CIT-508 Linux Security

Password Cracking
[Applying Linux Tools]

Prepared By:
Ali Al Kaf | Talal Al Ismail
Abstract
This research will discuss some of the techniques used in password cracking. As
we know most of people use passwords as first line of defense, which mean passwords
need to be strong and unbreakable. However, this study will show some tools that used
in cracking passwords like John the Ripper, some back track tools to crack ZIP and RAR
file passwords. Moreover, many of the Password Cracking tools are readily available
from the Internet and can be downloaded for free. Our conclusion, given the heightened
risk of cyber-attacks today, users should also change their passwords every thirty days
or so.

Introduction
In today’s world of security with the huge development in technology, password
security is one of the priorities for all authentication-based protected systems, as we
know most of people and organization they depend on password to secure there
important data, files, emails and even when they want to login to a computer in home or
office you need user name and password. In addition, most of computer users have more
than one account in different things like online banking account, email account, and any
online transaction like buying or selling need some kind of security, which is a password
from this we can understand that passwords are really important thing to secure and it
should have a really strong mechanism to insure using passwords are useful and secure
in the same time. However, there are many type of password encryption like md5 in
Linux systems and (DES) windows.

Moreover, in most of the operating systems there is a password generator, which

will create an encrypted form of the password you have entered. Most password
generators will use some form of cryptography a simple definition of cryptography,
which give you brief summary of what is “Cryptography is defined as “the science and
study of secret writing”, concerns the ways in which communications and data can be
encoded to prevent disclosure of their contents through eavesdropping or message
interception, using codes, ciphers, and other methods, so that only certain people can
see the real message.” Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-
Rights & Cyber-Libert ies (UK)(Criminal Justice Studies of the Law Faculty of University
of Leeds, Leeds LS2 9JT). In addition, there are two kinds of cryptosystems: symmetric
and asymmetric. Symmetric cryptosystems use the same key to encrypt and decrypt a
message, and asymmetric cryptosystems use one key (the public key) to encrypt a
message and a different key (the private key) to decrypt it. Asymmetric cryptosystems
are also called public key cryptosystems (PGP).

On the other hand, this report will show some kind of password cracking
techniques, there is no standard formula for cracking a password, and different methods
used depending on the types of passwords you want to crack. However, there are four
main categories for password cranking. First, brute-force password crack involves
trying every possible password combination until you find the one that works. Although
this concept seems simple enough, it can be quite difficult. Second, dictionary attack is
usually the fastest way to break into a machine. A dictionary file (a text file full of
dictionary words) is loaded into a cracking application, which is run against user
accounts located by the application. Third, Hybrid attack another well-known form of
attack is the hybrid attack. A hybrid attack will add numbers or symbols to the search
words to successfully crack a password. Many people change their passwords by simply
adding a number to the end of their current password. Therefore, this type of attack is
the most versatile; while it takes longer than a standard dictionary attack it does not
take as long as a brute force attack. Finally, the entire password attacking techniques
needs time to give a result sometimes they take from minutes to weeks or more
depending on the length of the password and the encrypting type.

However, password hacking does not depend just on software but also on people
because when computer users put weak passwords they make themselves as a good
target for hackers, encryption is really good technique but it depends on the length of
the password and what it contain, which mean people should have an idea about weak
and strong passwords to avoid being victims of password cracking.

Related work
Prior to starting the work, as a group we gathered all the information that would
provide us with help and specified the tools to be used in this research. Among the
different distributions of LINUX two of them have been selected BT4 and Fedora 13.
After that, we downloaded and installed all the previously mentioned tools and
operating systems. Finally, it was really necessary to learn how to use these tools and
experience with it.

Problem and proposed solution

Weak passwords are passwords that are guessable, crack-able or vulnerable to

pre-computational attacks. Typically, weak password choices are those that are obvious
to or determinable by other people – family or pet names for example. These are easy
for users to remember, but because of that, they are also easy for unauthorized users to
determine. Weak passwords make it very easy for hackers to gain access to an account
and could lead to substantial financial loss and identity theft. To avoid being a victim of a
weak password, create a strong password with at least 8 characters and containing a
combination of upper case and lower case letters as well as numbers or symbols. Do not
use all letters or all numbers, and do not use a dictionary word in any language or a
permutation of such. Avoid using your name, account name, common names of people or
places, technical jargon, repeating sequences and keyboard sequences. Also, do not use a
well-known phrase to generate a password. Furthermore, use some sort of encryption
and don’t open your important accounts in unknown computers like Internet cafe also
you need to change your password periodically.

Implementation and analysis

Through the whole research many cracking tools have been used and tested to get
the results that our group wanted to see. To illustrate, those tools were Cain & Abel, John
The Ripper, RarCrack, PDFCrack. As LINUX Backtrack is equipped with a lot of cracking
tools our group used this distribution along with Fedora 13.

 Cain & Abel

Cain and Abel is a password recovery tool that enables network administrators to
test network security, or home users to recover a variety of stored network passwords.
The software reports sniffing and recovery of most popular protocols, including FTP,
SMTP, POP3, HTTP, mySQL, ICQ, Telnet and others. It can also recover passwords hidden
behind asterisk (***), stored in VNC profiles, SQL Server Enterprise Manager, Remote
Desktop connections and wireless connections. Other features include LSA Secrets
Dumper, Protected Storage password revealer, network enumeration, VoIP filtering and
more.

Usage:

 Used in generating an MD5 hash. From the main interface go to Tools > Hash
Calculator and write the text you need to hash then press calculate.

 John The Ripper

John the Ripper is a fast password cracker, currently available for many flavors of
Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix
passwords. It supports several crypt(3) password hash types commonly found on Unix
systems, as well as Windows LM hashes. On top of this, many other hash types are added
with contributed patches, and some are added in John the Ripper Pro.

Usage:

 Used in cracking Unix/Linux passwords

 Used in MD5 crack

We will crack the password of the existing user account using JTR. In Fedora 13,
open the terminal and become root. After installing JTR, you need to use the unshadow
command to combine the /etc/passwd and /etc/shadow files so John can use them and
save the output file in a specific file of your choice.

# yum install john

# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/pass.db

Start cracking using this command, it will take its own time:
 # john /tmp/pass.db

To see the cracked password, enter:

#  john -show /tmp/pass.db

 MD5 Crack (JTR)

In this part, use Cain & Abel to create an MD5 hashed text and save it in a text file, and in
BT4 use JTR in decrypting the hashed file.
Usage:

 JTR used in cracking MD5 file

Open the terminal and write the following commands:

 # john
# ./john --format=raw-MD5 /root/md5.txt

 RarCrack 1

RarCrack is a program that uses brute force algorithm to find and recover the
correct password for compressed archive in .rar (WinRAR), .7z (7-Zip) and .zip (WinZip)
format in any POSIX compatible operating system.

Usage:

 Used in cracking password of .zip, .7z, and .rar files.

In order to crack a password of .zip or .rar file, create one and save it in a file of your
choice; then, use RarCrack in revealing that password. In BT4, go to K menu > privilege
escalation > password attack > offline attack > RarCrak a new terminal will appear
which allow you to try these commands.

Start cracking zip file using this command, it will take its own time:

 # ./rarcrack –type zip –treads 8 /root/test.zip

Start cracking .rar file using this command, it will take its own time:
 # ./rarcrack –type rar –treads 8 /root/test.rar

 PDFCrack

PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool

for recovering passwords and content from PDF-files. It is small, command line driven
without external dependencies. The application is Open Source (GPL).

Usage:

 Used in cracking a password protected PDF file

In order to crack a password of a protected PDF file, create one save it in a file of
your choice; then, use PDFCrack in revealing that password. In BT4, open the terminal
and install PDF crack.

 # apt-get install pafcrack

Start cracking using this command, it will take its own time:
  # pdfcrack /root/crack.pdf

Discussion

In general password cracking is not an easy thing to do, it always depends on a

lot of things like the cracking tool you are using, type of password you are cracking
its encrypted or not and the password length and content. In addition, password
cracking sometimes takes long time; it could reach to days or weeks depending on the
tool and what password you want to crack. Moreover, password cracking could be
easy if the victim was not aware of the important of password and using simple or
easy one, because, nowadays, hackers have a huge list of most popular passwords
used by computer users and it is available in the internet which made hacking
passwords more easy for them, also the tools are freely available with little research
and little background of IT anybody can start hacking passwords.

Conclusion and future work

In conclusion, this report summarizes why we want to have a strong password

and change it periodically, because as we can see with the huge development of the
technology there is development in the hacking tools, which don’t need an expert user
to use. However, securing computers in general and passwords depends on IT and
computer users, this mean you need to be aware about what happing in the technology
side and update your computer by using some sort of security in your computer. On
the other hand, user attitude is also important, if they use the most powerful and
secure system this doesn’t mean that they are not breakable and they need to always
improve and test there security.
References

1. http://office.microsoft.com/en-us/office-2003-resource-kit/important-
aspects-of-password-and-encryption-protection-HA001140311.aspx
Intro

2. Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-Rights &

Cyber-Libert ies (UK)(Criminal Just ice Studies of the Law Faculty of
University of Leeds, Leeds LS2 9JT)

3. http://www.sans.org/reading_room/whitepapers/tools/password-
cracking-l0phtcrack-30_957

4. http://s2.ist.psu.edu/ist451/451-Lab1_s06.pdf

5. http://www.mydigitallife.info/2009/01/06/how-to-recover-rar-7z-and-
zip-password-with-rarcrack-in-linux/

6. http://pdfcrack.sourceforge.net/

7. www.oxid.it/cain.html

8. http://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-
ripper/