Password attacks can be categorized into Non-Electronic Attacks, Active Online Attacks, Passive Online Attacks and Offline Attacks.A subreddit dedicated to hacking and hacking culture.
SysKey utility can also be used to configure a start-up password that must be entered to decrypt the system key so that Windows can access the SAM database. At a command prompt, type “syskey” to enable the encryption of SAM database. Microsoft offers SysKey utility to secure the SAM database by moving the SAM database encryption key off the Windows-based computer. This means that the same password could have two completely different hash values, and enhances security of system. Password salting is a technique in which a random number is generated in order to compute the hash for the password.
Thus they are easy to crack and once compromised, there exists security threat to all such accounts. Hence, if user uses same password on two different machine or two different uses same password on same machine then the corresponding hashes will be same. However, windows password authentication system does not utilize password salting technique. Microsoft has upgraded its default LM/NTLM authentication protocol to Kerberos, which provides strong authentication for client/server applications than NTLM. It allows for distinction between uppercase and lowercase letters and does not split the password into smaller, easier to crack chunks. NTLM is the Microsoft authentication protocol relies on the MD4 hashing (stronger than DES) and allows longer password lengths.
This 64 bit key is vulnerable to brute force cracking attempts. The formed new password is then split into two 7 character halves to create two DES encryption keys one from each half with a parity bit added to each. In this method, user's password is first converted into all uppercase letters and null characters are added until the length becomes 14 characters long. This mode is disabled by default for Windows Vista and Windows 7. The LM hash is older method but newer operating systems still support for backwards compatibility. Windows-based computers utilize two password hashing methods - LAN Manager (LM) and NT LAN Manager (NTLM) (MICROSOFT_A, 2018). SAM database contains encrypted/hashed passwords.
SAM database files are locked to all accounts while Windows is running, hence to copy it either export registry hive or boot target machine to other OS and copy the SAM database. All these techniques are explained in this chapter. An attacker may hide files using rootkits/steganographic techniques, hide directories, hide attributes, use alternate data streams (ADS), place backdoors, and cover tracks by modifying/deleting log files. An attacker may use rootkits during this phase to hide his presence and maintain access to the compromised hosts.
The chapter also explains the techniques used to maintain access in compromised hosts, to cover tracks/evidence, and methods to avoid detection. The chapter also introduces the tools and techniques used for escalating privileges by exploiting vulnerabilities, executing spyware/backdoor/key loggers/rootkits/trozans applications, etc.
This chapter includes a study of tools and techniques like password cracking or social engineering attacks in order to gain the access on target machines based on the information collected during the previous phases. Once access is gained, maintaining that access on compromised hosts becomes important for an attacker in order to carry out future attacks. Actual attacking starts in this phase, where an attacker will carry out password cracking/password sniffing attacks along with privilege escalation attacks to gain administrative privileges on the target host bypassing computer security. AbstractThe gaining access phase in the ethical hacking process focuses on getting access to the individual host on a network based on the information collected during previous phases.