Difference between revisions of "Password management/Password Cracking"

m (1 revision)
 
m (1 revision)
(No difference)

Revision as of 17:18, 6 August 2013



Password Cracking

  • Subsections


Add or edit subsection:

Lesson typeDemonstration
Minimum time10
Maximum time20
OptionalityRequired
Position

2/1

TypeLesson
Section ofPassword management
LangEn
  • Last modified: 4 November 2013 20:34:17


  • русская версия



Introduction

A password is usually the first and often the last line of defense for information systems. Participants need to be convinced during this lesson that it is not reasonable or secure to have a weak password protecting important information nor is it a good idea to have one strong password protecting all the user's different accounts.

Password Insecurity

Discuss password profiling, social engineering attacks and installation of keyloggers, via email or drive-by downloaders.

Demonstrate how a password cracker works. Demonstrate Windows password crackers, like Ophcrack; Advanced Office Password Recovery and the winlockpwn attack over a firewire cable.

Install Cain on a local machine and demonstrate the withdrawal of its local passwords.

Ask one of the participants to prepare a Word document with an easy password, and crack it using Advanced Office Password Recovery for example.

Goal

Explain the principles of brute force and the need for password complexity.

Trainer's notes

You'll need to prepare in advance for password cracking and make sure you've tested your software. You'll need Rainbow Table for opchrack. The trial version of AOPR can only crack 4 character passwords.