Soumettre la recherche
Mettre en ligne
Ceh v5 module 13 web based password cracking techniques
•
3 j'aime
•
2,320 vues
Vi Tính Hoàng Nam
Suivre
Ceh v5 module 13 web based password cracking techniques
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 40
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Vi Tính Hoàng Nam
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Email phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
Mina Fawzy
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Web Security Attacks
Web Security Attacks
Sajid Hasan
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Recommandé
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Vi Tính Hoàng Nam
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Email phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
Mina Fawzy
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Web Security Attacks
Web Security Attacks
Sajid Hasan
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Spear Phishing Attacks
Spear Phishing Attacks
n|u - The Open Security Community
Cyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Network security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Different types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
PHISHING DETECTION
PHISHING DETECTION
umme ayesha
Firewall presentation
Firewall presentation
TayabaZahid
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
Assessing network security
Assessing network security
Abhinit Kumar Sharma
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Session Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
Information security awareness
Information security awareness
CAS
Network security and protocols
Network security and protocols
Online
Password cracking and brute force
Password cracking and brute force
vishalgohel12195
Email hacking
Email hacking
ShreyaBhoje
Steganography ppt
Steganography ppt
Taha Malampatti
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Email investigation
Email investigation
Animesh Shaw
Password Cracking
Password Cracking
Sina Manavi
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
Contenu connexe
Tendances
Spear Phishing Attacks
Spear Phishing Attacks
n|u - The Open Security Community
Cyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Network security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Different types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
PHISHING DETECTION
PHISHING DETECTION
umme ayesha
Firewall presentation
Firewall presentation
TayabaZahid
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
Assessing network security
Assessing network security
Abhinit Kumar Sharma
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Session Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
Information security awareness
Information security awareness
CAS
Network security and protocols
Network security and protocols
Online
Password cracking and brute force
Password cracking and brute force
vishalgohel12195
Email hacking
Email hacking
ShreyaBhoje
Steganography ppt
Steganography ppt
Taha Malampatti
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Email investigation
Email investigation
Animesh Shaw
Tendances
(20)
Spear Phishing Attacks
Spear Phishing Attacks
Cyber crime and cyber security
Cyber crime and cyber security
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Network security - OSI Security Architecture
Network security - OSI Security Architecture
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Different types of attacks in internet
Different types of attacks in internet
PHISHING DETECTION
PHISHING DETECTION
Firewall presentation
Firewall presentation
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
Assessing network security
Assessing network security
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Footprinting and reconnaissance
Footprinting and reconnaissance
Session Hijacking ppt
Session Hijacking ppt
Information security awareness
Information security awareness
Network security and protocols
Network security and protocols
Password cracking and brute force
Password cracking and brute force
Email hacking
Email hacking
Steganography ppt
Steganography ppt
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Email investigation
Email investigation
En vedette
Password Cracking
Password Cracking
Sina Manavi
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
File000139
File000139
Desmond Devendran
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Mike Barker
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
File000133
File000133
Desmond Devendran
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
Ethical Hacking
Ethical Hacking
Pallavi Sonone
password cracking and Key logger
password cracking and Key logger
Patel Mit
Password craking techniques
Password craking techniques
أحلام انصارى
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Vuz Dở Hơi
Password Attack
Password Attack
Sina Manavi
Intro to White Chapel
Intro to White Chapel
Rob Fuller
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Shweta Sharma
En vedette
(15)
Password Cracking
Password Cracking
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
File000139
File000139
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
File000133
File000133
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
Ethical Hacking
Ethical Hacking
password cracking and Key logger
password cracking and Key logger
Password craking techniques
Password craking techniques
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Password Attack
Password Attack
Intro to White Chapel
Intro to White Chapel
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Similaire à Ceh v5 module 13 web based password cracking techniques
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
Improving Password Based Security
Improving Password Based Security
Rare Input
Password hacking
Password hacking
Mr. FM
Password hacking
Password hacking
Abhay pal
Personal Internet Security System
Personal Internet Security System
Matthew Bricker
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Network Security Tools and applications
Network Security Tools and applications
webhostingguy
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
Cedar Consulting
How to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
Password Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
Ch07.ppt
Ch07.ppt
ImXaib
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
Information security & ethical hacking
Information security & ethical hacking
eiti panchkula
Network security-1195284736736860-4
Network security-1195284736736860-4
nayamat32
18 hacking
18 hacking
Sai Srinivas
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
cougarcps
Similaire à Ceh v5 module 13 web based password cracking techniques
(20)
Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Improving Password Based Security
Improving Password Based Security
Password hacking
Password hacking
Password hacking
Password hacking
Personal Internet Security System
Personal Internet Security System
Password cracking and brute force tools
Password cracking and brute force tools
Network Security Tools and applications
Network Security Tools and applications
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
How to hack or what is ethical hacking
How to hack or what is ethical hacking
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
Password Strength Policy Query
Password Strength Policy Query
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Ch07.ppt
Ch07.ppt
Password Stealing & Enhancing User Authentication Using Opass Protocol
Password Stealing & Enhancing User Authentication Using Opass Protocol
Information security & ethical hacking
Information security & ethical hacking
Network security-1195284736736860-4
Network security-1195284736736860-4
18 hacking
18 hacking
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
Plus de Vi Tính Hoàng Nam
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
Vi Tính Hoàng Nam
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Vi Tính Hoàng Nam
Catalogue 2015
Catalogue 2015
Vi Tính Hoàng Nam
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
Vi Tính Hoàng Nam
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
Vi Tính Hoàng Nam
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Vi Tính Hoàng Nam
Các loại cáp mạng
Các loại cáp mạng
Vi Tính Hoàng Nam
Catalogue 10-2014-new
Catalogue 10-2014-new
Vi Tính Hoàng Nam
Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
Camera QTX-1210
Camera QTX-1210
Vi Tính Hoàng Nam
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
Vi Tính Hoàng Nam
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
Vi Tính Hoàng Nam
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
Vi Tính Hoàng Nam
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
Vi Tính Hoàng Nam
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
Vi Tính Hoàng Nam
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
Vi Tính Hoàng Nam
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Vi Tính Hoàng Nam
Plus de Vi Tính Hoàng Nam
(20)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Catalogue 2015
Catalogue 2015
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Các loại cáp mạng
Các loại cáp mạng
Catalogue 10-2014-new
Catalogue 10-2014-new
Qtx 6404
Qtx 6404
Camera QTX-1210
Camera QTX-1210
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Dernier
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Dernier
(20)
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Ceh v5 module 13 web based password cracking techniques
1.
Module XIII Web-based Password
Cracking Techniques Ethical Hacking Version 5
2.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: • Authentication • Authentication Mechanisms • Password Cracker • Modus Operandi of an Attacker Using Password Cracker • Operation of a Password Cracker • Classification of Attacks • Password Cracking Tools • Password Cracking Countermeasures
3.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Understanding Authentication Authentication Mechanisms Password Cracker Modus Operandi of an Attacker Using Password Cracker Operating a Password Cracker Attacks - Classification Password Cracking Tools Password Cracking Countermeasures
4.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Authentication – Definition Authentication is the process of determining the user’s identity In private and public computer networks, authentication is commonly done through the use of login IDs and passwords Knowledge of the password is assumed to guarantee that the user is authentic Passwords can often be stolen, accidentally revealed, or forgotten due to inherent loopholes in this type of authentication
5.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Authentication Mechanisms HTTP Authentication • Basic Authentication • Digest Authentication Integrated Windows (NTLM) Authentication Negotiate Authentication Certificate-based Authentication Forms-based Authentication RSA Secure Token Biometrics
6.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited HTTP Authentication There are two techniques for HTTP authentication. They are: • Basic • Digest
7.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Basic Authentication It is the most basic form of authentication available to web applications It begins with a client making a request to the web server for a protected resource without any authentication credentials The limitation of this protocol is that it is wide open to eavesdropping attacks The use of 128-bit SSL encryption can thwart these attacks
8.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Digest Authentication It is designed to provide a higher level of security vis-à-vis Basic authentication It is based on the challenge- response authentication model It is a significant improvement over Basic authentication, as it does not send the user’s cleartext password over the network
9.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Integrated Windows (NTLM) Authentication It uses Microsoft’s proprietary NT LAN Manager (NTLM) authentication program over HTTP It only works with Microsoft’s Internet Explorer browser and IIS web servers Integrated Windows authentication is more suitable for intranet deployment In this type of authentication, no version of the user’s password ever crosses the wire
10.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Negotiate Authentication It is an extension of NTLM authentication It provides Kerberos-based authentication It uses a negotiation process to decide on the level of security to be used This configuration is fairly restrictive and uncommon except on corporate intranets
11.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Certificate-based Authentication It uses public key cryptography and a digital certificate to authenticate a user It is considered as an implementation of two-factor authentication. In addition to something a user knows (his password), he must authenticate with a certificate A user can be tricked into accepting a spoofed certificate or a fake certificate Very few hacking tools currently support client certificates
12.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Forms-based Authentication It does not rely on features supported by the basic web protocols like HTTP and SSL It is a highly customizable authentication mechanism that uses a form, usually composed of HTML It is the most popular authentication technique deployed on the Internet
13.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Things to Avoid in Passwords Do not add a single digit or symbol before or after a word – for example, “microsoft1" Do not double up a single word – for example, “msoftmsoft" Do not simply reverse a word – for example, “tfosorcim" Do not remove the vowels – for example, “io" Key sequences that can easily be repeated – for example, “qwerty,” “asdf,” etc. Do not garble letters – for example, converting e to 3, L or i to 1, o to 0, as in "z3r0-10v3"
14.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Changing Your Password Change your password regularly, such as once a month Change your password after you return from a trip You should also change your password whenever you suspect that somebody knows it or even that they may guess it – for example, if someone stood behind you while you typed it
15.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Examples of Bad Passwords “james8" - Based on the user’s name; also, too short. “samatha" - The name of the user’s girlfriend; easy to guess “harpo" - The user’s name (Oprah) backwards “superstitious" - Listed in a dictionary " sUperStiTIous " - Just adding random capitalization doesn't make it safe. “kadhal - Listed in a Tamil foreign language dictionary “obiwan" - Listed in word lists “spicer" - Listed in a geological dictionary "qwertyuiop" - Listed in word lists
16.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited The “Mary Had A Little Lamb” Formula Consider a phrase: “Mary had a little lamb. The lamb had white fleece.” 1. Consider the first letter of each word, i.e.: MHALLTLHWF 2. Every second letter of the abbreviation can be put in the lower case, i.e. MhAlLtLhWf 3. Replace “A” with “@” and “L” with “!”. Thus, a new alphanumeric password with more than eight characters will be formed 4. New Password: Mh@l!t!hWf
17.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How Hackers get hold of Passwords ? Steal it • Shoulder surfing – watching while you type the password • Retrieving the paper you wrote the password on Guess it • Simply guess the password • Psychologists say that most men use four-letter obscenities as passwords, and most women use the names of their boyfriends, husbands, or children A brute force attack • This is where every possible combination of letters, numbers, and symbols is used in an attempt to guess the password. While this is an extremely labor-intensive task, with fast, modern processors and software tools, this method is not to be underestimated. A Pentium 100 PC can typically try 200,000 combinations every second, which would mean that a six-character password containing just upper- and lower-case characters could be guessed in only 27½ hours A dictionary attack • Dictionaries with hundreds of thousands of words, as well as specialist, technical, and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords, such as "qwerty", and "abcdef”
18.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Windows XP: Remove Saved Passwords 1. Click Start & Select ->Run 2. Type "rundll32.exe keymgr.dll, KRShowKeyMgr“, the stored Usernames and Passwords are visible 3. Select -> any of the entries -> select Properties to view the existing information 4. Select-> any entries -> select Remove, to remove a saved password 5. Then, Click -> OK & thus, the account will be removed 6. After using the interface click -> Close button
19.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What is a Password Cracker? According to Maximum Security definition, “A password cracker is any program that can decrypt passwords or otherwise disable password protection” Password crackers use two primary methods to identify correct passwords: brute force and dictionary searches A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer's memory, the program may be able to decrypt it
20.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Modus Operandi of an Attacker Using Password Cracker The aim of a password cracker is mostly to obtain the root/administrator password of the target system The administrator right gives the attacker access to files and applications and can install a backdoor, such as a Trojan, for future access to the system The attacker can also install a network sniffer to sniff the internal network traffic so that he will have most of the information passed around the network After gaining root access, the attacker escalates privileges to that of the administrator In order to crack passwords efficiently, the attacker should use a system that has a greater computing power
21.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? 1. To understand how a password cracker works, it is better to understand how a password generator works. Most of them use some form of cryptography 2. Crypto stems from the Greek word kryptos. Kryptos was used to describe anything that was hidden, obscured, veiled, secret, or mysterious. Graph is derived from graphia, which means writing
22.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? (cont’d) 3. Cryptography is concerned with the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers, and other methods, so that only certain people can see the real message 4. Distributed cracking is where the cracker runs the cracking program in parallel, on separate processors. There are a few ways to do this. One is to break the password file into pieces and crack those pieces on separate machines
23.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How does a Password Cracker Work? (cont’d) 5. The wordlist is sent through the encryption process, generally one word at a time. Rules are applied to the word and, after each application, the word is again compared to the target password (which is also encrypted). If no match occurs, the next word is sent through the process 6. In the final stage, if a match occurs, the password is then deemed cracked. The plain-text word is then piped to a file
24.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Attacks – Classification The various types of attacks that a hacker performs to crack a password are as follows: • Dictionary attack • Hybrid attack • Brute force attack
25.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Query String The query string is the extra bit of data in the URL after the question mark (?) that is used to pass variables The query string is used to transfer data between client and server Example: http://www.mail.com/mail.asp?mailbox=sue&c ompany=abc%20com Sue’s mailbox can be changed by changing the URL to: http://www.mail.com/mail.asp?mailbox=joe&c ompany=abc%20com
26.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Cookies Cookies are a popular form of session management Cookies are often used to store important fields, such as user names and account numbers All the fields can be easily modified using a program like Cookie Spy
27.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Dictionary Maker This tool can build your own dictionaries to create word lists
28.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Password Crackers Available LOphtcrack John The Ripper Brutus Obiwan Authforce Hydra Cain And Abel WebCracker Munga Bunga PassList ReadCookies.html SnadBoy WinSSLMiM RAR Gammaprog
29.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Brutus Brutus is an online or remote password cracker Brutus is used to recover valid access tokens (usually a user name and password) for a given target system
30.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Authforce Authforce is an HTTP Basic Authentication brute forcer Using various methods, it attempts to brute force user name and password pairs for a site It is used to test both the security of a site and to prove the insecurity of HTTP Basic Authentication based on the fact that users usually do not choose good passwords
31.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Hydra Supports several protocols like TELNET, FTP, HTTP, HTTPS, LDAP, SMB, SMBNT, MYSQL, REXEC, SOCKS5, VNC, POP3,IMAP, NNTP, PCNFS, ICQ, Cisco auth, Cisco enable, Cisco AAA Through the parallizing feature, this password cracker tool can be fast depending on the protocol This tool allows for rapid dictionary attacks and includes SSL support
32.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Cain & Abel Cain & Abel is a password cracking tool for Microsoft operating systems It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using dictionary, brute force, and cryptanalysis attacks & so on It contains a feature called APR (ARP Poison Routing), which enables sniffing on switched LANs by hijacking IP traffic of multiple hosts at the same time
33.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: WebCracker WebCracker is a simple tool that takes text lists of user names and passwords and uses them as dictionaries to implement Basic authentication password guessing It keys on the "HTTP 302 Object Moved" response to indicate successful guesses It will find all successful guesses given in a user name/password
34.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: Munga Bunga It's a brute forcer, which uses the HTTP protocol to establish its connections
35.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: PassList PassList is another character-based password generator
36.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacking Tool: SnadBoy http://www.snadboy.com "Snadboy Revelation" turns back the asterisk in password fields to plain text passwords
37.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures Choose Passwords that have at least eight characters Passwords should have a combination of lower- and upper-case letters, numbers, special characters, etc. Do not use words that can be easily found in a dictionary as passwords Do not use Public information, such as social security number, credit card number, and ATM card number as passwords Never use Personal information as passwords User names and passwords should be different
38.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures (cont’d) Managers and administrators can enhance the security of their networks by setting strong password policies. Password requirements should be built into organizational security policies Systems administrators should implement safeguards to ensure that people on their systems are using adequately strong passwords When installing new systems, make sure default passwords are changed immediately
39.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Countermeasures (cont’d) The user can use the SRP protocol. SRP is a secure password-based authentication and key-exchange protocol. It solves the problem of authenticating clients to servers securely, where the user of the client software is required to memorize a small secret (like a password) and carries no other secret information
40.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Authentication is the process of checking the identity of the person claiming to be the legitimate user HTTP, NTLM, Negotiate, Certificate-based, Forms-based, and Microsoft Passport are the different types 0f authentications Password crackers use two primary methods to identify correct passwords: brute force and dictionary searches LOphtcrack, John the Ripper, Brutus, Obiwan, etc. are some of the popular password-cracking tools available today The best technique to prevent the cracking of passwords is to have passwords that are more than eight characters long and to incorporate upper- and lower-case alphanumeric, as well as special, characters into them
Télécharger maintenant