From the course: Ethical Hacking: System Hacking
Acquiring passwords
From the course: Ethical Hacking: System Hacking
Acquiring passwords
- [Instructor] Malicious actors use various techniques to acquire passwords. In this segment, we'll review the many ways we can provide authentication where a Windows operating system stores passwords, and how a pass-the-hash attack works. First, let's talk about ways to provide authentication. Authentication is proving your identity, like presenting your driver's license to the teller at the bank when you want to cash a check. In a computing environment, user authentication can be done in one of several ways. Using what you know in the form of a password. What you are in the form of a biometric, such as a fingerprint or facial recognition. What you have, such as a smart card or token. Where you are, as far as location on the network. And something you do, such as a swiping motion on your phone. Although there are choices, authentication is commonly done in the form of a username and password. Passwords are still widely used because they're cost effective and easily enforceable. As a result, system hacking, most of the time, starts with attempting to obtain the password. When conducting ethical hacking, it's important to know where the passwords are stored in a system. In Microsoft Windows, users' passwords are stored in the security account manager, or SAM database, in hashed format. The SAM stores user accounts and security descriptors for users on the local computer. It's located in this folder and is only accessible with administrative privileges. In addition, it's locked by the system and not available for direct access while the operating system is booted. To improve the security of the SAM database against offline cracking attempts, Microsoft has implemented several security measures that include drive encryption, credential guard, and regular security updates. These and other security features help protect against both online and offline attacks, safeguarding sensitive user credential information stored in the SAM database. Now, let's talk about how to obtain passwords or password files. Methods can include using active and passive attacks. Passive online includes sniffing passwords using a packet analysis tool or a man-in-the-middle attack, such as a replay attack. There's also what's called active online attacks, and these would include any of the following: password cracking, Trojans, guessing, phishing, keystroke logging, or spyware. While obtaining a password isn't always feasible, it may be possible to obtain a password hash and use a technique called pass-the-hash, a new technology LAN manager replay attack. Now, this attack exploits weaknesses in the Windows authentication process. In this type of attack, the malicious actor will obtain the hash from RAM, the Windows registry or a credentials file, logging into the target operating system or application by providing the hash of the password rather than the password itself. Now, once accepted, the malicious actor will be able to access the operating system or application, and that leads to the next step, which is privilege escalation. Now, let's test your knowledge. Review ways users provide authentication, where a Windows operating system stores passwords, and how a pass-the-hash attack works. You can record your answer on the Challenge worksheet.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.