Government Security
Network Security Resources

Jump to content

Photo

Need Review: Diagram Of Categorization For Password Cracking Tools (Help)

- - - - - password cracking tools
  • Please log in to reply
6 replies to this topic

#1 achyandra

achyandra

    Private

  • Members
  • 4 posts

Posted 23 March 2012 - 08:38 AM

I’m new here and hope I post this right.

I’m a computer science student from Jakarta, currently start working on a research in ‘Password Cracking’ topics for my bachelor degree. I’ve read quite about many tools available for cracking the password, include the techniques. And now, I want to simplify and try to explain my understanding in one picture (diagram) about the categorization for password cracking tools, since each of theirs somehow works for different purpose and scenarios.

Here, I upload my simplification through diagram about categorization for password cracking tools based on my research. I’m humbly aware that somehow there is still ‘hole’ in this picture.

Therefore, what do you think about this picture? Any opinions, critiques, suggestion, additional information, or review for this picture means a lot for me.


Posted Image


Thanks,

Achyandra

#2 erwinadi

erwinadi

    Private

  • Members
  • 1 posts

Posted 26 March 2012 - 12:45 AM

For the victim's vulnerability caused by common default setting, I think we don't need any tool to attack. So what path does the attacker use to attack?

#3 achyandra

achyandra

    Private

  • Members
  • 4 posts

Posted 30 March 2012 - 09:45 AM

Yes, for some cases with victim's vulnerability caused by common default setting, we don't need any tool to attack.

For example when Linux user didn't change the root password (common default settings) we can 'add new made up authorized user' to increased the access. Because you asking this, I just thought that will add new element on Exploited weakness which is 'Creating new authorized access', and Result which is 'Add new made up authorized user'.

So just for instance, according to the pictures, the 'path' that attacker use to attack using 'common default settings' for, would be:

Attacker - Location: Physical Access - Mechanism: User command (Linux), run with command line interface (Linux OS Recovery Mode), Exploited Weakness: Creating new authorized access - Vulnerabilities: Configuration: common default settings (Linux root password) - Victim Type: Host (OS admin) - Results: Add new made up authorized user - Impact: Increased Access

Any revision or suggestion from all of you guys will be very appreciated. I will collect all of new information and will upload new diagram in the future.

#4 flyhigh

flyhigh

    Private

  • Members
  • 2 posts

Posted 29 April 2012 - 04:41 AM

Hi Achyandra,

Using the taxonomy, can you show path for pentesting tool, such as ophcrack?

#5 achyandra

achyandra

    Private

  • Members
  • 4 posts

Posted 21 June 2012 - 02:18 AM

Hi Achyandra,

Using the taxonomy, can you show path for pentesting tool, such as ophcrack?


Hi flyhigh,

According to diagram, for Ophcrack the path would be:
Attacker - Location: Physical Access - Mechanism: Script/Program, run with bootable program,Exploited Weakness: Brute Force & Dictionary - Vulnerabilities: Implementation: Operating System (Windows LM & NTLM hash) - Victim Type: Host (OS admin) - Results: Recover Actual Password - Impact: Increased Access

#6 flyhigh

flyhigh

    Private

  • Members
  • 2 posts

Posted 21 June 2012 - 03:11 AM

Hi flyhigh,

According to diagram, for Ophcrack the path would be:
Attacker - Location: Physical Access - Mechanism: Script/Program, run with bootable program,Exploited Weakness: Brute Force & Dictionary - Vulnerabilities: Implementation: Operating System (Windows LM & NTLM hash) - Victim Type: Host (OS admin) - Results: Recover Actual Password - Impact: Increased Access


Hi Achyandra,

I think that your taxonomy is useful and quite easy to classify the password cracking tools.
In addition, maybe this reference link will help your research backtrack-linux.org/forums/showthread.php?t=68

cheers

#7 achyandra

achyandra

    Private

  • Members
  • 4 posts

Posted 21 June 2012 - 10:50 AM

Hi Achyandra,

I think that your taxonomy is useful and quite easy to classify the password cracking tools.
In addition, maybe this reference link will help your research backtrack-linux.org/forums/showthread.php?t=68

cheers



Thanks for the reference link Flyhigh.

-

By the way guys,
I've done some revision recently, and this is the new diagram

Posted Image

*UPDATE*
Taxonomy of Password Cracking Tools

Posted Image





Also tagged with one or more of these keywords: password cracking, tools