Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,600 --> 00:00:05,700 in this lesson we're going to talk about 2 00:00:03,350 --> 00:00:05,700 3 00:00:03,360 --> 00:00:08,730 password cracking you're going to run 4 00:00:05,690 --> 00:00:08,730 5 00:00:05,700 --> 00:00:10,440 across instances where you can get hold 6 00:00:08,720 --> 00:00:10,440 7 00:00:08,730 --> 00:00:12,810 of the password file but of course 8 00:00:10,430 --> 00:00:12,810 9 00:00:10,440 --> 00:00:15,420 passwords aren't stored in clear text 10 00:00:12,800 --> 00:00:15,420 11 00:00:12,810 --> 00:00:18,570 and in subsequent lessons we'll get into 12 00:00:15,410 --> 00:00:18,570 13 00:00:15,420 --> 00:00:20,550 how passwords are actually stored let's 14 00:00:18,560 --> 00:00:20,550 15 00:00:18,570 --> 00:00:22,740 just say they're not stored in clear 16 00:00:20,540 --> 00:00:22,740 17 00:00:20,550 --> 00:00:25,470 text and you need to be able to do 18 00:00:22,730 --> 00:00:25,470 19 00:00:22,740 --> 00:00:29,039 something in order to get a clear text 20 00:00:25,460 --> 00:00:29,039 21 00:00:25,470 --> 00:00:30,539 password from these password files so 22 00:00:29,029 --> 00:00:30,539 23 00:00:29,039 --> 00:00:33,600 the first thing that we're going to look 24 00:00:30,529 --> 00:00:33,600 25 00:00:30,539 --> 00:00:35,879 at is the little play on of course Jack 26 00:00:33,590 --> 00:00:35,879 27 00:00:33,600 --> 00:00:38,010 the Ripper the famous serial killer it's 28 00:00:35,869 --> 00:00:38,010 29 00:00:35,879 --> 00:00:41,219 called John the Ripper the first thing 30 00:00:38,000 --> 00:00:41,219 31 00:00:38,010 --> 00:00:43,679 I'm going to do is grab a copy of the 32 00:00:41,209 --> 00:00:43,679 33 00:00:41,219 --> 00:00:46,469 password file that includes the 34 00:00:43,669 --> 00:00:46,469 35 00:00:43,679 --> 00:00:49,559 encrypted passwords in it so that i can 36 00:00:46,459 --> 00:00:49,559 37 00:00:46,469 --> 00:00:52,489 run John so I've got my password file 38 00:00:49,549 --> 00:00:52,489 39 00:00:49,559 --> 00:00:55,649 I'm actually going to copy that into 40 00:00:52,479 --> 00:00:55,649 41 00:00:52,489 --> 00:00:58,219 this directory where I've got my word 42 00:00:55,639 --> 00:00:58,219 43 00:00:55,649 --> 00:00:58,219 lists 44 00:01:00,780 --> 00:01:00,780 45 00:01:00,790 --> 00:01:06,250 so I'm going to go into this wordless 46 00:01:03,660 --> 00:01:06,250 47 00:01:03,670 --> 00:01:09,640 directory here now the thing about 48 00:01:06,240 --> 00:01:09,640 49 00:01:06,250 --> 00:01:11,560 password cracking is it's not like you 50 00:01:09,630 --> 00:01:11,560 51 00:01:09,640 --> 00:01:14,020 know the movies where you just run 52 00:01:11,550 --> 00:01:14,020 53 00:01:11,560 --> 00:01:16,330 through all of these things and very 54 00:01:14,010 --> 00:01:16,330 55 00:01:14,020 --> 00:01:18,460 quickly you get a password that can take 56 00:01:16,320 --> 00:01:18,460 57 00:01:16,330 --> 00:01:20,860 a really really long time and probably a 58 00:01:18,450 --> 00:01:20,860 59 00:01:18,460 --> 00:01:23,260 lot longer than your lifetime in order 60 00:01:20,850 --> 00:01:23,260 61 00:01:20,860 --> 00:01:25,450 to check through all of the various 62 00:01:23,250 --> 00:01:25,450 63 00:01:23,260 --> 00:01:29,530 permutations and combinations of letters 64 00:01:25,440 --> 00:01:29,530 65 00:01:25,450 --> 00:01:31,720 and characters and numbers and so what 66 00:01:29,520 --> 00:01:31,720 67 00:01:29,530 --> 00:01:34,750 we do is we create a word list of 68 00:01:31,710 --> 00:01:34,750 69 00:01:31,720 --> 00:01:37,600 potential passwords and then we go 70 00:01:34,740 --> 00:01:37,600 71 00:01:34,750 --> 00:01:40,150 through the process of creating a 72 00:01:37,590 --> 00:01:40,150 73 00:01:37,600 --> 00:01:42,369 password from it in other words doing 74 00:01:40,140 --> 00:01:42,369 75 00:01:40,150 --> 00:01:45,310 the same process that you would use to 76 00:01:42,359 --> 00:01:45,310 77 00:01:42,369 --> 00:01:47,259 store your password so we're going to do 78 00:01:45,300 --> 00:01:47,259 79 00:01:45,310 --> 00:01:50,080 a cryptographic hash of it and then we 80 00:01:47,249 --> 00:01:50,080 81 00:01:47,259 --> 00:01:52,150 compared the two hashes in order to see 82 00:01:50,070 --> 00:01:52,150 83 00:01:50,080 --> 00:01:53,590 whether they match or not and if they 84 00:01:52,140 --> 00:01:53,590 85 00:01:52,150 --> 00:01:55,780 match we know what the plaintext 86 00:01:53,580 --> 00:01:55,780 87 00:01:53,590 --> 00:01:58,270 password was because that's what we used 88 00:01:55,770 --> 00:01:58,270 89 00:01:55,780 --> 00:02:00,580 to create the hash so what I'm going to 90 00:01:58,260 --> 00:02:00,580 91 00:01:58,270 --> 00:02:06,070 do is I'm going to run John and I've got 92 00:02:00,570 --> 00:02:06,070 93 00:02:00,580 --> 00:02:09,010 my word list and it's called LST and I'm 94 00:02:06,060 --> 00:02:09,010 95 00:02:06,070 --> 00:02:12,610 going to run that against my password 96 00:02:09,000 --> 00:02:12,610 97 00:02:09,010 --> 00:02:14,260 file that I created up above so what 98 00:02:12,600 --> 00:02:14,260 99 00:02:12,610 --> 00:02:17,410 it's going to be doing here is running 100 00:02:14,250 --> 00:02:17,410 101 00:02:14,260 --> 00:02:20,110 through all of the passwords in that 102 00:02:17,400 --> 00:02:20,110 103 00:02:17,410 --> 00:02:22,989 file and checking them against the 104 00:02:20,100 --> 00:02:22,989 105 00:02:20,110 --> 00:02:25,750 password file and seeing whether they 106 00:02:22,979 --> 00:02:25,750 107 00:02:22,989 --> 00:02:28,269 match and this could take quite a while 108 00:02:25,740 --> 00:02:28,269 109 00:02:25,750 --> 00:02:29,950 and so you're going to want to just let 110 00:02:28,259 --> 00:02:29,950 111 00:02:28,269 --> 00:02:33,400 this run for hours and hours if not 112 00:02:29,940 --> 00:02:33,400 113 00:02:29,950 --> 00:02:36,580 potentially days doing this password 114 00:02:33,390 --> 00:02:36,580 115 00:02:33,400 --> 00:02:39,730 ripping or password cracking can take 116 00:02:36,570 --> 00:02:39,730 117 00:02:36,580 --> 00:02:42,370 quite a while one thing that can help 118 00:02:39,720 --> 00:02:42,370 119 00:02:39,730 --> 00:02:45,760 get around that is using something 120 00:02:42,360 --> 00:02:45,760 121 00:02:42,370 --> 00:02:49,390 called rainbow tables now rainbow tables 122 00:02:45,750 --> 00:02:49,390 123 00:02:45,760 --> 00:02:51,700 are pre computed hash tables that save 124 00:02:49,380 --> 00:02:51,700 125 00:02:49,390 --> 00:02:54,220 the computation time of doing the hash 126 00:02:51,690 --> 00:02:54,220 127 00:02:51,700 --> 00:02:57,340 on all of the passwords as you go 128 00:02:54,210 --> 00:02:57,340 129 00:02:54,220 --> 00:03:01,299 through them so here's a program called 130 00:02:57,330 --> 00:03:01,299 131 00:02:57,340 --> 00:03:04,750 oph crack that's a free windows password 132 00:03:01,289 --> 00:03:04,750 133 00:03:01,299 --> 00:03:07,420 cracker and it uses rainbow tables so 134 00:03:04,740 --> 00:03:07,420 135 00:03:04,750 --> 00:03:10,630 you can use this oph crack that you 136 00:03:07,410 --> 00:03:10,630 137 00:03:07,420 --> 00:03:14,020 could download all over the internet and 138 00:03:10,620 --> 00:03:14,020 139 00:03:10,630 --> 00:03:16,560 you can use those tables with off 140 00:03:14,010 --> 00:03:16,560 141 00:03:14,020 --> 00:03:20,020 crack in order to hopefully get some 142 00:03:16,550 --> 00:03:20,020 143 00:03:16,560 --> 00:03:22,900 quicker times to get your passwords 144 00:03:20,010 --> 00:03:22,900 145 00:03:20,020 --> 00:03:25,780 cracked there's no guarantee because if 146 00:03:22,890 --> 00:03:25,780 147 00:03:22,900 --> 00:03:27,970 the password isn't in the list of words 148 00:03:25,770 --> 00:03:27,970 149 00:03:25,780 --> 00:03:30,340 that you're checking then you're not 150 00:03:27,960 --> 00:03:30,340 151 00:03:27,970 --> 00:03:32,650 going to crack the password and that's 152 00:03:30,330 --> 00:03:32,650 153 00:03:30,340 --> 00:03:34,870 one of the places where complexity is 154 00:03:32,640 --> 00:03:34,870 155 00:03:32,650 --> 00:03:36,970 really important when it comes to 156 00:03:34,860 --> 00:03:36,970 157 00:03:34,870 --> 00:03:40,420 creating passwords if you're just using 158 00:03:36,960 --> 00:03:40,420 159 00:03:36,970 --> 00:03:42,730 a regular word even if you say 160 00:03:40,410 --> 00:03:42,730 161 00:03:40,420 --> 00:03:45,340 capitalize the first letter there's a 162 00:03:42,720 --> 00:03:45,340 163 00:03:42,730 --> 00:03:47,230 good chance that that may be in a word 164 00:03:45,330 --> 00:03:47,230 165 00:03:45,340 --> 00:03:50,470 list somewhere that somebody can crack 166 00:03:47,220 --> 00:03:50,470 167 00:03:47,230 --> 00:03:53,140 which is why typically you'll see strong 168 00:03:50,460 --> 00:03:53,140 169 00:03:50,470 --> 00:03:55,750 passwords recommending a combination of 170 00:03:53,130 --> 00:03:55,750 171 00:03:53,140 --> 00:03:59,320 symbols and letters and numbers as well 172 00:03:55,740 --> 00:03:59,320 173 00:03:55,750 --> 00:04:02,290 as upper and lower case if you do enough 174 00:03:59,310 --> 00:04:02,290 175 00:03:59,320 --> 00:04:04,510 complexity and add enough variability to 176 00:04:02,280 --> 00:04:04,510 177 00:04:02,290 --> 00:04:07,840 your password you're not going to see 178 00:04:04,500 --> 00:04:07,840 179 00:04:04,510 --> 00:04:10,330 that in a password cracker word list 180 00:04:07,830 --> 00:04:10,330 181 00:04:07,840 --> 00:04:13,420 probably and it's going to make your 182 00:04:10,320 --> 00:04:13,420 183 00:04:10,330 --> 00:04:15,730 password very difficult to crack because 184 00:04:13,410 --> 00:04:15,730 185 00:04:13,420 --> 00:04:19,359 what they would have to do would be to 186 00:04:15,720 --> 00:04:19,359 187 00:04:15,730 --> 00:04:22,410 do a real honest-to-goodness brute force 188 00:04:19,349 --> 00:04:22,410 189 00:04:19,359 --> 00:04:24,910 where they do check all of the potential 190 00:04:22,400 --> 00:04:24,910 191 00:04:22,410 --> 00:04:28,210 permutations and combinations that's 192 00:04:24,900 --> 00:04:28,210 193 00:04:24,910 --> 00:04:30,610 also why a longer password is better 194 00:04:28,200 --> 00:04:30,610 195 00:04:28,210 --> 00:04:32,950 because of course the more positions you 196 00:04:30,600 --> 00:04:32,950 197 00:04:30,610 --> 00:04:35,110 put into a password the longer it's 198 00:04:32,940 --> 00:04:35,110 199 00:04:32,950 --> 00:04:38,200 going to take to brute force the other 200 00:04:35,100 --> 00:04:38,200 201 00:04:35,110 --> 00:04:40,150 thing is that word lists are often kind 202 00:04:38,190 --> 00:04:40,150 203 00:04:38,200 --> 00:04:42,160 of up to eight characters because that's 204 00:04:40,140 --> 00:04:42,160 205 00:04:40,150 --> 00:04:44,350 traditionally been sort of a standard 206 00:04:42,150 --> 00:04:44,350 207 00:04:42,160 --> 00:04:46,420 password length so if you make it a 208 00:04:44,340 --> 00:04:46,420 209 00:04:44,350 --> 00:04:49,660 little bit longer you make your password 210 00:04:46,410 --> 00:04:49,660 211 00:04:46,420 --> 00:04:52,750 harder to crack and harder to find so 212 00:04:49,650 --> 00:04:52,750 213 00:04:49,660 --> 00:04:55,930 ophcrack here runs on windows linux and 214 00:04:52,740 --> 00:04:55,930 215 00:04:52,750 --> 00:05:00,370 mac OS you'll see you can also get free 216 00:04:55,920 --> 00:05:00,370 217 00:04:55,930 --> 00:05:02,350 tables for windows XP and vista and when 218 00:05:00,360 --> 00:05:02,350 219 00:05:00,370 --> 00:05:06,010 you download ophcrack you'll be able to 220 00:05:02,340 --> 00:05:06,010 221 00:05:02,350 --> 00:05:08,410 get those rainbow tables to go with that 222 00:05:06,000 --> 00:05:08,410 223 00:05:06,010 --> 00:05:11,740 particular program another utility 224 00:05:08,400 --> 00:05:11,740 225 00:05:08,410 --> 00:05:15,130 though that runs under windows Cain and 226 00:05:11,730 --> 00:05:15,130 227 00:05:11,740 --> 00:05:19,210 Abel is another password cracker it does 228 00:05:15,120 --> 00:05:19,210 229 00:05:15,130 --> 00:05:24,660 different things though so I could load 230 00:05:19,200 --> 00:05:24,660 231 00:05:19,210 --> 00:05:27,600 the secrets from my windows system 232 00:05:24,650 --> 00:05:27,600 233 00:05:24,660 --> 00:05:31,620 and you can see I'm pulling in the 234 00:05:27,590 --> 00:05:31,620 235 00:05:27,600 --> 00:05:33,990 password file here and I could run Cain 236 00:05:31,610 --> 00:05:33,990 237 00:05:31,620 --> 00:05:36,600 against that to see whether it can crack 238 00:05:33,980 --> 00:05:36,600 239 00:05:33,990 --> 00:05:38,940 them we can also look for wireless 240 00:05:36,590 --> 00:05:38,940 241 00:05:36,600 --> 00:05:41,940 passwords it'll dump out your internet 242 00:05:38,930 --> 00:05:41,940 243 00:05:38,940 --> 00:05:46,350 explorer passwords as well as different 244 00:05:41,930 --> 00:05:46,350 245 00:05:41,940 --> 00:05:48,830 edit boxes it can do some sniffing on 246 00:05:46,340 --> 00:05:48,830 247 00:05:46,350 --> 00:05:52,470 your network to be able to find 248 00:05:48,820 --> 00:05:52,470 249 00:05:48,830 --> 00:05:55,680 passwords there it also has the ability 250 00:05:52,460 --> 00:05:55,680 251 00:05:52,470 --> 00:05:58,680 to do ARP poisoning which means it can 252 00:05:55,670 --> 00:05:58,680 253 00:05:55,680 --> 00:06:01,530 actually get a lot of data coming in to 254 00:05:58,670 --> 00:06:01,530 255 00:05:58,680 --> 00:06:03,990 it that you wouldn't normally have so 256 00:06:01,520 --> 00:06:03,990 257 00:06:01,530 --> 00:06:06,120 you can run this as a sniffer to go 258 00:06:03,980 --> 00:06:06,120 259 00:06:03,990 --> 00:06:07,620 grabbing passwords and see what it can 260 00:06:06,110 --> 00:06:07,620 261 00:06:06,120 --> 00:06:09,900 find on the network there's a lot of 262 00:06:07,610 --> 00:06:09,900 263 00:06:07,620 --> 00:06:13,650 different types of passwords that it 264 00:06:09,890 --> 00:06:13,650 265 00:06:09,900 --> 00:06:18,900 supports you'll see up above there's VNC 266 00:06:13,640 --> 00:06:18,900 267 00:06:13,650 --> 00:06:21,660 and VPN there's some base64 password 268 00:06:18,890 --> 00:06:21,660 269 00:06:18,900 --> 00:06:24,630 decoders that it supports access 270 00:06:21,650 --> 00:06:24,630 271 00:06:21,660 --> 00:06:27,840 database password decoder and a cisco 272 00:06:24,620 --> 00:06:27,840 273 00:06:24,630 --> 00:06:31,020 type 7 password decoder because Cisco 274 00:06:27,830 --> 00:06:31,020 275 00:06:27,840 --> 00:06:34,020 stores passwords in their configuration 276 00:06:31,010 --> 00:06:34,020 277 00:06:31,020 --> 00:06:37,170 files on their routers in switches in a 278 00:06:34,010 --> 00:06:37,170 279 00:06:34,020 --> 00:06:40,169 particular format and it's possible to 280 00:06:37,160 --> 00:06:40,169 281 00:06:37,170 --> 00:06:43,770 break that and recover passwords that 282 00:06:40,159 --> 00:06:43,770 283 00:06:40,169 --> 00:06:48,330 are stored in that cisco 7 password 284 00:06:43,760 --> 00:06:48,330 285 00:06:43,770 --> 00:06:50,340 format you can decrypt WEP encrypted 286 00:06:48,320 --> 00:06:50,340 287 00:06:48,330 --> 00:06:53,430 messages and we'll get into some 288 00:06:50,330 --> 00:06:53,430 289 00:06:50,340 --> 00:06:56,240 wireless in subsequent lessons Cain and 290 00:06:53,420 --> 00:06:56,240 291 00:06:53,430 --> 00:07:00,470 Abel supports a lot of different ways to 292 00:06:56,230 --> 00:07:00,470 293 00:06:56,240 --> 00:07:03,150 grab passwords both locally and remotely 294 00:07:00,460 --> 00:07:03,150 295 00:07:00,470 --> 00:07:06,480 so that's three different utilities that 296 00:07:03,140 --> 00:07:06,480 297 00:07:03,150 --> 00:07:09,900 you could use to capture passwords and 298 00:07:06,470 --> 00:07:09,900 299 00:07:06,480 --> 00:07:12,380 crack passwords in some different 300 00:07:09,890 --> 00:07:12,380 301 00:07:09,900 --> 00:07:12,380 formats 16447