Shulou(Shulou.com)06/01 Report--

Experiment 3 password cracking experiment

Experimental goal

Understand the basic methods of password cracking by using all kinds of password cracking software

Through the analysis of the difficulty of cracking, we realize the important significance of how to set the security password.

Technical principle

L Lophtcrack 5.02, referred to as Lc5, is a necessary password checking tool for network administrators. It can be used to detect whether Windows and Unix users use insecure passwords, and it is also the best and fastest tool for cracking passwords for Windows NT/2000/XP and Unix administrator accounts. In the Windows operating system, the security management of user accounts uses the mechanism of Security account Manager (security account manager,SAM). The user password Hash is transformed and stored in the SAM file under\ systemroot\ system32 in the form of Hash list. Lc5 mainly obtains the account and password of the system by cracking the SAM file. Lc5 can obtain SAM files from local systems, other systems, and system backups to crack user passwords.

There are three main methods of deciphering passwords: exhaustive method, statistical analysis and mathematical analysis.

The so-called exhaustive use * means that the cryptanalyst tries all the possible keys in turn to decipher the ciphertext until the correct plaintext is obtained, or encrypts all possible plaintext with a certain secret key until the ciphertext is obtained. Exhaustion is feasible in principle as long as there is enough time and storage space, but the centralized area calculation time and storage space are limited, as long as the secret key is long enough. This method often doesn't work.

Statistical analysis means that cryptanalysts rush to analyze the statistical laws of ciphertext and plaintext to decipher the password. The cryptographer makes a statistical analysis of the intercepted ciphertext, summarizes the statistical law, and compares it with that of the plaintext, from which the corresponding or transformation information between the plaintext and the ciphertext is extracted.

Mathematical analysis * * is that according to the mathematical basis of encryption and decryption algorithm and some cryptographic characteristics, cryptographic analysts use mathematical solutions to decipher passwords.

At present, the most commonly used means of network * are social engineering, physics and violence. Dictionary * is the most common form of violence. If you try to get a password by using the traditional * * method, you will have to try every possible character, including case, numbers, wildcards, and so on. The dictionary narrows the scope of the attempt by using only a specific password. A dictionary file itself is a standard text file, where each line represents a possible password. Office documents can be encrypted, passwords are usually 3 to 4 digits, and it only takes a short time to crack this password.

The steps of the experiment:

1. Install and use lc5 to crack the Windows XP system password

2. Install and use saminside to crack the password of Windows XP system

3. Install and use PasswarekitEnterprise to crack all kinds of document passwords

4. Install and use Advanced Office XP Password Recovery pro to crack the password of office documents

Experimental equipment

PC 2; switch; network cable

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.