ISSC456 Central Texas College Password Cracking Tools Discussion
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
1) Using course resources and the Internet, please explain the following Password-Cracking Tools:
a. Cain & Abel
c. John the Ripper
The world is seeing a bigger importance than ever when it comes to the passwords that people use. A password is an essential part to everyday life now as people use them to unlock their phones and even log into their personnel banking portals. With so much sensitive and valuable information being hidden with passwords, there are many kinds of tools created to break them. One of those tools is Cain & Abel, a password recovery tool created for Microsoft operating systems. It is capable of recovering multiple kinds of passwords by sniffing through a network and using different methods like dictionary and brute-force. The latest versions even have the ability to sniff on switched LAN’s with ARP Poison routing and carry out man-in-the-middle attacks. It is a user friendly GUI base that has different windows for everything from certificate spoofing to password cracking. A highly recommended tool for any IT professional. (Mohammed)
Ophcrack is one of the best options available when it comes to recovering Window’s passwords. One of the interesting points about it is how it does not require any installation in order to operate, it can function from a CD or USB drive. Simply boot the device they are being utilized on from the disk or drive containing ophcrack and it is mostly hands off. It will work its magic and provide a list of passwords to copy down. Simply restart the device and utilize the recovered passwords. It is very fast with simple passwords under 14 characters, but suggested complexity could greatly increase the time needed. Sometime anti-virus will try and target it, so you may need to turn it off. (Fisher)
John the Ripper is primarily a brute force method using dictionary attacks. After a system file has been successfully taken from a target system, John the Ripper can be run against it to decrypt the password it is utilizing by comparing it against a wordlist of the user’s choosing. As long as it is possible to acquire the hash of a target device, John the Ripper is a good option to try and get a password out of it. (Shavers)
Fisher, Tim, (2019), Lifewire, “Ophcrack v3.6.0” retrieved from https://www.lifewire.com/ophcrack-livecd-review-26…
Mohamed, Ahmed, (2018), Infosec “Password Cracking Using Cain & Abel” retrieved from https://resources.infosecinstitute.com/password-cr…
Shavers, Brett & Bair, John. ( © 2016). Hiding behind the keyboard: uncovering covert communication methods with forensic analysis. [Books24x7 version]
Cain & Abel:
Cain & Abel is a free software, this tool is a password cracking and recovery tool that is only useable on Microsoft Operating Systems. This tool allows the passwords to be discovered and cracked through network sniffing, cracking of encrypted passwords by utilizing dictionary, brute force and cryptanalysis attacks. It is also able to record VoIP conversations, trace routing protocols, decoding jumbled passwords, retrieving wireless network keys, password boxes and retrieving stored passwords.
Ophcrack is also a free and opensource software. However, unlike Cain & Abel, ophcrack is able to run on Linux/Unix, Mac OS, and Windows. This tool allows a user to crack LM and NTLM hashes, has a brute force module, has audit mode and can generate a CSV report, analyzes passwords and produces real time graphs. The part that I always like is the option to either install on a device or run as a LiveCD to work on multiple different systems. This tool also allows a user to dump and load hashes from encrypted SAM from Windows partitions. However, some cons include, antivirus software can see ophcrack as a trojan, any password that is larger 14 characters is unable to be cracked, and this tool is unable to crack any passwords on Windows 10.
John the Ripper:
Besides having an awesome name this tool is another free, opensource software, that is also available in a tailor made paid for option for a specific OS. While John the Ripper is available on Linux and Mac OS, a contributor to John the Ripper developed Hash Suite for Windows OS and Hash Suite Droid for android devices. This tool is able to detect any weak Unix passwords, and crypt password hash types. Right away this tool is able to handle Windows LM hashes, and many other types.
content, T. F. T. F. has 30+ years’ professional technology support experience H. writes troubleshooting, & Lifewire, is the G. M. of. (n.d.). Forgot Your Windows Password? Try Ophcrack! Retrieved August 5, 2019, from Lifewire website: https://www.lifewire.com/ophcrack-livecd-review-2626148
John the Ripper password cracker. (n.d.). Retrieved August 5, 2019, from https://www.openwall.com/john/
Ophcrack. (n.d.). Retrieved August 5, 2019, from http://ophcrack.sourceforge.net/
Password Cracking Using Cain & Abel. (2018, January 25). Retrieved August 5, 2019, from Infosec Resources website: https://resources.infosecinstitute.com/password-cracking-using-cain-abel/