Professional Documents
Culture Documents
INTRODUCTION
In the digital age, password security is a critical part of cybersecurity. Passwords are used to
safeguard personal, financial, and sensitive information, making them one of the first lines of
defense against unauthorized access. This report explores the definition and importance of
password security, addressing the various aspects and considerations that come into play in
ensuring the protection of data.
The primary goal of password security is to protect access to a system, application, or account.
Passwords are a fundamental part of authentication, which is the process of verifying the
identity of a user or entity trying to access a resource. Passwords serve as a barrier that should
only allow authorized individuals to gain access, while keeping unauthorized users or potential
attackers out.
i. Only authorized users can access a system or account: Passwords are used to verify that
the person entering the password is the legitimate account holder or an authorized user.
ii. Confidential information stays confidential: Passwords help protect sensitive data and
information stored within an account or system from unauthorized access.
iii. System integrity is maintained: Passwords are essential for supporting the integrity of a
system by preventing unauthorized changes or misuse.
1.2 The history of password security
Early Days (1960s): In the early days of computing, there were no standardized password
security systems. Users often did not have passwords, or they were simply used for basic access
control.
Unix Passwords (1970s): The introduction of Unix in the 1970s brought about one of the
earliest password security systems. Passwords were hashed using the DES (Data Encryption
Standard) algorithm and stored in the /etc/passwd file.
Salting (1980s-1990s): To enhance security, the concept of "salting" passwords was introduced.
A unique random value (the salt) was added to each user's password before hashing, making it
more difficult to precompute attacks.
Password Policies (2000s): Organizations started implementing password policies that required
users to create stronger passwords, including a mix of letters, numbers, and special characters,
and to change them regularly.
● Brute Force Attacks: In the early days, attackers used simple brute force methods,
trying every combination of characters until they found the correct password.
● Rainbow Tables (2000s): To crack hashed passwords more quickly, attackers started
using rainbow tables. These precomputed tables allowed for the rapid lookup of hash
values to find corresponding plaintext passwords.
● GPU Acceleration (2010s): With the rise of powerful GPUs (Graphics Processing
Units), attackers could perform many more hashing operations per second, making
password cracking faster and more efficient.
Using Weak Passwords: Many users still choose easily guessable passwords like "password,"
"123456," or "qwerty." These are among the first passwords that attackers try.
Using Common Words: Using familiar words, phrases, or patterns like "football," "iloveyou,"
or "123456789" is a common mistake. Attackers often use dictionary attacks to crack such
passwords.
Lack of Complexity: Passwords without a mix of uppercase letters, lowercase letters, numbers,
and special characters are vulnerable. Simple passwords like "abcdef" can be easily guessed.
Short Passwords: Short passwords supply fewer combinations, making them easier to crack. A
password like "abc12" is far less secure than "Abc123$."
Personal Information: Avoid using easily obtainable personal information like your name,
birthdate, or the name of a family member or pet. This information is often available on social
media.
Reusing Passwords: Using the same password for multiple accounts is risky. If one account is
compromised, all linked accounts become vulnerable.
Not Updating Passwords: Not changing passwords regularly can be problematic, especially if
a data breach occurs and your password is exposed.
Default or Simple Passwords: Not changing default passwords on devices or accounts, like
"admin" or "password," is a significant security mistake.
Data Breaches: Weak passwords make it easier for attackers to gain unauthorized access to
your accounts. In the case of a data breach, your personal information, financial data, and more
can be exposed.
Identity Theft: Weak passwords can lead to identity theft, where an attacker uses your personal
information to commit fraudulent activities, open accounts in your name, or impersonate you
online.
Account Hijacking: Attackers can hijack your accounts, lock you out, and misuse your account
for malicious purposes or financial gain.
Financial Loss: Weak passwords on financial accounts can lead to unauthorized transactions
and financial losses. This is especially critical for online banking and payment accounts.
Privacy Invasion: Email accounts often hold sensitive and confidential information. Weak
email passwords can lead to privacy invasions and unauthorized access to your correspondence.
Spam and Phishing: Weak passwords can lead to email and social media account takeovers,
which can be used for sending spam, phishing messages, and other malicious activities.
A password policy is a set of rules designed to enhance computer security by encouraging users
to employ strong passwords and use them properly. A password policy is often part of an
organization's official regulations and may be taught as part of security awareness training.
Either the password policy is merely advisory, or the computer systems force users to comply
with it
Minimum Length: Set a minimum password length to ensure that passwords are not too short.
A common recommendation is a minimum of 8-12 characters.
Complexity Rules: Require a mix of character types, including uppercase letters, lowercase
letters, numbers, and special characters (e.g.! @, #, $).
No Common Words: Implement checks to prevent the use of frequently used words, phrases,
and patterns. This helps protect against dictionary attacks.
No Personal Information: Forbid the use of easily obtainable personal information like names,
birthdays, or family members' names.
No Password Reuse: Enforce a policy that prevents users from using the same password for
multiple accounts. This reduces the risk of credential reuse attacks.
Password History: Maintain a password history to prevent users from changing their password
to a previously used one.
Password Change Frequency: Set the frequency at which users must change their passwords,
considering the sensitivity of the data or system.
Password Lockout: Implement a policy that locks out a user after a certain number of failed
logins attempts to prevent brute force attacks.
Account Recovery: Ensure users have a way to recover their account if they forget their
password, but this should involve additional security measures, like email verification or
security questions.
Two-Factor Authentication (2FA): Encourage or require the use of 2FA. If users have 2FA
enabled, they have an additional layer of security, even if their password is compromised.
Hashing: The most common method for storing passwords is to hash them. A hash function
takes the plaintext password and transforms it into a fixed-length string of characters. Common
hashing algorithms include bcrypt, scrypt, MD5 and SHA-256.
Salting: To enhance security, a unique random value called a "salt" is generated for each user.
The salt is then combined with the password before hashing. Salting ensures that even if two
users have the same password, their hashed values will be different.
Key Derivation: Many services use key derivation functions (KDFs) to hash passwords. KDFs
are specifically designed to be computationally intensive and slow, making it more difficult for
attackers to crack passwords using brute force or dictionary attacks.
Encryption: Some services may choose to encrypt passwords rather than hashing them. While
encryption provides an additional layer of protection, it can be less secure if the encryption key
is compromised.
Salting: Adding a unique salt to each user's password before hashing prevents attackers from
using precomputed tables like rainbow tables, as they would need to compute the hash for each
salt individually.
With password salting, a random piece of data is added to the password before it runs through
the hashing algorithm, making it unique and harder to crack.
When using both hashing and salting, even if two users choose the same password, salting adds
random characters to each password when the users enter them. As a result, completely
different hashes are generated to prevent the passwords and accounts from being compromised.
Division Method.
Mid Square Method.
Folding Method.
Multiplication Method.
1. Division Method:
This is the most simple and easiest method to generate a hash value. The hash function divides
the value k by M and then uses the remainder obtained.
Formula:
h(K) = k mod M
Here,
k is the key value, and
M is the size of the hash table.
It is best suited that M is a prime number as that can make sure the keys are more uniformly
distributed. The hash function is dependent upon the remainder of a division .
Example:
k = 12345
M = 95
h(12345) = 12345 mod 95
= 90
k = 1276
M = 11
h(1276) = 1276 mod 11
=0
2. Mid Square Method:
The mid-square method is a particularly good hashing method. It involves two steps to compute
the hash value-
Square the value of the key k i.e., k2
Extract the middle r digits as the hash value.
Formula:
h(K) = h (k x k)
Here,
k is the key value.
k = 60
k x k = 60 x 60
= 3600
h(60) = 60
Here,
s is obtained by adding the parts of the key k
Example:
k = 12345
k1 = 12, k2 = 34, k3 = 5
s = k1 + k2 + k3
= 12 + 34 + 5
= 51
h(K) = 51
4. Multiplication Method
This method involves the following steps:
Choose a constant value A such that 0 < A < 1.
Multiply the key value with A.
Extract the fractional part of kA.
Multiply the result of the above step by the size of the hash table i.e. M.
The resulting hash value is obtained by taking the floor of the result obtained in step 4.
Formula:
h(K) = floor (M (kA mod 1))
Here,
M is the size of the hash table.
k is the key value.
A is a constant value.
Example:
k = 12345
A = 0.357840
M = 100
MD5 (Message Digest 5): MD5 is a widely used cryptographic hash function that
produces a 128-bit hash value. It is fast and efficient but is no longer recommended for
security purposes due to known vulnerabilities. The basic idea behind MD5 is to take an
input message of any length, and produce a fixed-length output, known as the hash value
or message digest
SHA-3: SHA-3 is the latest member of the SHA family and was selected as the winner of
the NIST hash function competition in 2012. It is designed to be faster and more secure
than SHA-2 and produces hash values of 224, 256, 384, and 512 bits.
The purpose of this project report is to provide a comprehensive analysis and understanding of
the techniques and methodologies utilized in password cracking and to assess the effectiveness
of cracking various password hash values using the tool John the Ripper
The report of the mini project is divided into five chapters as follows:
CHAPTER V - A summary of the findings and conclusions drawn from the project, along with
recommendations for improving password security and mitigating the risk of password
cracking.
CHAPTER – II
LITERATURE REVIEW
2.1 Introduction
The purpose of this chapter is to review the existing literature on various password cracking
techniques. Passwords are widely used for user authentication in various applications, making
the security of passwords a critical concern. Understanding the different approaches used by
attackers to crack passwords is essential to develop effective countermeasures. This chapter
provides an overview of the different password cracking techniques and their strengths and
weaknesses.
John the Ripper: An Examination and Analysis on the Popular Hash Cracking
Algorithm: Kaden Marchetti, Paul Bodily (2022)
This paper discusses the evolving landscape of hash cracking in recent years, with a focus on
the tool "John the Ripper." It highlights the increased use of industry encryption standards,
salting, and timeouts as countermeasures against hash cracking. The paper also acknowledges
that John the Ripper is a powerful open-source hash cracking tool, utilized by both
cybercriminals and security specialists.
The research aims to address questions regarding the viability and effectiveness of John the
Ripper as a hash cracking tool. To answer these questions, the research conducted three
experiments, each with varying results.
1. John the Ripper's Customization: The tool struggles as a brute force attacker without
complex customization, indicating that it may not be as effective when trying to crack
passwords using this approach.
In conclusion, the research suggests that John the Ripper is a formidable tool for cracking
passwords, particularly when used as a dictionary attacker against common and easily guessable
passwords. However, it faces challenges as a brute force attacker without substantial
customization. The study underscores the importance of cybersecurity and hash cracking
algorithms in addressing these challenges.
The paper explores the most widely used password cracking methods, including phishing,
malware, social engineering, brute force attacks, and dictionary attacks. These methods have
continued to evolve with advancements in technology. Notably, the paper examines the impact
of Graphics Processing Units (GPUs) on brute force and dictionary attacks, which has
significantly accelerated the password cracking process.
The paper addresses the consequences of password cracking, emphasizing the losses incurred
due to successful attacks. Password cracking techniques are employed for various nefarious
purposes, and the paper delves into the motivations behind these attacks.
The discussion also touches on the limitations of using hashing to store passwords and may
involve the examination of specific algorithms like the "link guard algorithm" and the "Ben
Clark algorithm."
In summary, the paper provides an overview of the changing landscape of password security,
the evolution of password cracking methods, the impact of GPUs, and the consequences of
password
cracking. It highlights the ongoing need for strong authentication methods and the importance of
staying ahead of evolving threats in the digital security space.
The paper highlights the prevalent issue of poor password practices among users, even among
professionals, and the risks associated with these habits. Users often opt for easily remembered
passwords, neglecting security concerns. Common bad practices include using weak passwords,
reusing passwords across multiple accounts, and sharing passwords without considering
security implications.
The paper underscores the need for comprehensive user education regarding password security.
Changing users' behaviors and instilling a better understanding of the importance of strong,
unique passwords is crucial. By addressing these issues, organizations and individuals can
significantly enhance their overall cybersecurity posture and protect against potential breaches.
This paper addresses the challenge of password security, where users often choose easily
remembered but weak passwords. In response, attackers use password cracking tools like
hashcat and John the Ripper to efficiently guess and match these weak passwords through
various techniques. However, recent research has shown that machine learning models can
potentially outperform traditional cracking tools in terms of success rate by creating more
sophisticated password models.
To enhance the performance of password cracking tools, this paper proposes a new approach.
The research involves a systematic and thorough analysis of different cracking strategies and
suggests a combination of techniques that can be trained and tested using a dataset comprising
over 700 million real passwords.
Ethical Considerations: The techniques and methods developed in this study are general and
repeatable, providing a benchmark for future research on password guessing. However, ethical
constraints are acknowledged and adhered to in the research.
In summary, this paper highlights the ongoing challenge of weak passwords chosen by users
and the efficiency of password cracking tools. It presents a novel approach that significantly
improves the success rate of these tools, thereby emphasizing their continued relevance in the
field of password security and providing a valuable benchmark for future research.
This paper addresses the enduring relevance of passwords as a digital authentication method,
despite the emergence of alternative authentication methods over the past 50 years. Passwords
remain intricately connected to their creators, making them a valuable target for advanced
techniques used in password cracking. These techniques often rely on large datasets of human-
created passwords.
Recent research has highlighted the significance of the context in which users select their
passwords. This context can play a crucial role in the password selection process, especially for
specific users or groups. However, there is a lack of automated approaches that can extract and
utilize contextual information during the password cracking process.
The paper introduces a methodology and framework designed to create custom dictionary word
lists for dictionary-based password cracking attacks. The primary focus is on leveraging
contextual information encountered during a criminal investigation. The framework's
implementation is detailed, and the paper demonstrates the benefits of this approach using test
cases.
Key contributions and findings of this research include:
2. User-Centered Approach: Recognizing the strong connection between users and their
passwords, this research emphasizes the influence of context on password selection.
3. Contextual Password Cracking: The paper introduces a framework that enables the
extraction and utilization of contextual information during the password cracking process.
5. Demonstrated Benefits: Test cases are used to illustrate the advantages and benefits of the
proposed approach.
In summary, the paper contributes to the ongoing discussion about the significance of
passwords in authentication. It highlights the potential of leveraging contextual information in
password cracking and offers a methodology and framework to achieve this goal. This research
is especially relevant in the context of criminal investigations where targeting specific users or
groups may require a deeper understanding of their password selection habits.
This paper underscores the vital role of passwords in safeguarding the privacy and security of
users and organizations. Passwords serve as the primary means of protecting several types of
critical data, making their security a paramount concern in today's digital landscape. To enhance
password security, cryptographic hashing functions are widely employed.
This study delves into the importance of cryptographic hash functions in the context of
password security and explores the various techniques and best practices associated with
password protection, including the use of salts, peppers, and different hashing algorithms.
Cryptography plays a vital role in enhancing password security and data protection, making it a
crucial field for understanding and research.
This study delves into the security of encrypted RAR (Roshal Archive) archives, and the
various methods employed for their decryption. RAR archives are widely used for compressing
data and securing it with a password before transferring it over networks. The research focused
on testing the effectiveness of brute force and dictionary attacks on password protected RAR3
and RAR5 archives, using datasets containing randomly generated and real-world user
passwords.
1. Brute Force and Dictionary Attacks: The study attempted to decrypt password protected
RAR archives using both brute force and dictionary attacks, which are common techniques used
by attackers.
3. Partial Success with Real-World Passwords: Brute force attacks partially succeeded in
cracking RAR archives protected with real-world user passwords, while dictionary attacks were
notably more successful.
4. Comparison of RAR3 and RAR5: The success rates and processing times for RAR3 and
RAR5 archives were found to be similar. This indicates that the newer RAR5 format does not
significantly enhance data security.
5. Recommendation for Improved Security: The study suggests that increasing the security
of RAR archives is achievable by using longer passwords that resemble randomly generated
data and are not commonly found in dictionaries.
In summary, the research underscores the importance of strong and unique passwords for
securing RAR archives effectively. While RAR archives with randomly generated passwords
were highly resistant to attacks, those protected with real-world passwords were more
vulnerable. This highlights the significance of user behavior and password choice in data
security. Additionally, the findings suggest that the newer RAR5 format does not enhance data
security compared to RAR3.
This paper addresses the persistent use of single passwords as a means of authentication,
leading to increased efforts by system administrators to encourage users to select stronger and
safer passwords. Simultaneously, adversaries have adopted more sophist icated password
cracking methods. The paper emphasizes the need to assess and measure the quality of input
wordlists used in password cracking.
1. Password Security Landscape: The paper highlights the enduring reliance on single
passwords for authentication and the resulting challenges for administrators and attackers.
Password cracking involves various techniques and tools that are employed to reveal or guess
the password of a system or account. These methodologies can be broadly classified into three
categories: offline attacks, online attacks, and social engineering.
Offline attacks involve the analysis of password hashes obtained from a system or database.
Techniques like brute-force attacks, dictionary attacks, and rainbow table attacks are commonly
employed in this method. Brute-force attacks involve systematically trying every possible
combination of characters until the correct password is found. Dictionary attacks leverage pre-
existing lists of commonly used passwords or words and attempt to match them with the
password hash. Rainbow table attacks use precomputed tables that map password hashes to
their plaintext values, thus allowing for faster password retrieval.
Online attacks involve directly accessing the target system or account and trying various
passwords until the correct one is found. This approach is typically used when the system
allows multiple login attempts without locking out the user. Online attacks include methods
such as login guessing, shoulder surfing (observing the target user's password entry), and
keystroke logging.
There are five main types of password cracking techniques: Dictionary attack, Brute Force
attack, Hybrid attack, Rainbow tables attack and social engineering attack.
1. Dictionary Attack:
- In a dictionary attack, hackers use a wordlist, often containing commonly used
passwords, to attempt to gain access to a system.
- The wordlist typically includes passwords sourced from various public lists and is easily
accessible online.
- "rockyou.txt" is a common example of a widely used wordlist.
3. Hybrid Attack:
- A hybrid attack combines elements of both dictionary and brute force attacks.
- It involves using a list of possible passwords, similar to a dictionary attack, and then
attempting all possible combinations using the passwords from the list, resembling a brute force
attack.
- Hybrid attacks can be computationally intensive, particularly if the list of possible
passwords is extensive.
Network Analyzer:
Network analyzers are instruments that enable hackers to observe and intercept data packets
transmitted across a network and extract plaintext passwords contained within them.
This kind of attack necessitates the deployment of malware or physical access to a network
switch, but it can yield significant results. It does not hinge on exploiting system vulnerabilities
or network flaws, making it applicable to a wide range of internal networks. It is also typical to
employ network analyzers as an initial step in an attack, often followed by brute force attacks.
Mask attack:
A mask attack reduces the workload of a brute force attack by including part of the password a
hacker already knows in the attack. If a hacker knows your password has 10 characters, for
example, they can filter the attack for passwords of only that length.
Mask attacks can filter by specific words, numbers within a certain range, special characters the
user prefers, or any other password characteristics the hacker is confident about. If any of your
data is leaked, it makes you more vulnerable to a full-on breach
Spidering:
Spidering is when hackers crawl a company's social media accounts, marketing campaigns, or
other corporate material to gather a word list for a brute force or dictionary attack. Spidering can
become social engineering when hackers infiltrate businesses for physical handbooks and
training manuals full of keywords.
Shoulder surfing
Shoulder surfing is a social engineering technique of spying over someone's shoulder as they
enter login details. Shoulder surfing is a common way to discover ATM PINs, which is why
most people are wary of their surroundings while taking out money.
But hackers can also shoulder surf your email for password cracking intel or watch your
keystrokes as you tap away at an internet cafe.
Password guessing
When all else fails, cybercriminals can collaborate as an effective password-guessing collective.
A hacker hivemind is far superior to a single human’s powers of memory. In today’s global
network, it takes only a few clicks and a little know-how to get details on any internet user. And
with modern password cracking tools and tech at their fingertips, it’s only a matter of time
before a patient password guesser cracks an unsecure password.
These password cracking techniques are part of the arsenal used by malicious actors to
compromise security and gain unauthorized access to systems and data. Security measures and
user awareness are essential in mitigating the risks associated with these techniques.
Instead, authentication systems store a password hash, which is generated by subjecting the
password and a randomly generated value known as a salt to a hash function. Hash functions are
engineered to be one-way, making it extremely challenging to deduce the original input from a
given output. Furthermore, hash functions are deterministic, meaning that the same input always
yields the same output. Therefore, comparing the stored password hash with the hash of the
password provided by a user is nearly as effective as comparing the actual passwords
themselves.
Password cracking involves the process of recovering passwords from their corresponding
password hashes.
John the Ripper is a slow password cracker - initially, it was meant for UNIX. However, with
time, it became more versatile, and now it is implementable on windows, OpenVMS and MAC
OS. Its primary purpose is to detect weak Unix passwords. This tool is available for free and
supports both Brute Force and dictionary attacks. It is a time-consuming password cracking
tool.
ii. THC Hydra
THC Hydra is a password cracking tool that can perform extremely fast dictionary attacks
against more than fifty protocols like HTTP, HTTPS, FTP, etc. It is a fast and stable Network
Login Hacking Tool which uses a dictionary or brute-force attacks to try various password and
login combinations on a login page. This tool was developed by Van Hauser and is easily
available online at GitHub where all its newest releases are frequently updated. It is a fast and
flexible password cracker.
Rainbow Crack is a hash cracker tool that makes use of a large-scale time-memory trade-off. A
common Brute Force attack tries every possible plaintext one by one, which is time consuming
for complex passwords, but this tool uses a time memory trade-off to do an advance cracking
time computation and store results in “rainbow tables.” Password crackers take a long time to
precompute tables, but this tool is hundreds of times faster than a Brute Force once it finishes
the precomputation. This attack generates all possible plaintexts and calculates the
corresponding hashes. Then it compares the calculates hashes with the hash to be decrypted.
when the hashes match each other, the plaintext is found. It is available for Windows, Linux
operating systems and runs on both command line and user interfaces. It also supports
computing on a multicore processor.
Cain and Abel is a password recovery tool exclusive to windows. It allows easy recovery of
various kinds of passwords by sniffing the network; cracking encrypted passwords using
Dictionary, Brute-Force, Cryptanalysis attacks and network packet sniffing. It relies on an IP to
MAC address resolver, ARP spoofing, and LSA secret dumper. It is used for WEP cracking,
and it provides us with a facility to record VoIP. It speeds up the packet capture speed by
wireless packet injection.
v. Medusa
Medusa is a password cracking tool which can be used in Linux and MAC OS X operating
systems. This tool focuses on cracking passwords by Brute Force attack. It can perform rapid
attacks against a large number of protocols, for example, TELNET, HTTP, HTTPS, databases,
and SMB. It uses a thread based parallel testing, which can be used on multiple hosts at once.
This tool has different modules, and each is available as an independent file.
vi. Hashcat:
An immensely powerful free cracking tool for Windows, OSX, and Linux. It features a rule
based attack system and multi-threading for very fast performance. Hashcat supports a long
range of hashes and can perform the attack in numerous ways such as dictionary and brute-
force.
vii. Ophcrack
It is a free open-source program that cracks Windows log-in passwords by using LM hashes
through rainbow tables. The program includes the ability to import the hashes from a variety of
formats, including dumping directly from the SAM files of Windows. On most computers,
ophcrack can crack most passwords within a few minutes.
CHAPTER - IV
PROPOSED SYSTEM
The purpose of this project is to implement a Dictionary Attack using John the Ripper to
crack password hashes obtained from a website’s database using sqlmap. The open-source
password security assessment and password recovery tool known as "John the Ripper" is an offline
password cracking tool. It is compatible with a wide range of operating systems. It can be used to
work with user passwords on Unix-based systems like Linux, Solaris, AIX, QNX, as well as
macOS, Windows, web applications such as WordPress, groupware systems like Notes/Domino,
and various database servers including SQL and LDAP. Additionally, John the Ripper jumbo
version extends its support to capture network traffic data (e.g., Windows network authentication
and WiFi WPA-PSK), decrypt encrypted private keys (such as SSH, GnuPG, and cryptocurrency
wallets), handle various file systems and disk encryption methods (e.g., macOS.dmg files,
Windows BitLocker), unpack archives (ZIP, RAR, 7z), and even crack passwords for document
files like PDFs and Microsoft Office documents, among many other supported applications and
formats. This is just a glimpse of its extensive capabilities, as it supports numerous more scenarios
and formats.
Dictionary attacks are effective because many computer users and organizations often opt for
easily guessable passwords composed of common words. They are less likely to succeed against
systems that use multi-word passwords or passwords with a combination of uppercase and
lowercase letters and numbers in random sequences.
In cases where systems enforce robust password requirements, a brute-force attack, which tests
every possible character combination and space up to a maximum length, may occasionally work.
However, brute-force attacks can be time-consuming and may not yield results quickly.
4.2.1 Significance of Dictionary Attacks:
Efficiency: Dictionary attacks are efficient because they don't involve generating every possible
combination of characters, which would be extremely time-consuming and resource-intensive
Real-World Relevance: Passwords chosen by many users are often weak and predictable, such as
common words, phrases, or easily guessable patterns.
Speed: Since dictionary attacks only involve testing a finite list of possibilities, they are relatively
fast compared to other methods like brute force attacks, which systematically generate every
possible combination of characters.
Customization: Attackers can customize their wordlists to target specific users, industries, or
applications.
1. Acquire a Wordlist: The first step is to obtain a wordlist. This wordlist typically contains
common words, phrases, and character combinations. It may include words from dictionaries,
previously leaked passwords, common phrases, and variations of words with character
substitutions (e.g., "password" as "p@ssw0rd").
2. Select the Target: The attacker identifies the target system, network, or account they want to
access. They may gather information about the target, such as usernames and any clues that could
help guess the password.
3. Attempt Passwords: The attacker then starts the attack by systematically trying each word or
phrase from the wordlist as the password for the target account. They may also apply rules or
modifications to the words, such as adding numbers, symbols, or changing the letter case.
4. Check for Success: After each attempt, the attacker checks whether the attempted password is
correct by comparing it to the stored or hashed password on the target system. If a match is found,
the attacker gains access to the account or system.
5. Repeat: The process continues until the attacker successfully guesses the password or exhausts
the entire wordlist without success. If the attack is unsuccessful, the attacker may try different
wordlists or employ additional techniques, such as hybrid attacks or brute force, to increase their
chances of success.
6. Maintain Anonymity: To avoid detection, attackers often use techniques to hide their identity
and location, such as routing their attacks through proxy servers or using anonymous networks like
Tor.
7. Log and Analyze: Successful attacks may yield valuable data, such as sensitive information or
access to the target system. Attackers may log this information for further exploitation or analyze
the results for weaknesses in the system's password security.
It's important to note that dictionary attacks are most effective when users have weak, easily
guessable passwords. To defend against dictionary attacks, users and organizations are advised to
use strong, unique passwords that include a combination of letters, numbers, and special
characters, and to implement other security measures like account lockout policies and multi-factor
authentication (MFA) to protect against unauthorized access.
John the Ripper, often simply referred to as "John," is a widely used and highly effective password
cracking tool. It is designed to help security professionals, penetration testers, and system
administrators assess the strength of passwords and improve overall security by identifying weak
or easily guessable passwords. John the Ripper is known for its versatility and speed in cracking
password hashes.
Here are some key features and aspects of John the Ripper:
1. Password Hash Cracking: John the Ripper primarily focuses on cracking password hashes. It
supports a variety of hash algorithms commonly used in password storage, including MD5,
SHA-1, SHA-256, bcrypt, and more. This allows it to work with password databases from a wide
range of applications and operating systems.
2. Wordlist and Rule-Based Attacks: John the Ripper utilizes various attack modes to crack
passwords. It can perform dictionary attacks, where it tries each word in a wordlist against the
hashes, and it also supports rule-based attacks that modify words and try different combinations to
improve the chances of success.
3. Dynamic and Custom Rules: Users can define their own custom rules to generate password
candidates. This flexibility allows for fine-tuning attacks based on specific knowledge about the
target audience and their password-creation habits.
4. GPU Acceleration: John the Ripper can take advantage of GPU (Graphics Processing Unit)
acceleration, which significantly increases the speed of password cracking, especially when
dealing with a large number of hashes.
5. Community-Developed Versions: There are multiple versions of John the Ripper developed by
the community, such as "John the Ripper Jumbo" and "community-enhanced John the Ripper."
These versions include additional features and support for more hash types.
6. Support for Multiple Platforms: John the Ripper is available for various platforms, including
Linux, Windows, macOS, and more. It can be run on a wide range of systems.
7. Password Policy Assessment: John the Ripper can help assess password policies by revealing
common patterns and weaknesses in password choices. This information can be valuable for
improving security practices.
8. Salts and Unsalted Hashes: John the Ripper supports cracking both salted and unsalted password
hashes. Salting is a common practice to enhance security, and John can handle various salted hash
types.
John the Ripper has a long history and continues to be actively maintained by the security
community. It remains a valuable tool for testing and enhancing password security in various
environments.
4.3.1 John the Ripper Process Flow
John the Ripper is a powerful open-source password cracking tool used to crack various types of
password hashes. Its workflow involves several key steps, and here's a high-level overview of the
process flow when using John the Ripper:
1. Data Gathering:
- Gather the hashed passwords: Obtain the hashed password files from the target system or
database. These files contain hashed representations of user passwords.
3. Configuration:
- Configure John the Ripper: Specify the target hashing algorithm, hash type, and any additional
options based on the characteristics of the hashed passwords and your objectives.
4. Password Cracking:
- Execute the password cracking process: Run John the Ripper with the configured settings,
providing the hashed password file and the wordlist. John the Ripper will systematically test each
word or phrase from the wordlist against the hashed passwords using the selected algorithm.
6. Cracking Success:
- When John the Ripper successfully matches a hashed password with a word from the wordlist,
it will display the cracked password. The time it takes to crack passwords depends on various
factors, including the complexity of the passwords and the computing power available.
8. Password Recovery:
- Once the passwords are cracked, the attacker can use the recovered passwords to gain
unauthorized access to user accounts, systems, or encrypted data.
9. Post-Processing and Persistence:
- Attackers may use additional tools or techniques to maintain access to the compromised
systems or perform further actions, such as privilege escalation or data exfiltration.
4.4 SQLMAP
sqlmap is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers.
1) Wordlist Generation
To get started, open up a terminal. Crunch is already installed and ready to go on Kali, so
you can just run it.
Vim /etc/john/john.conf
● Vim is the text editor through which we will be adding rules
● etc/john/john.conf is the location of the file that contains settings and options that can be
customized
[List.Rules: Customrule]
● List.Rules is a section header in the configuration file, defining a specific rule set. It's a way
to organize and manage different rule sets.
● Customrule is the name or identifier for the specific rule that was created
● cAz “[0-9]” means capitalize the first letter and add a number suffix.
● cAz “[£!$@#]” means to capitalize the first letter and add a character.
● Az is to take the root word and affix something to the end
1) Starting mysql
docker run --rm -it -p 80:80 vulnerables/web
● -T users specifies the target database table for which you want to enumerate the
columns. In this case, it is looking for columns in a table named "users."
● --batch option tells SQLMap to run in batch mode, which means it will automatically
choose default options for the scan without prompting you for further input. This can
be useful for automating scans.
Fig
1.17 Command line to get the dump
Ssqlmap -u “URL” --cookie=“cookies” -D dvwa -T users -C user, password, first_name,
last_name
● -D dvwa specifies the name of the database you want to target. In this case, it's
targeting a database named "dvwa."
● -T users specifies the name of the database table you want to target. It's looking for a
table named "users."
As shown above we have obtained the data of the user, password, first name and last name from
the table “users”
9) Store the hash values in a text file
1) Hash Identifier
Fig 1.20 Command to identify the format of the obtained hash value
hash-identifier
This command will help us identify the format of the hash value that was just obtained from
sqlmap dump. Different hash formats may require different amounts of computing resources and
time to crack. By knowing the format, you can allocate your computing resources more efficiently.
Above, we have a simple MD5 hash will be much faster to crack than a bcrypt hash, so we can
prioritize our cracking efforts accordingly.
2) Navigate to Desktop in the terminal and start password cracking using John the ripper
Fig 1.21 Navigating through the desktop and starting password cracking
cd Destop
It is short for "change directory." It's a command used in various operating systems and
command-line interfaces (like Windows Command Prompt, Linux shell) to navigate and change
the current directory.
● --wordlist=rockyou.txt is specifying the wordlist or dictionary file being used for the
dictionary attack. "rockyou.txt" is a common wordlist that contains a large number of
passwords and is often used in password cracking.
● --rules=Customrule suggests that we want to apply custom rules during the password
cracking process. Custom rules can be used to manipulate the words in the wordlist to
generate additional password variations.
● obtainedhashes.txt is the name of the file containing the password hashes you want to
crack
4) Logging in to dvwa using the obtained username and cracked password
Fig 1.23 Logging in using the obtained username and cracked password
Fig 1.25 Successful Login using the obtained username and password
CHAPTER - V
RESULTS AND DISCUSSION
5.1 Result
As a result, employing these two techniques, it becomes evident that password hashes can be
readily uncovered using these tools. Thus, there's a compelling need to employ them for enhancing
the security of different file passwords as well as with a high level of confidentiality.
1. Successful Password Recoveries: The dictionary attack using John the Ripper was able to
recover a significant number of passwords from the target password file. These passwords were
obtained by matching entries in the dictionary (wordlist) with the hashed passwords in the file.
2. Password Complexity: The effectiveness of the attack varied depending on the complexity of the
passwords in the target file. Simple and commonly used passwords were more likely to be
recovered, while complex and unique passwords were less susceptible to dictionary attacks.
3. Time and Resources: The time taken to execute the dictionary attack depended on the size of the
wordlist, the computational resources available, and the number of hashes to crack. Longer and
more complex passwords required significantly more time to recover.
1. Success Rate: The success rate of the dictionary attack was notable, particularly for passwords
that were weak, short, and commonly used. Many users tend to choose easily guessable passwords,
making them vulnerable to such attacks.
2. Limitations: The attack had limitations in recovering passwords with high complexity, including
a mix of upper and lower case letters, numbers, and special characters. These complex passwords
are less likely to be found in standard dictionary wordlists.
3. Rule-Based Attacks: To enhance the effectiveness of dictionary attacks, rule-based attacks can
be applied. These rules modify words from the wordlist to generate variations, potentially
improving the success rate for more complex passwords.
5.4 Implications for Password Security:
1. Weak Passwords are Vulnerable: The results of the dictionary attack highlight the vulnerability
of weak passwords. Users who choose easily guessable passwords, such as "password" or
"123456," are at a high risk of having their accounts compromised.
2. Password Policies are Vital: Organizations and online services must implement and enforce
robust password policies. These policies should encourage users to create strong, unique passwords
with a mix of character types and regular password changes.
3. Password Length Matters: Password length is a significant factor in password security. Longer
passwords are more resilient to dictionary attacks, as they are less likely to be found in wordlists.
4. Multi-Factor Authentication (MFA): To mitigate the risks associated with password cracking,
the implementation of multi-factor authentication is crucial. MFA adds an extra layer of security by
requiring users to provide additional forms of verification beyond a password.
5. User Education: User awareness and education play a vital role in improving password security.
Users should be informed about the risks of weak passwords and guided on creating and managing
strong, unique passwords.
6. Regular Password Changes: While regular password changes are important, organizations
should balance this requirement with other security measures, as frequent password changes can
lead to weaker passwords.
The findings of the dictionary attack underscore the importance of robust password security
measures. Weak passwords are highly susceptible to attacks, and organizations and users must take
steps to strengthen password security, including the use of strong, complex passwords, regular
password changes, and the adoption of multi-factor authentication to protect against
password-based attacks.
PREVENTIONS
● Do not share your password with anyone while accessing your files.
● Avoid installing apps that have the "unknown resources enabled" option.
● Be vigilant and refrain from clicking on random links. Never download unwanted APK files
from unknown sources.
● Create passwords that include a combination of numbers, letters, and symbols for enhanced
security.
CHAPTER - VI
CONCLUSION
In conclusion, the John the Ripper framework is a powerful tool for assessing password security
and can be valuable in evaluating the vulnerabilities of password-protected files and remote
workstations. In light of the growing need for addressing system and file vulnerabilities, it offers
significant insights into these vulnerabilities and the associated risks. The framework encompasses
a wide array of tools and techniques, which can be combined in various ways to perform over 900
distinct attacks, thereby enhancing the overall understanding of the security landscape. According
to the project that was done, it is surprisingly easy to crack passwords that do not follow password
policies.