1
00:00:00,860 --> 00:00:07,460
‫Password hashes are one of the most important findings of the penetration tests we have seen how to

2
00:00:07,460 --> 00:00:09,700
‫use these hashes without cracking.

3
00:00:10,220 --> 00:00:11,870
‫Remember the pass the hash lecture's.

4
00:00:12,850 --> 00:00:20,260
‫All other mechanisms except in EM or element authentication, we need to crack the passwords to be able

5
00:00:20,260 --> 00:00:20,830
‫to use them.

6
00:00:22,640 --> 00:00:28,940
‫Password cracking is the process of recovering passwords from data that have been stored in or transmitted

7
00:00:28,940 --> 00:00:36,410
‫by a computer system, a common approaches try to guess repeatedly for the password and check them against

8
00:00:36,410 --> 00:00:38,870
‫an available cryptographic hash of the password.

9
00:00:40,490 --> 00:00:44,660
‫But we can talk about three basic types of password cracking here.

10
00:00:45,720 --> 00:00:51,990
‫There's, of course, one that everybody knows, brute force attacks, they work by calculating every

11
00:00:51,990 --> 00:00:56,780
‫possible combination that could make up a password and testing it to see if it's the right one.

12
00:00:57,890 --> 00:01:04,910
‫As a password's length increases, the amount of time to find the correct password increases exponentially.

13
00:01:06,060 --> 00:01:12,450
‫As you see, the possibility to find a password using a brute force attack is theoretically 100 percent,

14
00:01:13,290 --> 00:01:19,500
‫but cracking the password can take many years depending on the password complexity.

15
00:01:20,680 --> 00:01:27,940
‫To make the possible values set smaller, it's probably better to use this method if we know something

16
00:01:27,940 --> 00:01:32,290
‫which will reduce the number of tribes such as the length of the password.

17
00:01:33,990 --> 00:01:42,330
‫Now, since users tend to use known words in dictionary attack, we can use previously prepared dictionaries

18
00:01:42,510 --> 00:01:43,830
‫to find the passwords.

19
00:01:44,380 --> 00:01:51,300
‫It's the smarter method as opposed to the brute force attacks and reduce the number of TREIS dramatically.

20
00:01:55,090 --> 00:02:01,420
‫But in this case, finding the password is not guarantee you can find the password only if it's not

21
00:02:01,420 --> 00:02:02,520
‫complicated enough.

22
00:02:03,750 --> 00:02:09,780
‫And of course, it's a good approach to prepare sector specific or company specific dictionaries to

23
00:02:09,780 --> 00:02:10,920
‫increase the chances.

24
00:02:12,550 --> 00:02:20,320
‫A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific

25
00:02:20,320 --> 00:02:21,670
‫to a given hash algorithm.

26
00:02:22,920 --> 00:02:29,610
‫The password cracker compares the rainbow tables pre compiled list of potential hashes to hashed passwords

27
00:02:29,610 --> 00:02:30,360
‫in the database.

28
00:02:31,490 --> 00:02:37,520
‫The Rainbow Table associates plaintext possibilities with each of those hashes which the attacker can

29
00:02:37,520 --> 00:02:44,420
‫then exploit to access the network as an authenticated user, rainbow tables make password cracking

30
00:02:44,420 --> 00:02:46,220
‫much faster than the earlier method.

31
00:02:47,040 --> 00:02:53,010
‫Such as brute force cracking and dictionary attacks, depending on the particular software, rainbow

32
00:02:53,010 --> 00:02:58,830
‫tables can be used to crack 14 character alphanumeric passwords in about 160 seconds.

33
00:02:59,610 --> 00:03:04,350
‫However, the approach uses a lot of RAM due to the large amount of data and such a table.