Lab - Exploiting Weak Cryptography

---

Scenario

In this lab, you will learn about various issues related to weak cryptography. As a cybersecurity analyst, you need to understand how attacks and compromises occur, so you can detect the IoC (indicators of compromise) and make recommendations on mitigation strategies. Cryptographic failure can be demonstrated in a variety of ways. In this lab, you will crack Windows passwords using both a dictionary attack approach and a brute force approach. Then, you will crack WPA and WPA2 wireless network passwords.

Your cybersecurity analyst (CySA) workstation, running Kali Linux, is located in Structureality’s server subnet.

Understand your environment

You will be working from a virtual machine named KALI hosting Kali Linux connected to the vLAN_SERVERS subnet.

Perform a dictionary password crack

Password cracking demonstrates to the cybersecurity analyst just how important long and complex passwords are to a robust identity and access management (IAM) system. Even with the best password hashing algorithms in use, poor passwords can still be discovered by an adversary without much difficulty.

In this exercise, you will be using John the Ripper (JtR or john) to perform a dictionary attack against password hashes taken from MS10. This form of password crack is an offline attack as it does not involve a live/active/online authentication service. Instead, it is a direct attack against password hashes.

1. Connect to the KALI VM.

2. Open a Terminal window by selecting the Terminal Emulator from the Kali Linux toolbar. Then, maximize the Terminal window.

3. Enter cat ms10-hashes.txt to display the collected user account details and password hashes from MS10.

   • This file contains the user account details and password hashes extracted from MS10.

Notice the account with a RID of 500 (the default administrator account of Windows) has a username of admin. Also, the account with a RID of 501 is the default Guest account which is usually disabled and has a blank password by default.

4. Display a list of available dictionary password files by entering the following:

ls -lSr /usr/share/seclists/Passwords

There are numerous password lists included with Kali. You will use the xato-net-10-million-passwords.txt file as it is primarily English-focused and is one of the largest options.

A dictionary-based password crack is only able to discover passwords when the list contains an exact match to a user’s password. If the user employed a different case or a different letter, then a dictionary-list-based password cracking approach would not be successful.

5. Enter the following to initiate a dictionary attack against the hash file:

john --format=NT --wordlist=/usr/share/seclists/Passwords/xato-net-10-million-passwords.txt ms10-hashes.txt

• This command initiates John the Ripper to perform a dictionary-based password crack. The parameters used are:
  • --format sets the hash algorithm to be compromised. Here NT stands for NTLM
  • --wordlist sets the password list to use
• This attack will only take a few seconds - even with a 10 million password dictionary file.

Dictionary Attack

A dictionary attack is a form of offline password cracking as it uses stolen password hashes and does not interact with a live authentication system. A dictionary attack performs a hash of each password in the source list file and then compares the resulting hash to the target hash(es) pulled from the hash file. If a matching hash is discovered (a.k.a. hash collision), then a password has been found. If not, the next password in the list is used. Most systems can perform billions of password hashes per second. Therefore even with large dictionary lists, the attack concludes quickly.

NTLM

Microsoft’s NTLM (Windows New Technology LAN Manager) is a security protocol suite that ensures the security, integrity, and confidentiality of users’ activity by authenticating their identity. It serves as a single sign-on (SSO) tool that uses a challenge-response protocol to verify the user’s identity without the need to enter a password. Despite the existence of known weaknesses, NTLM is still commonly used, even on new systems, to guarantee compatibility with legacy clients and servers.

Notice how many of the passwords of the targeted accounts were cracked using the dictionary technique. However, there are still a few more accounts whose passwords are yet to be compromised.

6. Enter the following to display the compromised passwords along with the information from the hash source file.

john --show --format=NT ms10-hashes.txt

With the selected dictionary file, John the Ripper should have cracked 12 passwords using the dictionary password cracking method.

• Notice you still need to include the —format parameter to display the NTLM cracked password results.

7. Enter the following to save the dictionary-cracked passwords to a text file.

john --show --format=NT ms10-hashes.txt > dict-cracked.txt

8. Enter the following to display the accounts that have not yet been compromised.

john --show=left --format=NT ms10-hashes.txt

9. Leave the Terminal window open.

Perform a brute force password crack

In this exercise, you will be using John the Ripper (JtR) to perform a brute force attack against the password hashes taken from MS10. This form of password crack is also an offline attack as it does not involve a live/active/online authentication service. Instead, it is a direct attack against password hashes.

1. Connect to the KALI VM.

2. The Terminal window should still be open.

3. Enter the following to clear the history of cracked passwords. This enables you to see the operation of a brute force attack more clearly by having all target hashes available.

   • rm ~/.john/john.pot

4. Enter the following to initiate a brute force attack (known as incremental by John the Ripper) against the hashes from MS10.

john --format=NT --incremental ms10-hashes.txt

You will be prompted to “press almost any other key for status.” Press SPACEBAR to see a status update on the progress and the time elapsed.

John the Ripper Brute Force

The process of brute force attack is based on attempting all possible patterns of characters based on length. John the Ripper’s default configuration will use all standard ASCII’s 95 printable characters (i.e., positions 32 - 127 in the 7-bit ASCII table), including lowercase, uppercase, numbers, and symbols. It will also attempt potential passwords up to 13 characters in length. However, the more complex and/or longer a password, the more time is required to compromise it with this method. Brute force has the potential to discover all possible passwords, but only if given sufficient computing capability and time.

While the default mode of JtR is ASCII, this is a bit of a legacy holdover as most systems use UTF-8 as their standard character mode. UTF-8 is backward compatible with ASCII since the first 128 characters of UTF-8 are the entire ASCII 7-bit table.

As of JtR version 1.8.0, pre-defined incremental modes are “ASCII” (all 95 printable ASCII characters), “LM_ASCII” (for use on LM hashes), “Alnum” (all 62 alphanumeric characters), “Alpha” (all 52 letters), “LowerNum” (lowercase letters plus digits, for 36 total), “UpperNum” (uppercase letters plus digits, for 36 total), “LowerSpace” (lowercase letters plus space, for 27 total), “Lower” (lowercase letters), “Upper” (uppercase letters), and “Digits” (digits only). You can define custom incremental (i.e., brute force) modes.

5. You should see some quick successes for accounts with simple and short passwords. Then, several more passwords will be cracked within a minute or so.

6. Allow the attack to run for up to 5 minutes or until the renee account’s password is cracked. Once sufficient time has passed, type q to exit John the Ripper.

7. Enter the following to display the compromised passwords along with the information from the hash source file.

john --show --format=NT ms10-hashes.txt

If you allowed John the Ripper to run for a full 5 minutes, it should have compromised 10 passwords using the brute force password cracking method.

8. Enter the following to save the brute-force-cracked passwords to a text file.

john --show --format=NT ms10-hashes.txt > brute-cracked.txt

9. Enter the following to display the accounts that have not yet been compromised.

john --show=left --format=NT ms10-hashes.txt

10. Enter the following to run a brute force attack limited to a maximum password length of 6 characters.

john --format=NT --incremental --max-length=6 ms10-hashes.txt

11. Let the attack run for a few moments, then press SPACEBAR.

    • Notice the status update includes a percentage of completion and an ETA for the attack to be completed. The ETA for this operation is many hours.

12. Type q to terminate John the Ripper.

13. Enter the following to run a brute force attack limited to a maximum password length of 7 characters.

john --format=NT --incremental --max-length=7 ms10-hashes.txt

14. Press SPACEBAR.

Notice the status update includes a percentage of completion and an ETA for the attack to be completed. The ETA for this operation is a date rather than a countdown timer. The ETA will be weeks in the future. If you set max-length to 8, John no longer calculates the ETA. However, it would be several years since each additional character length expands the range of password options by a factor of the domain of character options (with the default ASCII mode, there are 95).

15. Type q to terminate John the Ripper.

Crack wireless passwords

As a cybersecurity analyst, you need to review the security of the environment regularly for new weaknesses. Some previously sufficient protections may now succumb to recent advancements in exploitations. One area where this is of concern is wireless networking. In this exercise, you will crack the password out of captured WPA network traffic. Then, you will crack the password out of captured WPA2 network traffic.

1. Connect to the KALI VM.

2. The Terminal window should still be open.

3. Read this entire step before performing it:

   1. Select the Resources tab from the lab interface’s Instructions area.
   2. On the Resources tab, select the DVD Drive pull-down list and select Student-Resources-L29.ISO.
   3. In the Kali VM, right click the DVD Drive icon on the desktop and select Mount Volume.
   4. Then, select the Instructions tab to return to the lab steps.

4. Enter cd /media/cdrom0/ to change the working directory to the folder containing the pre-captured wireless network traffic files

5. Enter ls -la to view the files in this directory. You should see several .cap files.

   • This exercise uses pre-captured wireless traffic stored in cap files since capturing actual wireless traffic in the online lab environment is not possible.

6. Enter cat /root/passwords29.txt to view the contents of a password dictionary list.

   • The file passwords29.txt is a password list created for this lab by combining several sample lists from /usr/share/seclists/Passwords/. It is positioned in the /root folder to simplify the typing of the commands without needing long directory paths.

7. Enter cat /root/passwords29.txt | wc -l to determine the number of lines (i.e., passwords) in this file.

8. Enter the following command to initiate a dictionary attack against the WPA network capture file.

aircrack-ng -w /root/passwords29.txt wpa.cap

• This operation should take less than a minute to determine the password.
• What is the WPA password discovered from the wpa.cap file?
  • Answer: ||biscotte||

The password exchange mechanism used by WPA is not secure enough for current use. While it does transmit passwords in a secure form, the protection provided by its cryptography is insufficient.

The wpa.cap file contains basic PSK authentication traffic for a WPA network.

9. Enter the following command to initiate a dictionary attack against the WPA2 PSK network capture file.

aircrack-ng -w /root/passwords29.txt wpa2-psk-linksys.cap

• This operation should take less than a minute to determine the password.
• What is the WPA password discovered from the wpa2-psk-linksys.cap file?
  • Answer: ||dictionary||

The password exchange mechanism used by WPA is not secure enough for current use. While it does transmit passwords in a secure form, the protection provided by its cryptography is insufficient.

10. Enter the following command to initiate a dictionary attack against a WPA2 PSK EAPoL network capture file.

aircrack-ng -w /root/passwords29.txt wpa2.eapol.cap

• This operation should take less than a minute to determine the password.

The eapol in the file name represents Extensible Authentication Protocol(EAP) over LAN (EAPol) which is a simple 4-way authentication handshake used by WPA2. This is usually more secure than the original PSK form of WPA/WPA2 authentication.

What is the WPA2 password discovered from the wpa2.eapol.cap file?

• Answer: ||12345678||

The password exchange mechanism used by WPA2 PSK is not secure enough for current use. While it does transmit passwords in a secure form, and it is more secure than WPA, the protection provided by its cryptography is still insufficient.

The primary concern here is that short and simple passwords can be compromised easily from both WPA and WPA2 networks, even with improved EAPol authentication in use. If you must use PSK (i.e., a static password for all) authentication, then use a long and complex password. If possible, use ENT (i.e., IEEE 802.1x) authentication, which leverages an AAA server, such as RADIUS or TACACS+, where unique multifactor authentication can be required per subject. An even more secure option is to configure wireless to use WPA3. Under WPA3, even static password authentication is more secure due to the adoption of the Simultaneous Authentication of Equals (SAE) technology. SAE defends against the password crack methods from this exercise because the password hash is not sent over the network. Instead, only one-way derived responses from an authentication challenge are transmitted over the network.

Info

The aircrack-ng suite has many tools that can be used in a wide range of wireless reconnaissance and attack scenarios. The aircrack-ng tool itself is able to crack WEP keys, WEP passwords, and WPA keys in addition to password cracking for WPA and WPA2. Since you are unlikely to encounter WEP-encrypted networks, they were excluded from this exercise.