-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtypes.tex
39 lines (22 loc) · 4.15 KB
/
types.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
\section{Types of Attacks}
\subsection{Online Attacks}
Online password attacks are held against logins of network protocols like POP3, SSH or FTP. The target that is being attacked is a remote computer or server on a different network \cite{pentesting}. The rate at which an attack like this can be processed, depends mostly on the protocol, the connection to the server and the hardware of the server itself. Therefore the attacker has only a very limited influence on the attack rate.
Another challenge with online attacks is the fact that not only a password, but also the associated username is needed. If both of these inputs are unknown the number of possible entries is the result of all possible passwords multiplied by all possible usernames.
A tool that can be used for such an attack is hydra \cite{hydra}. hydra is a command line tool available for Windows and different unix based operating systems. It's free, open source and still under active development. The command for running hydra will look similar to this:
\begin{center}
\textbf{``hydra -l admin -P passwords.txt mail.domain.com pop3''}
\end{center}
The lowercase l specifies that the username "admin" is already known. The uppercase P stands for a list of passwords that are to be used for the attack. In the end the address of the server as well as the protocol type is entered. -h will give a full list of hydras syntax.
A common countermeasure against online attacks is a maximum number of logins. Since the verification process is done by the server, it would be possible to block specific IPs after a certain number of unsuccessful tries. A human user is probably not affected by a limit of only one login per second or 100 tries a day. An attacker on the other hand will have a much harder time executing password or DDoS attacks on such a server. Although protocols like SSH can be enhanced for a maximum number of logins, it is not enabled by default \cite{sshmanpages}.
\newpage
\subsection{Offline Attacks}
Offline attacks are held against password hashes like those produced by MD5, SHA1 or SHA512. Before such an attack can be executed the attacker must first gain a copy of the hashes that he wants to crack \cite{pentesting}. One of the criteria for a secure hash function is the fact that the result cannot be reversed to its input \cite{hashes}. The attacker must therefore calculate hashes for different passwords and check for identical entries in the data he aquired.
The rate at which an offline attack can be run, depends mostly on the hashtype and the hardware of the computer. NTLM and MD5 will be processed much faster than more complex hash functions like SHA512 or PDF encryption hashes. The usage of GPUs has been gaining a lot popularity over the past years, because they are designed for highly parallelised algorithms. The architecture of GPUs compliments the arithmetic operations that are needed for password attacks \cite{gpu}.
A tool that can be used for such an attack is hashcat. Just like hydra it's open source and available for different platforms. It's still under active development and a command for running hashcat can look like this:
\begin{center}
\textbf{``hashcat -a 0 -m 0 hashes.txt rockyou.txt''}
\end{center}
-a 0 specifies that the attack type is wordlist and -m 0 tells hashcat that the hashes are MD5 entries. hashcat will then calculate the hashes for the passwords in the rockyou.txt file and cross reference them against the entries in hashes.txt. The full list of hashcats syntax can be viewed with the -h command.
Common countermeasures against offline attacks include Stretching and Salting. Password Stretching describes the process of hashing a password multiple times. The output of the hash function is used as the input of the next iteration. The security increases because more processing time per password is needed \cite{anders}.
With Password Salting every user gets assigned a random value, which is added to the password before hashing it. This means that two users with the same password will have different password hashes in the database. This way an intruder has to attack every user one-by-one and is not able to create a hash table that works with all users \cite{anders}.
\newpage