's 97,2% (And that's why plain hashing *sucks*)

  30. PHPBB Top-10 passwords Password Count 123456 2.650 password 1.244 phpbb 708 qwerty 562 12345 418 12345678 371 letmein 343 111111 313 1234 273 123456789 253

  31. PHPBB 100.00% 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% German Muppets Star Trek Site itself Names English US cities Bible Nmap John

  32. Rockyou Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

  33. Rockyou Exposed by SQL injection Largest breach of all time, by far Passwords were plaintext Best sample ever released Statistics are exceptionally useful

  34. Rockyou Top-10 passwords Password Count 123456 290.729 12345 79.076 123456789 76.789 password 59.462 iloveyou 49.952 princess 33.291 1234567 21.725 rockyou 20.901 12345678 20.553 abc123 16.648

  35. Rockyou 100.00% 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% German Muppets Star Trek Site itself Names English US cities Bible Nmap John

  36. Älypää Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

  37. Älypää “Smart Aleck” One of the better non-English breaches Not clear how the breach happened Likely SQL injection again Passwords were plaintext One of the smaller breaches, but useful

  38. Älypää Top-10 passwords Google translations. Use your Password Count imagination about salasana 210 (password) 123456 176 perkele 119 (devil) what they might 12345 86 qwerty 74 514007 65 actually mean kakka 63 (poo) moikka 50 (bye) paska 47 (crap) koira 46 (dog)

  39. Älypää 100.00% 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% German Muppets Star Trek Site itself Names English US cities Bible Nmap John

  40. Finnish-Unknown Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

  41. Finnish-Unknown Found by accident Passwords were stored in four ways: Plaintext md5 sha1 Salted sha1 Cracked ~75% of unsalted, ~50% of salted

  42. Finnish-Unknown Password Count salasana 216 (password) 123456 192 perkele 119 (devil) 12345 87 qwerty 78 VQsaBLPzLa 75 (spammer) 514007 67 kakka 66 (poo) moikka 52 (bye) paska 49 (crap)

  43. Finnish-Unknown 100.00% 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% German Muppets Star Trek Site itself Names English US cities Bible Nmap John

  44. Faithwriters Unique Total myspace 37.144 41.545 phpbb 184.389 255.421 rockyou 14.344.391 32.603.387 älypää 1.384 9.135 Finnish-unknown 36.323 50.795 faithwriters 8.348 9.755 singles.org 12.234 16.250 tuscl 38.820 50.028 Porn-unknown 8.089 10.000 carders.cc 1.904 5.062

Recommend

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

447 views • 43 slides
PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords Passwords is a user authentication mechanism that is widely adopted for many years Methods for user authentication: Something you know

901 views • 52 slides
Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

CSCE Intro to Computer Systems Security - Passwords Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not too long ago Hi, I forgot my password! Let me help you. What is your name? My Name is John

369 views • 5 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A S S W O R D F R O M H O M E ! Students: Update your password this summer from home! Student passwords were reset on 7/3/2019. Please follow the

525 views • 14 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
Literacy Activity Wild Animal Habitat What is your favourite wild animal? Where do wild animals

Literacy Activity Wild Animal Habitat What is your favourite wild animal? Where do wild animals

Literacy Activity Wild Animal Habitat What is your favourite wild animal? Where do wild animals live? Wild animals live in their natural habit, this is where they are born. They do not depend on humans. Giant Panda Bear Research

366 views • 9 slides
The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of Passwords Motivation for Studying Passwords Outline Motivation for Studying Passwords 1 2 Overview of Password Failure

373 views • 36 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) October 26, 2000 people 2 Passwords initial password distribution (students)

559 views • 13 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) Slide 1 Passwords initial password distribution (students) limit password guessing

305 views • 7 slides
Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol, and Ashutosh Sharma California State University, Long Beach MobiSecServ Feb. 2015 Passwords CSU Long Beach 2 Most Popular Passwords of 2014*

683 views • 20 slides
OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

The purpose of todays presentation is to provide tools in ARTS to help monitor activity within your office. OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE. Do not publicly post passwords.

332 views • 29 slides
Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable

Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable

Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable Wild Horse and Burro Roundtable September 26, 2017 1 We must develop a broad coalition of interest groups and

355 views • 18 slides
Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb smb 1 Problem Area Clients and servers frequently store plaintext passwords Used for

289 views • 9 slides
Wild Horse Tourism in NM Wild Horse Tourism in NM How the Jicarilla Ranger District of the Carson

Wild Horse Tourism in NM Wild Horse Tourism in NM How the Jicarilla Ranger District of the Carson

Wild Horse Tourism in NM Wild Horse Tourism in NM How the Jicarilla Ranger District of the Carson National Forest can utilize the Jicarilla Wild Horses Territory (JWHT) for Eco-Tourism, Rural Economic Development, Preservation of the Historical

419 views • 17 slides
Sushi Gone Wild: Skit & Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit & Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit & Music Details for the flight of The Wild Sushi Adrienne Chan Elizabeth Chan Jenny Chan Katherine Chan July 21, 2006 Leonard Chan Wild Thing Models that represent the team and aircraft (from left to right):

134 views • 10 slides
Physics 2D Lecture Slides Oct 13 Vivek Sharma UCSD Physics Quiz 2 : Wild Wild West got a Bit

Physics 2D Lecture Slides Oct 13 Vivek Sharma UCSD Physics Quiz 2 : Wild Wild West got a Bit

Physics 2D Lecture Slides Oct 13 Vivek Sharma UCSD Physics Quiz 2 : Wild Wild West got a Bit too wild 50m/s MadBull x ScarFace In the old west, a sheriff riding on a train traveling 50m/s sees a shootout between two bandits standing on

280 views • 24 slides
Wild Atlantic Way Update 2016 Presented by Suzanne Trehy Client Services Manager The Wild

Wild Atlantic Way Update 2016 Presented by Suzanne Trehy Client Services Manager The Wild

Wild Atlantic Way Update 2016 Presented by Suzanne Trehy Client Services Manager The Wild Atlantic Way what and why? Where Land Meets Sea Wild Atlantic Way Vision To create a world class, sustainable and un-missable experience brand

500 views • 34 slides
Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The

Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The

Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The College of William and Mary Passwords The most common online authentication method Something you know instead of something you have (hardware

559 views • 29 slides
Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet Research team @ 2 Passwords are a problem 71% of accounts are guarded by password used on multiple 62% of breaches involved the use of

1.19k views • 63 slides
Medicine As dreams are the healing songs from the wilderness of our unconscious-- So wild

Medicine As dreams are the healing songs from the wilderness of our unconscious-- So wild

Medicine As dreams are the healing songs from the wilderness of our unconscious-- So wild animals, wild plants, wild landscapes are the healing dreams from the deep singing mind of the earth. --Dale Pendell, Living with Barbarians Design

1.15k views • 36 slides
Recap: Question 1 If passwords are strings starting with an uppercase letter and ending in a

Recap: Question 1 If passwords are strings starting with an uppercase letter and ending in a

Recap: Question 1 If passwords are strings starting with an uppercase letter and ending in a single digit and characters in between may be either letters or numbers, how many passwords of length 4 are there? CS200 - Grammars 1 Recap: Question

691 views • 26 slides

More recommend