Free Essay

Csec 610

In:

Submitted By alifarissi
Words 1638
Pages 7
Running Head: Lab Assignment: Password Cracking Using Cain and Abel

Lab Assignment 1: Password Cracking Using Cain

University of Maryland University College
Fall 2015

Lab Report

Provided below is a table of the different generated user accounts and their accompanied passwords, along with the methodology used to crack each and either the time it took to reveal the password or estimated time provided by Cain and Abel to generate a successful solution. NTLM HASH | | Brute Force | Dictionary Attack | User 1 | No result, due to estimated time > 4yrs | Password cracked in < 1min | UUser 2 | No result, due to estimated time > 4yrs | Password cracked in < 1min | UUser 3 | No result, due to estimated time > 4yrs | No result. Estimated Time > 3hrs. |
Table1: NTLM password cracking results

LM HASH | | Brute Force | Dictionary Attack | User 1 | Password cracked in < 3min | Password cracked in < 2 min | User 2 | Password cracked in < 3min | Password cracked in < 1min | User 3 | No result, estimated time >3hrs | No result, I stopped it after 5 min. |
Table2: LM password cracking results

1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why?
A dictionary attack uses a file containing words, phrases, common passwords, and other strings that are likely to be used as a password. Each word in the file is hashed, and its hash is compared to the password hash. If they match, that word is the password. These dictionary files are constructed by extracting words from large bodies of text, and even from real databases of passwords. A brute-force attack tries every possible combination of characters up to a given length. These attacks are very computationally expensive, and are usually the least efficient in terms of hashes cracked per processor time, but they will always eventually find the password.
When it comes to effectiveness, brute force attack’s time to complete is greater, but there is greater coverage of likely cleartext value. On other side, the execution time of dictionary attack is reduced because the number of combinations is restricted to those on the dictionary list. Brute force attack will discover the password; however, it could take very long to try all possible combinations. I will start with the dictionary attack and if it fails I will move to the brute force attack.
However, for this exercise, the Dictionary attack using NTLM was the quickest to reveal the entire password – nearly half the time when compared to the LM method. 2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords each encrypted by the two hash algorithms. What conclusions can you make after using these two methods?

Provided below is a table of the different generated user accounts and their passwords, along with the methods used to crack each account with time it took to discover the password. | User1_cyber | User2_cyber4 | User3_C$ber$% | Dictionary NTLM | YesTime< 1min | YesTime< 1min | NoTime> 5min | Brute Force NTLM | NoTime> 4 yrs | NoTime> 4 yrs | NoTime> 4 yrs | Dictionary LM | YesTime< 2min | YesTime<2min | NoTime> 5min | Brute force LM | YesTime<3min | YesTime< 3min | NoTime~3hrs |
Table3: Cain & Abel Password Cracking Results
With respect to all methods used, the Dictionary method with the NTLM hash was the most successful based on the amount of time required to generate a solution – this method revealed all passwords and was the quickest path to success. The least effective method was estimated to be the Brute Force attack with the NTLM hash. Both Brute Force attacks did not reveal the password in a reasonable amount of time and the estimates, based on Cain and Abel projections, were measured in years. I can conclude that the Brute Force attack was the least effective type of attack in this exercise and the Dictionary attack was more successful. However, it appeared that the LM method would’ve been more effective via Brute Force based on displayed projections, whereas, the NTLM hash method was more effective within the Dictionary attack.
In light of the outcomes from this lab, the Dictionary attack utilizing LM or the NTLM hashes may be an effective strategy for uncovering user passwords on more established Windows frameworks with powerless security approaches set up. Moreover, from the point of view of a person protecting frameworks, using password authentication protocols LM and NTLM, are inclined to abuse and in this manner strong password generation rules and more current security protocols ought to be utilized to secure a system. 3. Research another algorithm used to store passwords that were not discussed here. (Include references in APA format.)
In the laboratory experiment, both the LM and NTLM algorithms were featured to show case vulnerabilities. There are other algorithms available for password encryption besides the aforementioned LM and NTLM hashes, including SHA-224, RIPEMD-320,and MD5. Specifically, MD5 was published in 1992 under RFC 1321 and as of 2008 is no longer considered secure as the United States government states that, “it should be considered cryptographically broken and unsuitable for further use” (Vulnerability,2008). Collision vulnerabilities were published in 1996, the practical ability demonstrated in 2004, and in 2005 the vulnerability was demonstrated which finally rendered this methodology obsolete (Vulnerability, 2008). As of March 15, 2006 federal agencies recommend using he SHA-2 family of hash functions “for all applications using secure hash algorithms” (NIST, 2005).
References:
NIST’s Policy on hash functions. (2005, April 15). National Institute of Standards and Technology Information Technology Laboratory (NIST). Retrieved September 26, 2015 from http://csrc.nist.gov/groups/ST/hash/policy.html
Vulnerability note VU#836068: MD5 vulnerable to collision attacks. (2008, December 30).US-CERT (United States Computer Emergency Readiness Team). Retrieved September 26, 2015 from http://www.kb.cert.org/vuls/id/836068 4. Research another password recovery software program and provide a thorough discussion of it. Compare and contrast it to Cain and Abel. (Include references in APA format.)
There are a variety of windows password recovery tools: Ophcrack, LCP, Johnthe Ripper, ntbf, lmpf, Rainbow Crack, and Mdcrack.
Ophcrack is fast and easy to use even for a user with basic Windows skills. It works well with Windows 7/Vista/XP and does not require any installation. The only downside of this tool is that you need to download the Live CD ISO and it doesn't support Active Directory password recovery for domain controllers. Ophcrack cracks Windows passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes (Fisher, 2015). It is called time-memory tradeoff cracker because it relies on precomputed hash tables already in memory, so by sacrificing the memory, the password cracking time is drastically decreased (Rogers, 2005).
Unlike Ophcrack and other popular Windows password recovery programs, Cain & Abel requires access to Windows under an administrator account. In fact, Cain & Abel is a bit more complicated to use than other password recovery tools which is usually unavailable for Windows Vista as is said. If you have no way of getting in to your Windows PC, you will not be able to use Cain & Abel to recover Windows password. Moreover, before you can use Cain & Abel, you'll need to download a rainbow table. These large databases of passwords are required so Cain & Abel can reset the forgotten windows password.
References:
Tim Fisher, Free Windows Password Recovery. Retrieved September 26, 2015. http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm
Rogers, R. (2005). Network security evaluation using the NSA IEM. Rockland, MA: Syngress. 5. Anti-virus software detects Cain and Able as malware. Do you feel that Cain and Able is malware? Why or why not?
Several different anti-virus and malware sniffing software packages recognize Can and Abel as malware because of the potential harm that it can cause. Much like most security applications on the market, they can be used to test vulnerabilities and expose them to IT system administrators. However, this same tool, in the hands of a black hat security expert can be used for nefarious purposes. Consider them as dual use applications and depending on the person and intent, it can be used legally to expose security flaws or illegally to exploit security weaknesses.
I would surmise that most security specialists see this program as a terrible thing to have on the system, since nobody, outside of selected inner IT experts inside of an organization, ought to have entry to or utilize this application. In this way, on the off chance that someone inside the network was found to have this tool or utilizing it, this would be viewed as a security breach. In the event that the network administrator is utilizing this application on a month to month premise to test for shortcomings, they would be working it as a white hat and are utilizing the instrument as it was proposed. as it was intended. Ultimately, it should be revealed in an anti-virus search and the network administrator should know, based on the machine it is loaded on, if Cain and Abel is planned for damage or security testing. At last, if the right security conventions are set up and upheld, Cain and Abel is simply an approach to guarantee great security practices are held fast to. In the event that Cain and Abel uncover security openings inside of the system, it can be accepted that somebody, with access and means, can see the same gaps that a security expert can see when utilizing it.

Similar Documents

Premium Essay

Csec 610

...------------------------------------------------- VULNERABILITES FACTING IT MANAGERS TODAY ------------------------------------------------- “THE HUMAN FACTOR” Alicia M. Frazier Abstract This paper will identify and give the proper knowledge about the single most important vulnerability that IT managers face today. It will provide significant evidence about reasons why it is the most vulnerable, its impacts on a organization, and how an organization can best address its potential impacts. “As human beings, we are vulnerable to confusing the unprecedented with the improbable. In our everyday experience, if something has never happened before, we are generally safe in assuming it is not going to happen in the future, but the exceptions can kill you and climate change is one of those exceptions”. -Al Gore What is Vulnerability? When you think of the word vulnerability what comes to mind? Although, definitions of Vulnerability may vary, Vacca (2013) defines the term as “an asset or a group of assets that can be exploited by one or more threats”. In the cyberworld vulnerability can be described as a weakness in a computer hardware or software, which could possibly become exploited. Most would consider vulnerability, as a threat as the approach in which vulnerability can be exploited through a potential cause of an incident. Today, processes and technology alone can’t assure a secure organizational...

Words: 2316 - Pages: 10

Free Essay

Csec 610 Lab One

...1) Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? For the assignment we utilized Cain & Abel password recovery tool for Microsoft Operating Systems. For this lab assignment we utilized Brute Force NT LAN Manager (NTUM) and LAN Manager (LM) and Dictionary NTLM and LM hashes. (Features overview, n.d.) Brute Force is a password cracking -technique that tries every combination of numeric, alphanumeric, and special characters until the password is broken or the user is locked out. Dictionary is a technique that runs a given password against each of the words in a dictionary (file of words) until a match is found or the end of the dictionary is reached. (p. 13) Cain and Abel couples Brute Force and Dictionary with LM and NTLM hash. Based on my lab experience, my assessment is that the Dictionary NTLM Manager is the better of the processes. The table below reveals that Dictionary NTLM delivered more favorable results over LM because this process uncovered the passwords in the shortest amount of time and recovered the passwords in their entirety. Table | Brute Force LM | Brute Force NTLM | Dictionary LM | Dictionary NTLM | User1 | No password, 6-8 hours | No password, estimated time 10 years | yes, 75 seconds | yes, 40 | User2 | No password, 6-8 hours | No password, estimated time 10 years | yes, 30 | yes, 25 | User3 | No password, 6-8 hours...

Words: 971 - Pages: 4

Free Essay

Csec 610 Lab 1

...1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? Answer: The two different types of attacks that can be performed in Cain and Abel are Brute Force attack and a Dictionary attack. The Brute Force attack is a method of breaking a cipher in a word through every possible key. The extent of breaking the password depends greatly on the length of the password. Within the program Cain and Abel, Brute Force will look at all possible combinations of characters within the password to try and recover or crack the password than the dictionary attack. Brute Force cracking can take forever to find the password but it will eventually lead to a password being cracked (Ducklin, 2013). Dictionary attacks, also known as wordlist attacks, is a simple and more efficient way to crack passwords. Many people tend to use words listed in the dictionary for passwords. The program uses multiple dictionaries as well as technical and foreign language dictionaries as support to enable the cipher to be cracked. The downside to this type of password cracking is that if a word contains complex symbols, uppercase, lowercase, and numbers that are not in the dictionary, then the dictionary attack can be beat (Gibson, 2011). With working with Cain and Abel in class, I felt that the dictionary attack was more efficient in finding the password due to real life scenarios where individuals set passwords...

Words: 1190 - Pages: 5

Free Essay

Csec 610 Final Exam

...University of Maryland University College Final Exam Question 1 a) If I were to engineer a product that could be used to spy on users, the first thing I would install would be a rootkit. A rootkit is a clandestine kind of software that is designed to conceal that fact that an operating system has been compromised. They ultimately allow viruses and malware to hide from usual methods of detection, and permits continued privileged access to a computer. Rootkits allow for full control over a system, which means that existing software can be modified including detection software. Rootkit detection is difficult because a rootkit is activated before the operating system boots up and is able to subvert the software intended to find it (Vacca, 2013, pp. 53-54). The next step would then be to install spyware and use the rootkit to disguise it as necessary files that anti-spyware software will overlook. Once a user purchases this product and it is connected, off-site agents will be able to start collecting files and data and have the ability to access and control the infected devices. b) As a technology procurer for an organization, it is very important to do your research on your vendors. The legitimacy of the vendor needs to be verified and their workforce, production lines and supply chains need to be checked to ensure they have appropriate security measures and monitoring in place to safeguard against malicious activity. A security vulnerabilities assessment needs to be...

Words: 5301 - Pages: 22

Free Essay

Csec 610 Lab Question 1

...Lab Assignment 1 Questions 1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? Cain and Abel is a MS operating password recovery instrument made for administrators and security professionals. Brute Force and Dictionary attacks through LM via Lan Manager and NTLM via NT LAN Manager hashes were used in the following assignment. Brute Force attack “is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies” (Rouse, 2006). This method is considered time consuming because it goes through all possible combinations of characters. Dictionary attack “is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password” (Rouse, 2005). In addition Cain and Abel has the ability to use Cryptanalysis attacks to break passwords, it is considered the fastest [time memory trade off method], being faster than brute force attacks while also not needing as much memory as dictionary attacks (Gates, 2006). During the lab assignment I found that Dictionary attack with NTLM was the most effective. It allows the user to select more search options like reverse, lowercase and uppercase…etc. It was the fastest method in cracking the passwords...

Words: 957 - Pages: 4

Free Essay

Evidence Based Paper

...that influence police conceptualizations of girls involved in prostitution in six U.S. cities and if the children are sexual exploitation victims or delinquents. It explains that sexually exploited children are vulnerable to this type of abuse. It explains that sexual exploitation of children (CSEC) as one of the most destructive forms of child abuse. It explains the international sexual trafficking of women and children. It includes data on the amount of women and children that are being trafficked and experiencing sexual exploitation. It includes a dissertation that includes an empirical study and a quantitative study. This study is the first of its kind to describe a sample of commercially, sexually exploited children in foster care. Empirical Peer Reviewed Articles Barnitz, Laura. (2001). Effectively responding to the commercial sexual exploitation of children: A comprehensive approach to prevention, protection, and reintegration services. Child Welfare: Journal of Policy, Practice, and Program, Vol 80(5), Special issue: International Issues in Child Welfare. pp. 597-610. This peer reviewed journal explains sexual exploitation of children (CSEC) as one of the most destructive forms of child abuse. The efforts that have been made by individuals to stop the trafficking...

Words: 3767 - Pages: 16

Premium Essay

Protecting Your Network

...Protecting Your Network UMUC CSEC 610 April 16, 2015 David Gianna Introduction According to Beaver (2010), to have a secure operating systems and applications, you need to have a secure network. Devices such as routers, firewalls, and even generic hosts (including servers and workstations) must be assessed as part of the ethical hacking process. There are thousands of possible network vulnerabilities, equally as many tools, and even more testing techniques. You probably don’t have the time or resources available to test your network infrastructure systems for all possible vulnerabilities, using every tool and method imaginable. Instead, you need to focus on tests that will produce a good overall assessment of your network. Beaver (2010), also states that when you assess your company’s network infrastructure security, you need to look at as the following: * Where devices, such as firewalls or IPS, are placed on the network and how they’re configured. * What external attackers see when they perform port scans, and how they can exploit vulnerabilities in your network hosts. * Network design, such as Internet connections, remote access capabilities, layered defenses, and placement of hosts on the network. * Interaction of installed security devices, such as firewalls, IPSes, antivirus, and so on. * What protocols are in use. * Commonly attacked ports that are unprotected. * Network host configurations. * Network monitoring and maintenance...

Words: 2274 - Pages: 10

Premium Essay

Csec Individual Assignment

...CSEC 610, University of Maryland University College July 12, 2014 Cybersecurity Vulnerabilities Facing IT Managers Cybersecurity Vulnerabilities Facing IT Managers Table of Contents Introduction ………………………………………………………………………………………………………………… 3 Types of Vulnerabilities ………………………………………………………………………………………………. 5 Important Vulnerability, Impact & Solutions ……………………………………………………………….. 8 References …………………………………………………………………………………………………………………… 12 Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.). Before we get into the details let first examine what exactly...

Words: 2784 - Pages: 12

Premium Essay

Itrust Database Software Security Assessment

...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the implementation...

Words: 7637 - Pages: 31