Up to This Point 159
Offline Attacks
Offline attacks represent yet another form of attack that is very effective and difficult to
detect in many cases. Such attacks rely on the attacking party being able to learn how pass-
words are stored and then using this information to carry out an attack.
E XE RC I S E 7.1
Extracting Hashes from a System
Now that you have seen how hashes can be extracted, let’s use pwdump to perform this process:
- Open the command prompt.
- Type pwdump7.exe to display the hashes on a system.
- Type pwdump7 > C:\hash.txt.
- Press Enter.
- Using Notepad, browse to the C drive and open the hash.txt file to view the hashes.
Precomputed Hashes or Rainbow Tables
Precomputed hashes are used in an attack type known as a rainbow table. Rainbow tables
compute every possible combination of characters prior to capturing a password. Once all
the passwords have been generated, the attacker can capture the password hash from the
network and compare it with the hashes that have already been generated.
Password Hashing
Passwords are not stored in cleartext on a system in most cases due to their extremely
sensitive nature. Because storing passwords in the clear can be considered risky, you can
use security measures such as password hashes.
As you learned in the Chapter 3, “Cryptography,” hashing is a form of one-way encryp-
tion that is used to verify integrity. Passwords are commonly stored in a hashed format
so the password is not in cleartext. When a password provided by the user needs to
be verified, it is hashed on the client side and then transmitted to the server, where the
stored hash and the transmitted hash are compared. If they match, the user is authenti-
cated; if not, the user is not authenticated.