Академический Документы
Профессиональный Документы
Культура Документы
Contents
1.0 Introduction............................................................................................................... 1
2.0 Operating system vulnerability........................................................................................ 2
2.1 Windows vulnerability.......................................................................................... 3
2.1.1 DoS vulnerability.................................................................................................. 3
2.1.2 Auto play vulnerability............................................................................................ 4
2.1.3 Clipboard vulnerability........................................................................................... 5
2.1.4 Register vulnerability.............................................................................................. 5
2.2 Linux vulnerability...................................................................................................... 6
2.2.1 Missing pointer checks............................................................................................ 6
2.2.2 Missing permission checks....................................................................................... 7
2.2.3 Buffer overflow..................................................................................................... 7
3.0 password cracking techniques......................................................................................... 8
3.0.1 Dictionary attack................................................................................................... 8
3.0.2 Brute forcing attack................................................................................................ 9
3.03 Hybrid Attack........................................................................................................ 9
3.0.4 Syllabus Attack................................................................................................... 10
3.0.5 Rule-Based Attack............................................................................................... 10
4.0 Tools for Hacking...................................................................................................... 11
4.0.1 Ophcrack........................................................................................................... 11
4.0.2 Offline NT password & Registry Editor.....................................................................12
4.0.3 Kon boot........................................................................................................... 13
4.0.4 Cain & Abel v4.9.56............................................................................................. 14
4.0.5 John the ripper password cracker.............................................................................. 15
5.0 Hacking Steps.......................................................................................................... 16
6.0 Demonstration.......................................................................................................... 18
7.0 Conculsion.............................................................................................................. 22
8.0 Referencing............................................................................................................. 23
Thinageran Rajenadran
Page 0
1.0 Introduction.
Windows operating system is one of the well-known operating system in the world. It is
not just a well-known operating system but it is one of the wide used operating system as well.
This reason why windows as become this much popular among the user is because windows
operating system is one of the user friendly operating system and less expensive compare to the
other operating system. When compare the price of the operating system of course that the Linux
operating system is much cheaper than windows or it a free operating system. Although it a free
operating system but still it has fail to meet the requirement of the user friendly. Other than that
if we look at the percentage around 90% or the user uses the windows the preferable operating
system.
However now we that most of the user in world uses the windows but here is the question
is the windows operation system is safe to be used. As per research show that in 2002 the was
countless viruses such as Trojan, worm, and other else were found out. However according to the
research that most of the virus is design to attack the windows based operating system only.
Other than that, their also some study show that they a lot of security loop that are can be find in
the windows operating system.
Thinageran Rajenadran
Page 1
Although this three operating system is the one that dominate the world but still there not
free from the vulnerability. However in this case each operating has its own vulnerability or
security flaws that can bring harm to own system. However when look into statistics it shows
that most usable operating system is the one that are having the most flaws or vulnerability that
could bring harm to the system.
Thinageran Rajenadran
Page 2
Dos is stand for denial of service attack. Dos are types of attack that may interrupt of
suspend the services of the computer. Mostly the dos attack will launch to the network but it can
be used to float the CPU usage of the computer. According to the research the windows operating
system was found with few of software that install with the high potential of causing the Dos
attacks for example such as the MS14-006 update that was released in February 2015. According
to the Microsoft TechNet the update was released in order to fix the vulnerability of the ipv6 in
the windows 8, windows RT and windows server 2012 that can allow the denial of services
attack to the particular operating system.
Thinageran Rajenadran
Page 3
Auto play is one type of features in the windows operating system. The auto play system
was introduced in windows xp operating system ever since that the auto play vulnerability take
place in the windows operating until this day. The auto play system was invented to make the life
of the end user to be easy. Basically the auto play is design to execute the code form the
removable device that has been plug into the computer. Actually it work in this way where when
the user plugs in the removable devices the system will automatically read the auto run script that
will tell the system what to execute form the removable device. Normally the auto run script will
written in the notepad file and it will be save as the hidden file into the removable devices such
as the once shown in figure 2.1.2a . Since the auto run script and the auto play function ha rights
to run without the knowledge of the user. The attacker can just write script to execute the file
content with the malicious program. One of the prefect examples that auto run script could affect
the computer with virus and malicious program is a virus that called as secure browsing. These
secure browsing viruses will automatic copy to the system when the user plugs in the infected
removable devices into the system. Basically the virus work in a simple way where the attacker
code a script into the auto run file in the removable device which will execute the virus when
auto play reads the file.
Thinageran Rajenadran
Page 4
Almost all of the windows configuration setting and option are stored in a hierarchical
database which the database is known as the windows registry. Window registry is considered as
the low level OS setting and it also used for the applications setting as well. As normal end user
the also able to access the registry and there can edit the setting of the operating system and also
the application that has been install thru the registry. However this registry editor program in the
window is not a secure program. The reason that put the program is not secure is the registry
program allow to edit the registry without the permissions of the user. Other that the registry files
also can be edit thru the cmd terminal. The only thing that the attacker need is windows install cd
to boot in the system and run the registry thru the cmd. As a result the attacker also can gain
privilege of the operating system thru the process and it also can post a serious threat to the end
user.
Thinageran Rajenadran
Page 5
The missing pointer checker program normally comes from the Linux kernel. Mostly this type of
problem will occur at the kernel omits access ok check. By referencing to the research this
vulnerability may allow the denial of services attack to occur to the operating system. Other than
that this missing pointer checks also may cause the attacker to gain privilegas by leveraging a
bug. Normally his type problem will occur in operations like get_user. Which this does not
validate the value of the user.
Thinageran Rajenadran
Page 6
Buffer overflow occur to the operating system when the kernel incorrectly check the upper or
lower bound when accessing a buffer. Where the kernel will allocate a smaller buffer than what it
supposed to allocate. In this case, the attacker can exploit the vulnerability thru corrupting the
memory of the kernel. Other than that an adversary can mount privilege-escalation attacks by
overwriting nearby function pointers and subverting the kernels control flow integrity.
Thinageran Rajenadran
Page 7
A dictionary attack is one of the ways to crack or break the password, or a way to break into a
password protected computer system. A dictionary attack also can be used to fine the key to
decrypt an encrypted document such the word document. Basically the dictionary attack work in
such way where the attack the based on a dictionary file. Whereby the dictionary file will loaded
into the cracking application that will run against the victim account. Normally the dictionary
will be filled with the list of word that can be possible password for that account. The cracking
application will run the word that contains in the dictionary file to find the password. Although
the dictionary attack is actually useful than brute force attack but still it can be used to attack the
system that uses the passphrases.
Thinageran Rajenadran
Page 8
Brute force attack are simple process that can be understand and used the by the attacker easily
but protecting against the attack is not easily. The process of the brute force attack is stated by
RSA as exhaustive key search or as brute force search. This technique that brute force uses to
find the password is actually very easy where it tries every possible key by order until it find out
the correct key that matches the password. However since the brute force attack will use evert
single key to try to attack the system the brute force attack take a lot of time to break the
password. But still the process can speed up by using the grid computing system where by the
grid computing will speed up the cracking process by dividing the task.
Hybrid attack is actually similar to the dictionary attack where by it also uses the dictionary file
to find out the password of the system. Even though it also use the dictionary file to attack but it
not fully some with the dictionary. Normally the dictionary attack will used to find out the
password for the system for first where the password was not been discover before. But the
hybrid attack normally it launched when the user change the password. But new password that
has been change by adding a new character only for example such the old password is pass and
the new password is pass2. This is when the hybrid attack is used to crack password. The hybrid
attack actually used the dictionary file to find one for one or two new character.
Thinageran Rajenadran
Page 9
Syllabus attack is one of the powerful attack compare to other attacking techniques. The syllabus
attack is a combination of the brute force attack which tried every single password for find the
matching password, and the dictionary attack which uses a word file to find out the password of
the system. Normally this type attack will be launched when the password is not an existing
word, whereby the attacker will use the dictionary and some other types of cracking techniques
to find out the password of the system.
Rule-based Attack is normally used when the attacker know some basic information on the
password that the victim has set. This rule based attack can considered as one of the powerful
attack as well due to the attacker knows the type of password that has been set for the system. An
example of the rule based is, when the attacker know the type of the password such password is
contain number and letter then the attacker can set the rules for type of the password the tool will
follow the techniques to crack the password.
Thinageran Rajenadran
Page 10
Most of the rainbow table for the LM hashes file can find for free. In this case the
ophcrack tool is included with the rainbow table that allows it to crack the password that is no
longer than 14 characters. Even though it is able to crack the password that is 14 character long
but still the password should be only build with alphanumeric characters. The ophcrack software
also is available in the live usb or live cd form as well. Where in this case the attacker do not
need to login in to system to crack the password the user can just boot up the cd or usb to run the
program.
Thinageran Rajenadran
Page 11
Even though it only can be used if the tool is burn in cd but running the tool is similar to
the ophcrack tool. In-order to run this tool the need to boot into the victims personal computer.
However this tool is not included with the gui interface instead of that this tool is using the
normally command line terminal as the interface of the program.
Thinageran Rajenadran
Page 12
Kon-boot is another windows password hacking tool that is the easiest and the fastest tool
to crack the windows password. However this tool is also one of the free version tools that can
be find and download thru online. This can tool is also available in this site www.piotrbania.com.
However the hacker also can learn how to use these tools from the site itself. Even though is
easy to use but still the download file of this tools will be in iso type file. The cons of the tool is
the tool only can use if the tool is burn into the cd. Where else it will not work if the tool is made
into the live usb.
However this tool is similar to the offline NT & registry editor tool where it will only
remove or reset the administrator password. This tool is also not similar to the ophcrack where it
does not have the option to recover the for the windows user. The interface of the tool is also
same with the offline NT password ®istry editor tools where it also offers only the command
line interface. Although it offers the command line interface, the tool still has its own preset
option to select in order to perform the hacking process.
Thinageran Rajenadran
Page 13
Cain & Abel is also a type of tool that can be used to crack the windows password.
Unlike the other tools the Cain &Abel are required to be installed in the operating system. In
order to do that the attacker need to have a work user account in the particular operating system.
In this way this tool is not consider as the best tools to hack the password for the windows
operating system for a hacker. If the person needs to retrieve or reset the password for their own
account then this tool is recommended to use.
However this tool can be installed in windows operating system as well the Linux
operating system. Plus this tool also can be downloaded for free thru the online from the website
oxide.net. even though this tools need to be install into the operating system but this tools still
offer the both option crack the password, which is the tool are able to reset the password as well
the tool is able recover the password by using the rainbow table. However the cons this tool is
the rainbow table is needed to download separately.
Thinageran Rajenadran
Page 14
John the ripper is also one of the types of tool that can be used to crack the windows
operating system password. The John the ripper tools are considers one of the popular tools that
can be used to crack the password. Other that this tool also is based on the open source code
where the user do not need to pay for the services. This john the ripper tool is man design for the
UNIX operating system. Other than that the john ripper tools also is install in some of the Linux
operating system as well such as the kali Linux which is design for penetration test.
However the john the ripper tools has a few type of password cracking techniques one of
it the dictionary attack where the john the ripper tool will use a dictionary file to find the
matching password for the system. Other than that john the ripper tools also offer the brute force
attack as well. Where it can be used to retrieve the password that uses the hash file.
Thinageran Rajenadran
Page 15
Thinageran Rajenadran
Page 16
Thinageran Rajenadran
Page 17
6.0 Demonstration.
Thinageran Rajenadran
Page 18
figure 6.0 B
Once the tool has finished burn into the CD drive then we need to restart the system. To run the
tool.
Figure 6.0 C.
Once the system has reboot press on the f9 button to choose on the boot option.
Once you are in the boot option select on the internal cd drive to run the live cd.
Thinageran Rajenadran
Page 19
Figure 6.0 D
Once boot up is complete the system will ask to select the mode that you wanted to enter into in
this part need select on the ophcrack graphical mode automatic to run the hacking tools.
Thinageran Rajenadran
Page 20
Figure 6.0 E
Once the program start it will start cracking the password the administrator account in the
windows.
Figure 6.0 F
Once the software finish cracking the password then the system will automatically show the
password for the local administrator account.
Thinageran Rajenadran
Page 21
7.0 Conculsion
In conclusion, there many type of tool that are available online that can be used to crack
the password not just for the operating system but the for other application as well. However
they is no any type operating system or application that are free form vulnerability or on the
word all software and operating system are created with the unknown vulnerability. But it
doesnt mean that the vulnerability will not be found of fix. However to reduce the vulnerability
as well to reduce the risk to get hack extra precocious needed to be take. such setting a strong
password could one, the reason of setting a strong password may avoid from getting hack is by
setting the strong password it will take a longer time to hack into the system.
Thinageran Rajenadran
Page 22
8.0 Referencing
Jabulani Leffall. 2010. Zero-Day Windows Kernel Flaw Linked to Clipboard. [ONLINE]
Available at: http://mcpmag.com/articles/2010/08/09/zero-day-windows-kernel-flaw-linked-toclipboard.aspx. [Accessed 03 April 15].
Nicolas Economou. 2014. MS14-006: Microsoft Windows TCP IPv6 Denial of Service
Vulnerability. [ONLINE] Available at: https://blog.coresecurity.com/2014/03/25/ms14-006microsoft-windows-tcp-ipv6-denial-of-service-vulnerability/. [Accessed 03 April 15].
cobb.m. 2007. How secure is the Windows registry?. [ONLINE] Available at:
http://searchsecurity.techtarget.com/answer/How-secure-is-the-Windows-registry. [Accessed 04
April 15].
Yarden .j. 2007. Be aware of this Windows registry vulnerability. [ONLINE] Available at:
http://www.techrepublic.com/article/be-aware-of-this-windows-registry-vulnerability/. [Accessed
04 April 15].
Thinageran Rajenadran
Page 23
anon. 2007. conman vulnerability . [ONLINE] Available at: http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2010-4258. [Accessed 04 April 15].
Nakib Momin . 2014. 6 Most Common Password Cracking Methods And Their
Countermeasures. [ONLINE] Available at: http://www.coolhackingtrick.com/2014/01/6-mostcommon-password-cracking-methods.html. [Accessed 04 April 15].
Thinageran Rajenadran
Page 24