Thursday, May 27, 2010

SECURITY





In today's world, network security has become an important issue. To hack someones account and to use it is not much difficult today with the use of advanced softwares available in the market which can hack the passwords, can crack the hashes and use them to steal the valuable information.

Various tools can be used for cracking like:-

For windows password cracking, i.e. for logging into someone's account by cracking his password, one can use the free CD available for download called ophcrack. The download link is as given here :-
http://ophcrack.sourceforge.net/download.php?type=livecd
Download the live CD and boot from it. One can easily crack the password of other's computer. It uses the rainbow tables to crack the hashes.




The CD will not work in the same manner for win Vista and XP. For cracking XP passwords download the one for XP and for the vista or win7 download the Vista one.

One can also use cain&abel to crack one's password when he is on LAN. When a computer scans the compuetrs present on the lan, then it sends its NTLM hashes with security info to the other computers . One can trap those hashes and can crack them either using the brute-force mechanism or by using the Rainbow tables. I have cracked the passwords of several computers on the LAN without ever being sitting on those pc's or using them. You can download it from http://www.oxid.it/cain.html





This method of password cracking is highly dangerous for the computers as a hacker can easily log onto the machine if its remote login is enabled as he knows the password and without even letting the others to know about it can easily steal the information. I have not shared the advanced information of cracking using cain but if someone is interested, he can contact me and i can send him the data.

Now the steps how one can neglect all these attacks:-

1. The ophlive cd uses the prebuilt rainbow tables and sometimes uses the bruteforce attack, but one can avoid this attack by including special symbols in their passwords. This CD doesn't work when the password contains special symbols as it doesn't have th rainbow tables for the same.

2. Use of long passwords, greater than or equal to "eight" also helps in denying the attackers. The figure 8 is important because if the password is less than 8 characters , then the computer stores it in the form of LM hashes, which are easy to break, but if it uses 8 or more characters, then it uses the NTLM hashes to store them which are more secure than the LM hashes.

3. For email accounts, always use strong passwords, which include special symbols, alphabets,numbers. The reason for using all these is that when using all these, the number of password combinations become very large, and to develop a rainbow table for them takes a lot of time, in months and years. So its very difficult or impossible to crack password in this case.
Use passwords like the beginning letters of a phrase or statement which is easy to remember like
odiwgjidc (one day i will get job in dream company)
now this password is not even found in dictionary and is very difficult to break.

4. Try to avoid the dictionary alphabets. They can be easily broken by bruteforce attack....

5. Change your passwords frequently and don't use same passwords for different accounts...

For more details you can view the ppt which i have uploaded and the link is provided here...
http://www.slideshare.net/rahulsharmaait/password-cracking

do give your feedback and suggestions... Hope you have liked it.....

Thank you...
Posted by TECHADDICT
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)