KUICS For 9th KUSISWALL2015.06.27
, KUICS .1
Who am I 2 KUICS (http://kuics.korea.ac.kr)
2 , 3 KUICS . 2
1) 2) 3) Windows 4) Linux
vs .
. .( ) .() .
5
.
Encrytion .
Hashing
, . , .Encryption , Hashing .
6
==
DESAESSEEDARIA () !=
RSA
. .
, .
( ) . , .
. , .
SSL , .
, AES, RSA .7
.Hash
?
, . Hash .() . , . .
8
MD4, MD5, SHA1, SHA256, SHA512
(Collision) ?7f7eb2b2CrackMeX9fc8912aCrackMEX
Hash , . , Hash .( - )Hash . . ? . . . , .
10
Hash : HelloHash ?MD5b884835e390cca19ca121f9af942e786
SHA1af46d07e711fdd8d4821de03f30b1af8e9680555bfb4c4d2f21b7b11397648ab
Hash .
HelloHash .
( x 2) . 11
DB
!
. , . , ., . . , DB DB . DB . , .() DB. DB . . , . ?() , . . 1bit , ., . . , . , , . , . . . , .
12
30 , ?
70%!
. . ?() 70%. .() , 128bit 10 38 , 10 19 75% . broken . MD5 , SHA1 .
13
1 : ?
(Bruteforce)
Ex) CPU 9 ! ( )
?Do NOGADA
() , .() , 000 999 . .() .() , .14
2 : .
!
Dictionary
()
.() . .() DIctionary .()1q2w3e4r, password , .15
___11. A 2. , Hash 3. (A )4. Hash , FAIL5.
() .() .() ,() .()16
3 : Rainbow Table
.
.() . (?) .()100 .A . . B . . , .() . , .( 2TB ) ., , . . , .17
___21. B 2. , Hash 3. (B )4. Rainbow Table 5. 6. ==
() .() .() () .()() .18
4 : Salt , ?
, SHA256(password + WjW9s34kdXSLic1)
. ?() 20 .(), .(), .(). () SALT DB . .
19
___31. C 2. Hash 3. Rainbow Table 4. Salt Rainbow Table 5. ,
() () .()Rainbow Table salt .() () .
, ?20
Windows 1998 !
Windows Windows
XP Windows NT : LM Hash, NTLMv2 Hash Vista Windows NT : NTLMv2 Hash
Salt .
Windows .XP LM 90 , 14 , . . 2000 .MS MD4 NTLM . Windows NTLMv2 1998 , 15 . Vista Windows XP . SHA1 , MD4 .
22
Windows : NTLM Hash
: C:\Windows\System32\Config\SAMSYSKEY : C:\Windows\System32\Config\SYSTEM(SYSTEM\CurrentControlSet\Control\Lsa\{JD,Skew1,GBG,Data})
SAM ., SAM Windows SYSKEY . , SAM ., . OS , Windows .
23
Inside of SAMLM-Hash NTLM-Hash
NT Hash .
24
KUSISWALL 6 .
25
SAM / SYSTEM
Windows . .()
26
Windows (CPU)
John the Ripper . , . John the Ripper .()27
Windows BruteForce :
(OpenMP)GPGPU (CUDA / OpenCL)
John the Ripper Windows OpenCL .
, ? CPU , 3D GPGPU . , GPGPU . Windows OpenCL . .
28
Windows (OpenCL)
MD4 OpenCL .
() . .
29
Windows : , SAM .
NT Hash MD4 Hash ->
Brute Forcing (John the Ripper)Rainbow Table (Ophcrack)
Linux 5000 ?
Linux .
/etc/passwd : ( , )/etc/shadow : ( , Salt )
/etc/shadow root
./etc/passwd , /etc/shadow . /etc/shadow, salt , root . , OS .
32
Linux : /etc/shadow[]:$[] $[Salt]$[Hash]:[ ]
$1 : MD5$5 : SHA256$6 : SHA512
SHA512 !
shadow , . , SHA512 . .
33
Linux /etc/login.defs
Salt , SHA512 5000
->
login.defs . ENCRTYPT_METHOD SHA512 shadow $6 . ... 5000 . . .
34
kusiswall .
35
John the Ripper
John the Ripper :
4 ! !?
37
? SHA512(SHA512(SHA512( . (SHA512( + Salt)) . )))
SHA512( + Salt) ?
SHA512 5000 , John the Ripper SHA512
38
HashCat
HashCat .() /etc/shadow HashCat .(OpenCL oclHashCat Intel )39
HashCat :
! ! 5 SHA512 !Windows 4 1
Linux : Windows
5000
Brute Forcing (HashCat)
Linux Windows ., shadow . , . , GPGPU .
41
: To . .To Hash , To Rainbow Table , GTX980 GPGPU BruteForcing
() (To )/ : : , .() (To ) : , .() (To ) , GPGPU .
43
Q & A