Category Archives: (E) CEH (PART A)

MODULE 6.9.1 Exersice – Cracking Kerberos

In this exercise we will take a look at how to break a password captured from Kerberos. To perform this exercise, you must download the utility Cain from Here:

1. In the Cain software start the sniffer by clicking the sniffer icon on the toolbar.

2. When prompted, choose the interface to sniff on.

3. Select the Sniffer tab.

4. Click the blue + sign.

5. When presented with the dialog, click OK.

6. In the dialog that appears, enter the addresses of two hosts to be ARP poisoned, which means you are putting information into the ARP tables of the targeted systems. Choose two hosts other than the one you are running the attack from.

7. Click OK.

8. On the toolbar select the ARP poisoning icon and note that the status will change to state “poisoning.”

9. After a minute or two, click the Sniffer tab.

10. Click the Passwords tab.

11. Select MSKerb5-PreAuth Hashes.

12. Right-click and select Send To Cracker.

13. Click the Cracker tab.

14. Select Kerb5 PreAuth Hashes.

15. Right-click a password and select a crack. At this point, if everything has gone well you should be able to crack a Kerberos password. It is important to note that you may have to wait a while on networks that are not that active to actually collect a set of credentials.

MODULE 6.9 Kerberos

A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions of Microsoft Windows.

On November 18th, Microsoft released a crucial security bulletin. A severe vulnerability existed in Windows that can be exploited for privilege escalation attacks.

Here’s a list of the operating systems with the reported bug:

  • Windows Server 2003 (Service Pack 2, 32-bit, 64-bit, and Itanium)
  • Windows Server 2008 (Service Pack 2, 32-bit, 64-bit, and Itanium)
  • Windows Server 2008 R2 (64-bit, and Itanium)
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Vista (Service Pack 2, 32-bit, and 64-bit)
  • Windows 7 (Service Pack 1, 32-bit, and 64-bit)
  • Windows 8 (32-bit, and 64-bit)
  • Windows 8.1 (32-bit, and 64-bit)

What’s Kerberos?

Kerberos is a protocol for network authentication. It’s a project of the Massachusetts Institute of Technology (MIT), and its first stable version was released all the way back in 1987. The latest stable release of Kerberos is krb5-1.13, as of October 15th, 2014.

It allows nodes to communicate more securely through insecure networks, such as most internet protocols, like HTTP and FTP.

It works by using tickets to authenticate authorized clients to authorized servers, and vice versa- thus mitigating man-in-the-middle and reply attacks. Both the clientand the server authenticate each other with packets sent through the Kerberos protocol, usually designated to UDP port 88.

Kerberos uses symmetric cryptographic algorithms, and may use public-key cryptography. Between the client and server, a Kerberos authentication server acts as the trusted third party. The authentication server forwards client usernames to a key distribution center (KDC). Kerberos 5 (krb5-x) uses AES with 128-bit blocks and key sizes of 128 or 256 bits. Legacy versions of Kerberos used DES, which is incredibly insecure these days.

MIT’s Kerberos software is FOSS (opensource), but under a BSD-like license rather than a share-alike “copyleft” sort of license, such as the GNU General Public License. Therefore, MIT’s Kerberos code may be freely used and distributed, but not modified.

The version of Kerberos that MIT develops (krb) is used in BSD/Unix and GNU/Linux kernel operating systems. Microsoft has their very own version of Kerberos, krw, for their proprietary NT kernel.

Kerberos in Windows

Microsoft Windows implements Kerberos (the krw version) in Active Directory. The moment a user logs into a Windows client that’s a part of a Windows Server network, Active Directory uses Kerberos to authenticate that user, but via the RC4 stream cipher. In a Windows-based network, Kerberos is also used when a client authenticates into a machine with network shared partitions and applications.

As the user inputs their username and password into an Active Directory login, a one-way hash is generated from the password, so that the password can be transmitted in ciphertext as opposed to plaintext. That may mitigate a man-in-the-middle attack during the Windows Server authentication process.

That password hash is sent to the authentication server. If its a match for that user, a Ticket to Get Tickets (TGT) is created by the Ticket Granting Service (TGS). Both the AS and the TGS are components of Microsoft’s Key Distribution Center. But they’re separate. Because they’re separate, the user’s TGT may be used to acquire tickets from a TGS in another domain.

So, What Was Microsoft’s Kerberos Bug?

Hashes are verified by checksums. The bug that Microsoft announced on November 18th is a checksum vulnerability, designated as CVE-2014-6324.

The checksum function in Microsoft’s Kerberos implementation was allowing false positive password hashes to authenticate users- both users who make a mistake when typing their passwords, and possible attackers. In a nutshell, Active Directory could’ve been treating incorrect passwords as if they were correct. That completely negates the purpose of passwords in the first place.

That left the door wide open for privilege escalation attacks, because Kerberos authentication in all of those versions of Windows wasn’t working properly.

Here’s how those privilege escalation attacks could be executed. My hypothetical attacker is an authenticated domain user. That attacker could send Microsoft’s KDC a forged TGT with malicious data that spoofs the user as an adminstrator in that same domain. Of course, user accounts generally have much more limited privileges in an operating system and its network, and an administrator usually has full privileges- the rough equivalent of root in a BSD/Unix or GNU/Linux system.

Imagine the potential for a disgruntled employee to seek revenge upon their employer! Good implementation of well-designed IT security policy mitigates the risk of internal attacks. But for that policy to actually work, the software supporting user account authentication must have as few vulnerabilties as possible.

The bug Microsoft announced on November 18th has immense implications. Windows is still the most popular computing platform in office networks worldwide, and Active Directory manages all Windows client to Windows server authentication.

So, Is There a Patch?

Yes, there is. Normally, Microsoft releases operating system patches on Tuesday, at least once or twice per month. Microsoft used to call it Patch Tuesday, for connotational reasons, they now call it Update Tuesday.

But because Microsoft designated the bug a “critical” aggregated severity rating, their patch to address it was pushed to all applicable client and server versions of Windows on the day their security bulletin was released, November 18th, 2014.

If for whatever reason, your Windows machine hasn’t installed the patch, there are two things you could try.

Your Windows machine may have received the patch, but it requires a reboot for installation. Shut down your Windows machine from the Start menu. Before your computer turns off, it’ll install the patch if it has it. Leave your machine alone, but watch your monitor carefully for indication that the patch is being installed.

If you don’t see a screen that indicates that an update is being installed, you should then manually download the patch.

Boot up your Windows machine again. Make sure that you have effective connectivity to the internet. From Internet Explorer, go tohttps://update.microsoft.com/microsoftupdate/ . From there, you can find the patch for your version of Windows.

Once you execute the file, let it do its thing. You may have to reboot your machine for the update to be installed.

Afterwards, make sure that you go into your Control Panel, and enable all recommended security updates within Windows Update! Then, you won’t have that sort of hassle in the future. You should get security patches automatically for the duration of the support of your version of Windows.

This should be a wakeup call to information security professionals. Kerberos can be very effective, but it’s notoriously difficult to implement.

Penetration test all systems that use Kerberos. Not just Windows systems with krw, but also Mac, BSD/Unix, and GNU/Linux systems with krb. If you find any Kerberos implementation vulnerabilties, create and send bug reports.

References

Microsoft Security Bulletin MS14-068

https://technet.microsoft.com/en-us/library/security/MS14-068

RFC 4757

https://tools.ietf.org/html/rfc4757

RFC 3962

https://tools.ietf.org/html/rfc3962

Kerberos at MIT

http://web.mit.edu/kerberos/

Kerberos for Windows Release 4.0.1

http://web.mit.edu/kerberos/kfw-4.0/kfw-4.0.html

MIT Kerberos Consortium

http://www.kerberos.org/about/FAQ.html

Kerberos in Active Directory- Brian Desmond, Windows IT Pro

http://windowsitpro.com/security/kerberos-active-directory

Basic Concepts for the Kerberos Protocol- Microsoft TechNet

http://technet.microsoft.com/en-us/library/cc961976.aspx

Kerberos Explained- Microsoft Developer Network

http://msdn.microsoft.com/en-us/library/bb742516.aspx

MODULE 6.8 Distributed Network Attacks (DNA)

  • One of the modern approaches to cracking passwords is a Distributed Network Attack (DNA). It takes advantage of unused processing power from multiple computers in an attempt to perform an action, in this case, cracking a password.
  • To make this attack work, you install a manager on a chosen system, which is used to manage multiple clients. The manager is responsible for dividing and assigning work to the various systems involved in processing the data. On the client side, the software receives the assigned work unit, processes it, and returns the results to the manager. The benefit of this type of attack is the raw computing power available.
  • This attack combines small amounts of computing power from individual systems into a vast amount of computing power. Each computer’s processing power is akin to a single drop of water: individually they are small, but together they become much more.
  • Drops form largerbodies of water, and small pieces of processing power come together to form a huge pool of processing power.
  • Default Passwords One of the biggest potential vulnerabilities is also one of the easiest to resolve: default passwords. Default passwords are set by the manufacturer when the device or system is built. They are documented and provided to the final consumer of the product and are
    intended to be changed. However, not all users or businesses get around to taking this step, and hence they leave themselves vulnerable. The reality is that with a bit of scanning and investigation, an attacking party can make some educated guesses about what equipment or systems you may be running. If they can determine that you have not changed the defaults, they can look up your default password at any of the following sites:
  • http://cirt.net
  • http://default-password.info
  • www.defaultpassword.us
  • www.passwordsdatabase.com
  • https://w3dt.net
  • www.virus.org
  • http://open-sez.me
  • http://securityoverride.org
  • www.routerpasswords.com
  • www.fortypoundhead.com

MODULE 6.7 Exersice – Working with RainbowCrack

Once you have created the rainbow table, you can use it to recover a password using the information from pwdump and winrtgen.

1. Double-click rcrack_gui.exe.

2. Click File, and then click Add Hash. The Add Hash window opens.

3. If you performed the pwdump hands on, you can now open the text file it created and copy and paste the hashes.

4. Click OK.

5. Click Rainbow Table from the menu bar, and click Search Rainbow Table. If you performed the winrtgen hands on, you can use that rainbow table here.

6. Click Open.

MODULE 6.6 Exersice – Creating Rainbow Tables

You can generate rainbow tables many ways. One of the utilities you can use to perform this task is winrtgen, a GUI-based generator. Supported hashing formats in this utility include all of the following:

  • Cisco PIX
  • FastLM
  • HalfLMChall
  • LM
  • LMCHALL
  • MD2
    MD4
  • MD5
  • MSCACHE
  • MySQL323
  • MySQLSHAl
  • NTLM
  • NTLM
  • CHALL
  • ORACLE
  • RIPEMD-160
  • SHA1
  • SHA-2 (256)
  • SHA-2 (384)
  • SHA-2 (512)

Let’s create a rainbow table to see what the process entails. Keep in mind that this process can take a while once started.

To perform this exercise, you will need to download the winrtgen application. To use winrtgen, follow these steps:

1. Start the winrtgen.exe tool.

2. Once winrtgen starts, click the Add Table button.

3. In the Rainbow Table Properties window, do the following: a. Select NTLM from the Hash drop-down list. b. Set Minimum Length to 4          and Maximum Length to 9, with a Chain Count of 4000000. c. Select Loweralpha from the Charset drop-down list.

4. Click OK to create the rainbow table. Note that the creation of the rainbow table file will take a significant amount of time, depending on         the speed of your computer and the settings you choose.

MODULE 6.4 Attacks On Passwords

Replay Attack 

In a replay attack, packets are captured using a packet sniffer. After the relevant information is captured and extracted, the packets can be placed back on the network. The intention is to inject the captured information—such as a password—back onto the network and direct it toward a resource such as a server, with the goal of gaining access. Once the packets are replayed, the valid credentials provide access to a system, potentially giving an attacker the ability to change information or obtain confidential data.

Active Online Attacks

The next attack type is the active online attack. These attacks use a more aggressive form of penetration that is designed to recover passwords.

 

Password Guessing

Password guessing is a very crude but effective type of attack. An attacker seeks to recover a password by using words from the dictionary or by brute force. This process is usually carried out using a software application designed to attempt hundreds or thousands of words each second. The application tries all variations, including case changes, substitutions, digit replacement, and reverse case. Of course, one item to note is that many systems employ account lockout, which locks the account when too many failed attempts occur.

Trojans, Spyware, and Keyloggers 

Malware is discussed in depth elsewhere in this book, but here we should mention its
potential role during an attack. Malware such as Trojans, spyware, and keyloggers can prove very useful during an attack by allowing the attacker to gather information of all types, including passwords. One form is keyboard sniffing or keylogging, which intercepts a password as the user enters it. This attack can be carried out when users are the victims of keylogging software or if they regularly log on to systems remotely without using protection.

Hash Injection

This type of attack relies on the knowledge of hashing that you acquired during our investigation of cryptography and a few tricks. The attack consists of the following four steps:

1. Compromise a vulnerable workstation or desktop.

2. When connected, attempt to extract the hashes from the system for high-value users, such as domain or enterprise admins.

3. Use the extracted hash to log on to a server such as a domain controller.

4. If the system serves as a domain controller or similar, attempt to extract hashes from the system with the intention of exploiting other accounts.

Offline Attacks

Offline attacks represent yet another form of attack that is very effective and difficult to detect in many cases. Such attacks rely on the attacking party being able to learn how passwords are stored and then using this information to carry out an attack.

MODULE 6.3 EXERCISE Using SSL Strip

In this exercise you will use the utility sslstrip on Kali Linux to intercept communications meant for an SSL-encrypted site. Once you’ve completed it, you should have a log file containing information captured during the session.

While you can perform this exercise on any Linux box, it will require you to download software. If you use Kali Linux , all tools should be present.

From a command prompt, do the following:

  1. Configure Kali to forward incoming packets that were not intended for it or addressed to it by using the following command: echo ‘1 ‘ > /proc/sys/net/ipv4/ip_forward 
  2. Learn the network gateway by entering: Netstat –nr 
  3. On the list of returned results, note the gateway listed.
  4. Use the arpspoof command to redirect traffic intended for other hosts on the network to your host. Use the following command: arpspoof -i eth0 192.168.1.1                                                                                                    In this example, eth0 is assumed to be connected to your network. Replace this name with what is appropriate for your system. You can use ifconfig to determine the active adapter. For the IP address I used 192.168.1.1; just replace this with the gateway address you learned from the previous step.                                                           At this point you are running the foundation for a man-in-the-middle attack; now is the time to bring in sslstrip.
  5.  Set up a firewall rule on the system to redirect traffic from port 80 to 8080. Use the following command, which uses iptables to create firewall rules:                                                                                                                          iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT – to-port 8080 
  6.  Now comes the part where you run sslstrip. You can do this by telling sslstrip to listen on  port 8080: sslstrip -l 8080
  7. Open a browser and go to any site that uses SSL, such as Gmail or similar sites (just look for the https://). Note that your browser will show http instead of https as it would normally for an HTTPS address. This is because sslstrip is intercepting HTTPS requests and using HTTP instead before sending the traffic on to the intended recipient
  8.  To stop the attack, hit Ctrl+C.
  9. In Linux, browse to the SSL Strip folder and open the sslstrip.log file, and you will see the information that was gathered while sslstrip was running.

MODULE 6.2 Man-in-the-Middle

During this type of attack, two parties are communicating with one another and a third party inserts itself into the conversation and attempts to alter or eavesdrop on the communications. In order to be fully successful, the attacker must be able to sniff traffic from both parties at the same time.

There are many utilities available to perform man-in-the-middle (MitM) attacks, including these:

  • SSL Strip
  • Burp Suite
  • Browser Exploitation Framework (BeEF)

Man-in-the-middle attacks commonly target vulnerable protocols and wireless
technologies. Protocols such as Telnet and FTP are particularly vulnerable to this type of attack. However, such attacks are tricky to carry out and can result in invalidated traffic.

MODULE 6.1 Password-Cracking Techniques

Popular culture would have us believe that cracking a password is as simple as running some software and tapping a few buttons. The reality is that special techniques are needed to recover passwords. For the most part, we can break these techniques into categories, which we will explore in depth later in this chapter, but let’s take a high-level look at them now:

 

  • Dictionary Attacks An attack of this type takes the form of a password-cracking application that has a dictionary file loaded into it. The dictionary file is a text file that contains a list of known words up to and including the entire dictionary. The application uses this list to test different words in an attempt to recover the password. Systems that use passphrases typically are not vulnerable to this type of attack.
  • Brute-Force Attacks In this type of attack, every possible combination of characters is attempted until the correct one is uncovered. According to RSA Labs, “Exhaustive keysearch, or brute-force search, is the basic technique for trying every possible key in turn until the correct key is identified.”
  • Hybrid Attack This form of password attack builds on the dictionary attack but with additional steps as part of the process. In most cases, this means passwords that are tried during a dictionary attack are modified with the addition and substitution of special characters and numbers, such as P@ssw0rd instead of Password.
  • Syllable Attack This type of attack is a combination of a brute-force attack and a dictionary attack. It is useful when the password a user has chosen is not a standard word or phrase.
  • Rule-Based Attack This could be considered an advanced attack. It assumes that the user has created a password using information the attacker has some knowledge of ahead of time, such as phrases and digits the user may have a tendency to use.
  • Passive Online Attacks Attacks in this category are carried out simply by sitting back
    and listening—in this case, via technology, in the form of sniffing tools such as Wireshark, man-in-the-middle attacks, or replay attacks.
  • Active Online Attacks The attacks in this category are more aggressive than passive attacks because the process requires deeper engagement with the targets. Attackers using this approach are targeting a victim with the intention of breaking a password. In cases of weak or poor passwords, active attacks are very effective. Forms of this attack include password guessing, Trojan/spyware/key loggers, hash injection, and phishing.
  • Offline Attacks This type of attack is designed to prey on the weaknesses not of passwords but of the way they are stored. Because passwords must be stored in some format, an attacker seeks to obtain them where they are stored by exploiting poor security or weaknesses inherent in a system. If these credentials happen to be stored in a plaintext or unencrypted format, the attacker will go after this file and gain the credentials. Forms of this attack include precomputed hashes, distributed network attacks, and rainbow attacks.
  • Nontechnical Attacks Also known as non-electronic attacks, these move the process offline into the real world. A characteristic of this attack is that it does not require any technical knowledge and instead relies on theft, deception, and other means. Forms of this attack include shoulder surfing, social engineering, and dumpster diving. Let’s look at each of these forms and its accompanying attacks so you can better understand them.
  • Passive Online Attacks Much like other cases where we examined and used passive measures, passive online attacks are used to obtain passwords without directly engaging a target. These types of attacks are effective at being stealthy because they attempt to collect passwords without revealing too much about the collecting system. This type of attack relies less on the way a password is constructed and more on how it is stored and transported. Any issues with these areas may be just enough to open the door to gain these valuable credentials.
  • Packet Sniffing The technique of sniffing has already made an appearance in this book, so let’s start to put the technique to use to gain password information. A sniffer, or packet analyzer, as it also called, is a mechanism (typically software) designed to capture packets as they flow across the network. In practice, a sniffer is used to gather information for network diagnostics and troubleshooting, but sniffers don’t care what type of information is flowing across the network, only if they can see it. While you can configure sniffers to filter data, this means you can view only certain information and not that the sniffer isn’t seeing it.