password cracking and Key logger
Download as PPTX, PDF4 likes2,958 views
This document discusses password cracking and keyloggers. It defines passwords and describes different types of password attacks like dictionary attacks and brute force attacks. It also lists popular password cracking tools. The document also defines keyloggers and discusses how they can be used legitimately for monitoring or illegally to steal sensitive information. It provides examples of hardware and software keyloggers and describes some methods of preventing keylogger infections like using antivirus software and alternative keyboards.
![What is Password
• String of characters for authentication and log
on computer, web application , software, Files
, network , Mobile phones, and your life
• Comprises:
[a-zA-z, 0-9, symbols , space]](https://image.slidesharecdn.com/cyber-161019183435/85/password-cracking-and-Key-logger-5-320.jpg)
![Password Cracking Depends on
Attacker's strengths
Attacker's computing resources
Attacker's knowledge
Attacker's mode of access [physical or online]
Strength of the passwords
How often you change your passwords?
How close are the old and new passwords?
How long is your password?
Have you used every possible combination: alphabets, numbers and special characters?
How common are your letters, words, numbers or combination?
Have you used strings followed by numbers or vice versa, instead of mixing them
randomly?](https://image.slidesharecdn.com/cyber-161019183435/85/password-cracking-and-Key-logger-16-320.jpg)
password cracking and Key logger
- 2. Prepared By: • 1. Dabhi Pragnesh M. (140760109005) Guided By:- Prof. Richa Mali
- 3. Index Password cracking Key logger and spyware
- 4. Password Cracking : • What is Password? • Password Cracking Concepts • Types of Password Attacks • Application Software Password Cracking • Hardening the password
- 5. What is Password • String of characters for authentication and log on computer, web application , software, Files , network , Mobile phones, and your life • Comprises: [a-zA-z, 0-9, symbols , space]
- 6. Password Characteristics • No short length • No birthday or phone number, real name , company name • Don’t use complete words or Shakespeare quotes ▫ Example: ▫ Hello123: Weak ▫ @(H311l0)@: Strong ▫ Easy to remember, hard to guess
- 7. Password Security • Don’t use your old passwords • Don’t use working or private email for every website registration such as games, news,….etc.
- 8. Password Cracking Concept • guessing or recovering a password • unauthorized access • To recover a forgotten password • A Penetration testing step ( e.g. Network and Applications)
- 9. Type of Password Attacks Dictionary Attack Brute Force Attack Rainbow table attack Phishing Social Engineering Malware Offline cracking Guess
- 10. Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin . (Using Guessing Techniques)
- 11. Password Cracking Types: (Phishing)
- 12. Password Cracking Types:(Social Engineering) sometimes very lazy genius non-IT Geeks can guess or find out your password
- 13. Password Cracking Tools Brutus Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking. RainbowCrack Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version Wfuzz Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection Cain and Able *** Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator, John the Ripper Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker THC Hydra Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc) Medusa AirCrack-NG WEP and WPA-PSK keys cracking, faster than other WEP cracker tools OphCrack L0phtCrack
- 14. Password Cracking Types:(Offline Cracking) We have enough time to break the password Usually take place for big data Or very strong and complicated password After attack Forensics investigation
- 15. Password Hardening Techniques or technologies which put attacker, cracker or any other malicious user in difficulties Brings password policy Increase the level of web,network , application and physical access of to the company or organization. Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc All the Security solution just make it more difficulte. Harder but possible
- 16. Password Cracking Depends on Attacker's strengths Attacker's computing resources Attacker's knowledge Attacker's mode of access [physical or online] Strength of the passwords How often you change your passwords? How close are the old and new passwords? How long is your password? Have you used every possible combination: alphabets, numbers and special characters? How common are your letters, words, numbers or combination? Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
- 17. Key logger and spyware Define Key logger Hardware Examples Software Examples Prevention
- 18. What is Keylogging? Keystroke logging A program or hardware device that captures every key depression on the computer Used to monitor employee performance Used to seal private information
- 19. Malicious Uses… Besides being used for legitimate purposes, keyloggers can be hardware installed to a computer or software that is used to collect sensitive information. The types of sensitive information include: Usernames & Passwords Credit Card Numbers Person Information such as Name, Address, etc.
- 20. Keylogging Hardware... These small devices connect directly on the end of a keyboard to the port on the computer and look rather unassuming. At a later time the person who installed the keylogger can come back to retrieve it. They are easily removed. Source: http://epic.org/privacy/dv/keylogger_hw.gif
- 21. Software… There are hundreds of keylogger programs available over the internet for download. There are three ways for an attacker to install the software on an unsuspecting computer. 1. Install it from a compact disc or floppy disk. 2. Package the software as a computer virus or trojan horse. 3. Gain access to the computer over a network and install surveillance software remotely.
- 22. Viruses… A simple search of a virus encyclopedia shows 500 examples of keylogging malware.
- 23. Prevention… There are several ways to prevent Keyloggers: • Anti-Virus/Spyware & Firewalls • Automatic Form Fillers • Alternative Keyboard Layouts • On screen Keyboards
- 24. Anti-Virus/Spyware & Firewalls... As with any Virus or Spyware you should make sure that you have up-to-date protection. Anti-Virus: Make sure its running and using the latest virus definitions. Anti-Spyware: Same as your Anti-Virus Software, update regularly. Firewall: Make sure its active. It’s the first line of defense from online intrusions.
- 25. AutoForm Fillers… A common feature of Web Browsers including Internet Explorer and Firefox. Works against keyloggers but vulnerable to other security breaches.
- 26. Alternative Keyboard Layout... Alternative keyboards make captured keystrokes look like nonsense You can customize your own board with Microsoft Keyboard Layout Creator
- 27. On Screen Keyboards... Software based keyboards are not very effective. Clicks are converted back to keystrokes.
- 28. On Screen Keyboards... Web-based Keyboards offer more protection and are often found in online games.
- 29. Summary... Key Loggers record keystrokes: • Legitimate use: Monitor employee productivity • Illegal uses: Steal passwords, usernames, and other personal/corporate data There are ways to protect yourself: • Be aware of what’s installed on your computer • Use caution when surfing the internet • Keep your computer’s security software updated
Editor's Notes
- #12: Using Fake pages or application
- #19: Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others. Source: Wikipedia
- #20: People who install keyloggers are interested in your information. Once they have it they can steal your identity and ruin your credit which can then take years and money in order to clear your name. People may also install these devices for commercial espionage to steal a company’s plans for a new product.
- #21: Because your keyboard plugs in the back of your machine, a device like this can go unnoticed for a long time and can even look like they belong there. The only obstacle for the person installing the hardware is getting access to your computer. Depending whether or not the computer is in a public place it could be rather easy.
- #22: Installing from a disk is the hardest way for an attacker to install the software, like with the hardware, they have to have physical contact with a users machine.
- #23: Installing a Keylogger via virus or trojan horse is an effective and easy way to deliver the program. It could be installed and running on your computer without you even knowing.
- #25: Most computers come with demo’s of Anti-Virus software and allow you to purchase a license for a full version. Free protection is also available for download, such as AVG Free. Most come with an automatic update feature to keep you current. As with Anti-Virus Software you can buy or download free versions of Ant-Spyware, sometimes called Anti-Malware. Free utilities include Windows Defender and Ad-Aware. A firewall's basic task is to control traffic between computer networks with different zones of trust. Windows comes with a firewall utility and others, such as ZoneAlarm, can be downloaded for free. Firewalls keep intruders out.
- #26: Internet Explorer and other web browser come with the option to complete forms, usernames and passwords automatically. Although this is good at preventing keyloggers from viewing your information, there are other ways people can access information stored by the autoform feature.
- #27: Because most keyloggers expect you to be using the standard keyboard, using an alternative layout will make the data any keylogger intercepts as gibberish, unless they can convert it.
- #28: Software not 100% effective because most of these programs convert the mouse click into a keyboard event message that must be sent to the external target program to type text, like the version that comes with Windows XP.
- #29: Web-based on-screen keyboards may provide some degree of protection. The game Maple Story uses a 4-digit Pin Code secured by both on-screen keyboard entry and a randomly changing button pattern; there is no real way to get the latter information without logging the screen and mouse movements; another MMORPG called RuneScape makes a similar system available for players to protect their in-game bank accounts with. Source: Wikipedia