KUICS For 9th KUSISWALL2015.06.27

, KUICS .1

Who am I 2 KUICS (http://kuics.korea.ac.kr)

2 , 3 KUICS . 2

1) 2) 3) Windows 4) Linux

vs .

. .( ) .() .

5

.

Encrytion .

Hashing

, . , .Encryption , Hashing .

6

==

DESAESSEEDARIA () !=

RSA

. .

, .

( ) . , .

. , .

SSL , .

, AES, RSA .7

.Hash

?

, . Hash .() . , . .

8

MD4, MD5, SHA1, SHA256, SHA512

(Collision) ?7f7eb2b2CrackMeX9fc8912aCrackMEX

Hash , . , Hash .( - )Hash . . ? . . . , .

10

Hash : HelloHash ?MD5b884835e390cca19ca121f9af942e786

SHA1af46d07e711fdd8d4821de03f30b1af8e9680555bfb4c4d2f21b7b11397648ab

Hash .

HelloHash .

( x 2) . 11

DB

!

. , . , ., . . , DB DB . DB . , .() DB. DB . . , . ?() , . . 1bit , ., . . , . , , . , . . . , .

12

30 , ?

70%!

. . ?() 70%. .() , 128bit 10 38 , 10 19 75% . broken . MD5 , SHA1 .

13

1 : ?

(Bruteforce)

Ex) CPU 9 ! ( )

?Do NOGADA

() , .() , 000 999 . .() .() , .14

2 : .

!

Dictionary

()

.() . .() DIctionary .()1q2w3e4r, password , .15

___11. A 2. , Hash 3. (A )4. Hash , FAIL5.

() .() .() ,() .()16

3 : Rainbow Table

.

.() . (?) .()100 .A . . B . . , .() . , .( 2TB ) ., , . . , .17

___21. B 2. , Hash 3. (B )4. Rainbow Table 5. 6. ==

() .() .() () .()() .18

4 : Salt , ?

, SHA256(password + WjW9s34kdXSLic1)

. ?() 20 .(), .(), .(). () SALT DB . .

19

___31. C 2. Hash 3. Rainbow Table 4. Salt Rainbow Table 5. ,

() () .()Rainbow Table salt .() () .

, ?20

Windows 1998 !

Windows Windows

XP Windows NT : LM Hash, NTLMv2 Hash Vista Windows NT : NTLMv2 Hash

Salt .

Windows .XP LM 90 , 14 , . . 2000 .MS MD4 NTLM . Windows NTLMv2 1998 , 15 . Vista Windows XP . SHA1 , MD4 .

22

Windows : NTLM Hash

: C:\Windows\System32\Config\SAMSYSKEY : C:\Windows\System32\Config\SYSTEM(SYSTEM\CurrentControlSet\Control\Lsa\{JD,Skew1,GBG,Data})

SAM ., SAM Windows SYSKEY . , SAM ., . OS , Windows .

23

Inside of SAMLM-Hash NTLM-Hash

NT Hash .

24

KUSISWALL 6 .

25

SAM / SYSTEM

Windows . .()

26

Windows (CPU)

John the Ripper . , . John the Ripper .()27

Windows BruteForce :

(OpenMP)GPGPU (CUDA / OpenCL)

John the Ripper Windows OpenCL .

, ? CPU , 3D GPGPU . , GPGPU . Windows OpenCL . .

28

Windows (OpenCL)

MD4 OpenCL .

() . .

29

Windows : , SAM .

NT Hash MD4 Hash ->

Brute Forcing (John the Ripper)Rainbow Table (Ophcrack)

Linux 5000 ?

Linux .

/etc/passwd : ( , )/etc/shadow : ( , Salt )

/etc/shadow root

./etc/passwd , /etc/shadow . /etc/shadow, salt , root . , OS .

32

Linux : /etc/shadow[]:$[] $[Salt]$[Hash]:[ ]

$1 : MD5$5 : SHA256$6 : SHA512

SHA512 !

shadow , . , SHA512 . .

33

Linux /etc/login.defs

Salt , SHA512 5000

->

login.defs . ENCRTYPT_METHOD SHA512 shadow $6 . ... 5000 . . .

34

kusiswall .

35

John the Ripper

John the Ripper :

4 ! !?

37

? SHA512(SHA512(SHA512( . (SHA512( + Salt)) . )))

SHA512( + Salt) ?

SHA512 5000 , John the Ripper SHA512

38

HashCat

HashCat .() /etc/shadow HashCat .(OpenCL oclHashCat Intel )39

HashCat :

! ! 5 SHA512 !Windows 4 1

Linux : Windows

5000

Brute Forcing (HashCat)

Linux Windows ., shadow . , . , GPGPU .

41

: To . .To Hash , To Rainbow Table , GTX980 GPGPU BruteForcing

() (To )/ : : , .() (To ) : , .() (To ) , GPGPU .

43

Q & A