KEMBAR78
Password Attack | PPTX
Sina Manavi, profile picture
Uploaded bySina Manavi
13,625 views

Password Attack

The document outlines a hacking methodology focused on password attacks, featuring various techniques such as brute force, dictionary, and phishing attacks. It includes practical demonstrations and tools for password cracking, along with guidance on secure password practices and password hardening techniques. Additionally, it touches on the importance of password policy and the implementation of biometric technologies to enhance security.

Presentations & Public SpeakingTechnology
In this document
Powered by AI

Overview of password attacks methodology presented by Instructor Sina Manavi, including an agenda on security and demos.

Types of password attacks including Dictionary, Brute Force, Rainbow table, Phishing, Social Engineering, Malware, and Offline cracking.

Recommendations for strong password practices, including avoiding old passwords, optimal composition, and examples of weak vs strong passwords.

Live demos showcasing Windows password reset, Facebook phishing, cracking Zip/Rar files, and Windows login cracking.

Discussion on illegal password cracking concepts, various types of attacks, methods (brute force, phishing), and tools available for cracking.

Live demos showcasing Windows password reset, Facebook phishing, cracking Zip/Rar files, and Windows login cracking.

Discussion on illegal password cracking concepts, various types of attacks, methods (brute force, phishing), and tools available for cracking.

Discussion on illegal password cracking concepts, various types of attacks, methods (brute force, phishing), and tools available for cracking.

Live demos showcasing Windows password reset, Facebook phishing, cracking Zip/Rar files, and Windows login cracking.Introduction to password hardening techniques and biometric technologies to enhance security and counteract attacks.

Live demos showcasing Windows password reset, Facebook phishing, cracking Zip/Rar files, and Windows login cracking.

Discussion on illegal password cracking concepts, various types of attacks, methods (brute force, phishing), and tools available for cracking.

Live demos showcasing Windows password reset, Facebook phishing, cracking Zip/Rar files, and Windows login cracking.

Conclusion and contact information for further inquiries and resources related to password security and hacking.

Hackaway Hacking Methodology: Password Attacks EC-Council, Malaysia Instructor : Sina Manavi 15th May 2014 http://eccouncilacademy.org/home/hackaway- hacking-methodology/
About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
Agenda  Password Security  Demo: Windows Password Reset  Demo: Google Dork  Demo: Password disclosure!  Demo: Gmail Password Extraction (Forensics Method)  Secure Password  Password Cracking Concept  Coffee time   Demo: Facebook Phishing Attack  Introducing Password Cracking Tools  Demo: Zip/Rar password File Cracking  Demo: Windows Login Password Hacking
Type of Password Attacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
Password Security  Don’t use your old passwords  Don’t use working or private email for every website registration such as games, news,….etc.
Google Dork
Demo: Windows Password Reset
Gmail and Facebook Password Extraction (Dumping Physical Memory)  Dumpit (free Windows tool)  Or if you use win8, you can do dump specific process in task manager  Strings and Grep  Hex Editor
Secure Password  Comprises: [a-zA-z, 0-9, symbols , space]  No short length / birthday / phone number / real name , company name  Don’t use complete words or Shakespeare quotes  ◦ Example: ◦ Hello123: Weak ◦ @(H311l0)@: Strong Easy to remember, hard to guess
Demo Router password cracking
Password Cracking Concept  Password Cracking is illegal purpose to gain unauthorized access  To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
Password Cracking Types Brute Force, Dictionary Attack, Rainbow Table
Password Cracking Types:(Guessing Technique) I have tried many friends house and even some companies that , their password was remained as default, admin, admin .
Demo Facebook Phishing Attack
Password Cracking Types: (Phishing)
Password Cracking Types:(Social Engineering)  sometimes very lazy genius non-IT Geeks can guess or find out your password
Application Password Cracking: (Malware)
Demo: Application Password Cracking
Lets work as software cracker or Reverse Engineer  Open the myprogram.exe file with your Hex Editor  Try to find the password inside of
Password Cracking Types:(Offline Cracking)  We have enough time to break the password  Usually take place for big data  very strong and complicated password  After attack  Forensics investigation
Password Cracking Tools  Brutus ◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack ◦ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz ◦ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** ◦ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper ◦ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra ◦ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG ◦ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
Demo 1- Cracking Zip Files 2- Cracking Rar Files
Cracking Zip password Protected File Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  Having Password-list and Username- list for brute forcing  A Zip password protected File  And poor file owner 
Password hardening
Password Hardening  Techniques or technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
Password Hardening  All the Security solution just make it more difficult. Harder but possible
Windows Login Cracking Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  nmap  Having Password-list and Username- list for bruteforcing  Target windows
Password Cracking Depends on  Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
Demo: Web Site Login Cracking
Any Question?  Manavi.sina@gmail.com  @sinamanavi  LinkedIn: Sina Manavi  Check my homepage for latest presentations/ tutorial

More Related Content

PPTX
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
PPTX
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPTX
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 
PPTX
Brute force-attack presentation
byMahmoud Ibra
 
PPT
Ch04 Network Vulnerabilities and Attacks
byInformation Technology
 
PPTX
Password craking techniques
byأحلام انصارى
 
PPTX
Authentication
byprimeteacher32
 
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
Password cracking and brute force
byvishalgohel12195
 
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 
Brute force-attack presentation
byMahmoud Ibra
 
Ch04 Network Vulnerabilities and Attacks
byInformation Technology
 
Password craking techniques
byأحلام انصارى
 
Authentication
byprimeteacher32
 

What's hot

PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PPTX
Dos attack
byManjushree Mashal
 
PPTX
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
PPTX
Man in The Middle Attack
byDeepak Upadhyay
 
PPTX
Cryptography
byShivanand Arur
 
PPTX
Phishing ppt
byshindept123
 
PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
Cyber attack
byManjushree Mashal
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
DoS or DDoS attack
bystollen_fusion
 
PPTX
Denial of Service Attack
byDhrumil Panchal
 
PPTX
Brute force attack
byjoycruiser
 
PPTX
Password Cracking
bySina Manavi
 
PPTX
Password Cracking
bySagar Verma
 
PPTX
Trojan virus & backdoors
byShrey Vyas
 
PDF
What is Hacking? AND Types of Hackers
byinfosavvy
 
PDF
Social Engineering Attacks & Principles
byLearningwithRayYT
 
PPTX
CYBER SECURITY
byVaishak Chandran
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
PPTX
Dos n d dos
bysadhana21297
 
Footprinting and reconnaissance
byNishaYadav177
 
Dos attack
byManjushree Mashal
 
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
Man in The Middle Attack
byDeepak Upadhyay
 
Cryptography
byShivanand Arur
 
Phishing ppt
byshindept123
 
Network Security Fundamentals
byRahmat Suhatman
 
Cyber attack
byManjushree Mashal
 
Sql injections - with example
byPrateek Chauhan
 
DoS or DDoS attack
bystollen_fusion
 
Denial of Service Attack
byDhrumil Panchal
 
Brute force attack
byjoycruiser
 
Password Cracking
bySina Manavi
 
Password Cracking
bySagar Verma
 
Trojan virus & backdoors
byShrey Vyas
 
What is Hacking? AND Types of Hackers
byinfosavvy
 
Social Engineering Attacks & Principles
byLearningwithRayYT
 
CYBER SECURITY
byVaishak Chandran
 
Basics of Denial of Service Attacks
byHansa Nidushan
 
Dos n d dos
bysadhana21297
 

Similar to Password Attack

PPTX
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
PPTX
Gamifying Ethical hacking for education.pptx
byyg5ptrdvbg
 
PPTX
Password cracking and brute force tools
byzeus7856
 
DOCX
Password hacking
byAbhay pal
 
DOC
Password hacking
byMr. FM
 
DOCX
Password Cracking
byHajer alriyami
 
PPTX
Hacking
byNadeem Ahmad
 
PPTX
Hacking
byNadeem Ahmad
 
PPTX
password cracking and Key logger
byPatel Mit
 
PPTX
Hacking and cracking
byDeepak kumar
 
PPTX
Cybersecurity cyberlab1
byrayborg
 
PPTX
unit2_password_attacks_2fdgf.pdfgdgdghgptx
byzmulani8
 
PPT
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
byajajkhan16
 
PPTX
Hacking
byMohit Agarwal
 
PPTX
Cybersecurity Essentials - Part 2
byShobhit Sharma
 
PPTX
Passwords & security
byPer Thorsheim
 
PPT
ethical-hacking-18092013112412-ethical-hacking.ppt
byricagip499
 
PPT
Hacking
byDianna Marie Manalo
 
PPT
Hacking
byYhannah
 
PDF
CNIT 124: Ch 9: Password Attacks
bySam Bowne
 
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
Gamifying Ethical hacking for education.pptx
byyg5ptrdvbg
 
Password cracking and brute force tools
byzeus7856
 
Password hacking
byAbhay pal
 
Password hacking
byMr. FM
 
Password Cracking
byHajer alriyami
 
Hacking
byNadeem Ahmad
 
Hacking
byNadeem Ahmad
 
password cracking and Key logger
byPatel Mit
 
Hacking and cracking
byDeepak kumar
 
Cybersecurity cyberlab1
byrayborg
 
unit2_password_attacks_2fdgf.pdfgdgdghgptx
byzmulani8
 
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
byajajkhan16
 
Hacking
byMohit Agarwal
 
Cybersecurity Essentials - Part 2
byShobhit Sharma
 
Passwords & security
byPer Thorsheim
 
ethical-hacking-18092013112412-ethical-hacking.ppt
byricagip499
 
Hacking
byDianna Marie Manalo
 
Hacking
byYhannah
 
CNIT 124: Ch 9: Password Attacks
bySam Bowne
 

More from Sina Manavi

PPTX
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
PPTX
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
PPTX
Android Hacking + Pentesting
bySina Manavi
 
PPTX
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
Aes (advance encryption standard)
bySina Manavi
 
PPTX
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
PPT
Honeypot honeynet
bySina Manavi
 
PPTX
Mendeley resentation , Sina Manavi
bySina Manavi
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
Android Hacking + Pentesting
bySina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Aes (advance encryption standard)
bySina Manavi
 
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
Honeypot honeynet
bySina Manavi
 
Mendeley resentation , Sina Manavi
bySina Manavi
 

Recently uploaded

PPTX
LIBRA.I. Libraries for AI Literacy: Guiding Citizens in the Digital World
byVlaamse Vereniging voor Bibliotheek, Archief & Documentatie vzw (VVBAD)
 
PDF
BRAZA PPT PPT PPT PPT PPT P FOR DEMO.pdf
byBeaYonsonBraza1
 
PPTX
Pharma.presentation about excitability.pptx
bysafaaelbadrawy157
 
PDF
sangfor-security-cyber-resilience-challenge-outsmarting-threats-with-mdr.pdf
byvergiehadiana2
 
PDF
Dutch Power Presentatie - Hanneke van der Horst - slimme meter data
byDutch Power
 
PPTX
GROUP 6 GENDER ROLES ASSIGNMENT bordering on the cultural feminism
byMartin998802
 
PDF
What is a real ecosystem? And how can you respect nature?
byGeorge Torok
 
PDF
Learn More About Digital Marketing in detail
bygetafreen123
 
PDF
Seven C's for the effective communication
byamanbushra53
 
PDF
Admire Girls — Celebrating Women Who Inspire Change By Jessa Bariuan
byjessabariuan2
 
PDF
The American Public Health Association.pdf
bybarejapriyanka1
 
PDF
Why you must stop saying the word "thing".
byGeorge Torok
 
PPTX
Lecture # 01 Introduction to ECG-compressed.pptx
byDr:SANA IHSAN
 
PDF
Artificial Intelligence in Parliaments - GenAI, Trust, Sovereignty & Innovation
byProf. Dr. Fotios Fitsilis
 
PDF
(01) Crazy or REAL Conspiracy About Global Power? Let's find out
byetherealunfold
 
PDF
(02) The Globalist Elite Aren't Fiction.pdf
byetherealunfold
 
PPTX
Granulocytes include neutrophils, eosinophils, and basophils
byDr:SANA IHSAN
 
PPTX
developing results and discussion in qualitative research.pptx
bybereniceandriano1985
 
PDF
Report Meeting International Friends.pdf
bykomangdesiani113
 
PDF
Knowledge Graphs with MediaWiki Krabina IJCKG 2025
byBernhard Krabina
 
LIBRA.I. Libraries for AI Literacy: Guiding Citizens in the Digital World
byVlaamse Vereniging voor Bibliotheek, Archief & Documentatie vzw (VVBAD)
 
BRAZA PPT PPT PPT PPT PPT P FOR DEMO.pdf
byBeaYonsonBraza1
 
Pharma.presentation about excitability.pptx
bysafaaelbadrawy157
 
sangfor-security-cyber-resilience-challenge-outsmarting-threats-with-mdr.pdf
byvergiehadiana2
 
Dutch Power Presentatie - Hanneke van der Horst - slimme meter data
byDutch Power
 
GROUP 6 GENDER ROLES ASSIGNMENT bordering on the cultural feminism
byMartin998802
 
What is a real ecosystem? And how can you respect nature?
byGeorge Torok
 
Learn More About Digital Marketing in detail
bygetafreen123
 
Seven C's for the effective communication
byamanbushra53
 
Admire Girls — Celebrating Women Who Inspire Change By Jessa Bariuan
byjessabariuan2
 
The American Public Health Association.pdf
bybarejapriyanka1
 
Why you must stop saying the word "thing".
byGeorge Torok
 
Lecture # 01 Introduction to ECG-compressed.pptx
byDr:SANA IHSAN
 
Artificial Intelligence in Parliaments - GenAI, Trust, Sovereignty & Innovation
byProf. Dr. Fotios Fitsilis
 
(01) Crazy or REAL Conspiracy About Global Power? Let's find out
byetherealunfold
 
(02) The Globalist Elite Aren't Fiction.pdf
byetherealunfold
 
Granulocytes include neutrophils, eosinophils, and basophils
byDr:SANA IHSAN
 
developing results and discussion in qualitative research.pptx
bybereniceandriano1985
 
Report Meeting International Friends.pdf
bykomangdesiani113
 
Knowledge Graphs with MediaWiki Krabina IJCKG 2025
byBernhard Krabina
 

Password Attack

  • 1.
    Hackaway Hacking Methodology: Password Attacks EC-Council,Malaysia Instructor : Sina Manavi 15th May 2014 http://eccouncilacademy.org/home/hackaway- hacking-methodology/
  • 2.
    About Me My nameis Sina Manavi , Master of Computer Security and Digital Forensics Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
  • 3.
    Agenda  Password Security Demo: Windows Password Reset  Demo: Google Dork  Demo: Password disclosure!  Demo: Gmail Password Extraction (Forensics Method)  Secure Password  Password Cracking Concept  Coffee time   Demo: Facebook Phishing Attack  Introducing Password Cracking Tools  Demo: Zip/Rar password File Cracking  Demo: Windows Login Password Hacking
  • 4.
    Type of PasswordAttacks  Dictionary Attack  Brute Force Attack  Rainbow table attack  Phishing  Social Engineering  Malware  Offline cracking  Guess
  • 5.
    Password Security  Don’tuse your old passwords  Don’t use working or private email for every website registration such as games, news,….etc.
  • 6.
  • 7.
  • 9.
    Gmail and FacebookPassword Extraction (Dumping Physical Memory)  Dumpit (free Windows tool)  Or if you use win8, you can do dump specific process in task manager  Strings and Grep  Hex Editor
  • 10.
    Secure Password  Comprises: [a-zA-z,0-9, symbols , space]  No short length / birthday / phone number / real name , company name  Don’t use complete words or Shakespeare quotes  ◦ Example: ◦ Hello123: Weak ◦ @(H311l0)@: Strong Easy to remember, hard to guess
  • 11.
  • 12.
    Password Cracking Concept Password Cracking is illegal purpose to gain unauthorized access  To retrieve password for authorize access purpose ( misplacing, missing) due to various reason. ( e.g. what was my password??)
  • 13.
    Password Cracking Types BruteForce, Dictionary Attack, Rainbow Table
  • 14.
    Password Cracking Types:(Guessing Technique) Ihave tried many friends house and even some companies that , their password was remained as default, admin, admin .
  • 16.
  • 17.
  • 18.
    Password Cracking Types:(Social Engineering) sometimes very lazy genius non-IT Geeks can guess or find out your password
  • 19.
  • 20.
  • 21.
    Lets work assoftware cracker or Reverse Engineer  Open the myprogram.exe file with your Hex Editor  Try to find the password inside of
  • 22.
    Password Cracking Types:(Offline Cracking) We have enough time to break the password  Usually take place for big data  very strong and complicated password  After attack  Forensics investigation
  • 23.
    Password Cracking Tools Brutus ◦ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause option .no recent update but still on top ranking.  RainbowCrack ◦ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text and hash pairs. Commercial and free version  Wfuzz ◦ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection  Cain and Able *** ◦ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,  John the Ripper ◦ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in password cracker  THC Hydra ◦ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)  Medusa  AirCrack-NG ◦ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools  OphCrack  L0phtCrack
  • 24.
    Demo 1- Cracking ZipFiles 2- Cracking Rar Files
  • 25.
    Cracking Zip passwordProtected File Requirement:  Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  Having Password-list and Username- list for brute forcing  A Zip password protected File  And poor file owner 
  • 26.
  • 27.
    Password Hardening  Techniquesor technologies which put attacker, cracker or any other malicious user in difficulties  Brings password policy  Increase the level of web,network , application and physical access of to the company or organization.  Using biometric technologies such as fingerprint, Eye Detection, RFID Tag Cards….etc
  • 28.
    Password Hardening  Allthe Security solution just make it more difficult. Harder but possible
  • 30.
    Windows Login Cracking Requirement: Medusa/Hydra free open source tool (can be find on your Backtrack or Kali)  nmap  Having Password-list and Username- list for bruteforcing  Target windows
  • 31.
    Password Cracking Depends on Attacker's strengths  Attacker's computing resources  Attacker's knowledge  Attacker's mode of access [physical or online]  Strength of the passwords  How often you change your passwords?  How close are the old and new passwords?  How long is your password?  Have you used every possible combination: alphabets, numbers and special characters?  How common are your letters, words, numbers or combination?  Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
  • 32.
    Demo: Web SiteLogin Cracking
  • 33.
    Any Question?  Manavi.sina@gmail.com @sinamanavi  LinkedIn: Sina Manavi  Check my homepage for latest presentations/ tutorial

Editor's Notes

  • #18 Using Fake pages or application