1 00:00:00,300 --> 00:00:06,030 ‫So in the previous lecture, we couldn't crack the password of the user cyber lab, so let's try to 2 00:00:06,030 --> 00:00:12,660 ‫crack it with the brute force attack, brute force attack means a lot of time because it tries all the 3 00:00:12,660 --> 00:00:13,320 ‫possibilities. 4 00:00:14,040 --> 00:00:19,650 ‫So if you choose the correct character set, the success rate of cracking a password by brute force 5 00:00:19,650 --> 00:00:22,380 ‫attack is theoretically 100 percent. 6 00:00:23,070 --> 00:00:27,500 ‫But how long will it take if the password length is more than eight? 7 00:00:27,540 --> 00:00:34,440 ‫It will take months, years or thousands of years to try all the password possibilities for any ordinary 8 00:00:34,440 --> 00:00:34,980 ‫computer. 9 00:00:37,200 --> 00:00:42,570 ‫So as you see in the table, the L.M. password is not empty for Cyber Lab. 10 00:00:43,900 --> 00:00:51,340 ‫A tip here, the hash of an empty password starts with a D and ends with four E. 11 00:00:52,240 --> 00:00:59,200 ‫Look at the elements of the guest user, split the hash into two identical parts, you'll see two hashes 12 00:00:59,230 --> 00:01:03,370 ‫that start with add and end with four easy. 13 00:01:04,680 --> 00:01:11,970 ‫As I mentioned before, the method splits the password into two seven character passwords and then takes 14 00:01:11,970 --> 00:01:17,020 ‫the hash, which means we have to crack to seven character passwords. 15 00:01:17,370 --> 00:01:18,270 ‫Well, fair enough. 16 00:01:18,750 --> 00:01:23,790 ‫Method converts the password to all caps, so the character set is not so big. 17 00:01:24,620 --> 00:01:32,600 ‫We can crack and L.M. hash in an acceptable time interval, so right, click on the Cyber Lavalin and 18 00:01:32,600 --> 00:01:35,180 ‫brute force attack Selek L.M. HaShas. 19 00:01:36,240 --> 00:01:42,660 ‫The brute force attack window is a bit different from the dictionary attack window, as expected, no 20 00:01:42,660 --> 00:01:43,750 ‫dictionary list now. 21 00:01:44,070 --> 00:01:47,730 ‫Instead, we have a character set combo box. 22 00:01:48,600 --> 00:01:55,230 ‫The default character set are just uppercase letters and numbers, no alphanumeric characters in the 23 00:01:55,230 --> 00:01:55,590 ‫set. 24 00:01:55,840 --> 00:01:59,010 ‫So to keep the demo fast, let's just go with this set. 25 00:02:00,030 --> 00:02:06,030 ‫It says to hashas loaded, as you know, the hash value is split into two identical parts. 26 00:02:07,560 --> 00:02:14,040 ‫On the upper right hand corner, we can choose the minimum and the maximum length of the passwords for 27 00:02:14,040 --> 00:02:17,060 ‫limited max length for the password is seven. 28 00:02:17,340 --> 00:02:19,650 ‫So this configuration is perfect. 29 00:02:21,050 --> 00:02:23,510 ‫Now, I pressed the start button to start the attack. 30 00:02:25,050 --> 00:02:31,720 ‫Wow, it found the value of one of the hashes in milliseconds, so let's look at the hash file. 31 00:02:32,550 --> 00:02:34,190 ‫Yeah, it's the second part. 32 00:02:34,710 --> 00:02:37,620 ‫So that means that the password ends with Q. 33 00:02:38,590 --> 00:02:45,100 ‫I think the password of a cyber lab user is the same with the passwords of the administrator except 34 00:02:45,430 --> 00:02:46,570 ‫the dot at the end. 35 00:02:46,840 --> 00:02:47,620 ‫But we'll see. 36 00:02:48,190 --> 00:02:50,170 ‫So let's look at the key Keurig. 37 00:02:51,270 --> 00:02:54,790 ‫Cain tries more than 10 million passwords in a second. 38 00:02:55,020 --> 00:02:56,550 ‫Now, that's pretty fast. 39 00:02:57,470 --> 00:03:04,220 ‫In the time left frame, we can see that the trying all possible passwords will take about two hours 40 00:03:04,460 --> 00:03:05,990 ‫unless Cain cracks it. 41 00:03:06,500 --> 00:03:08,390 ‫So let the Cain run for a while. 42 00:03:11,400 --> 00:03:12,690 ‫All right, and we're back. 43 00:03:12,990 --> 00:03:20,700 ‫It took more than an hour and here's the result we're lucky because no alphanumeric character is in 44 00:03:20,700 --> 00:03:23,400 ‫the password and we succeeded to crack it. 45 00:03:24,290 --> 00:03:28,220 ‫The first part is one, two, three, four, QQQ.