1 00:00:05,080 --> 00:00:12,010 It's time we talked a little bit about passwords, we all have password problems, everybody's got them. 2 00:00:12,010 --> 00:00:18,070 We've got too many passwords and too often we make them hard to remember, but easy for a computer to 3 00:00:18,070 --> 00:00:18,460 guess. 4 00:00:18,460 --> 00:00:20,710 And we're going to see what I mean by that in this section. 5 00:00:21,310 --> 00:00:26,590 If you'll remember on the section on Windows seven hacking, we saw that we could dump the password 6 00:00:26,590 --> 00:00:32,410 hash file from that computer, the encoded versions of all the passwords on the Windows seven computer. 7 00:00:32,710 --> 00:00:38,650 Once we compromised that computer using Métis and interpreter in this section, we're going to see how 8 00:00:38,650 --> 00:00:43,990 to crack passwords, how passwords get hacked, hijacked and when I'll call snacked. 9 00:00:44,380 --> 00:00:51,820 But the common thing that we all have when it comes to our passwords is that passwords are filled with 10 00:00:51,820 --> 00:00:52,570 problems. 11 00:00:52,990 --> 00:00:54,910 First of all, we have social engineering. 12 00:00:54,910 --> 00:00:56,940 We saw that with the phishing attack. 13 00:00:57,280 --> 00:01:03,730 All it took was just a simple email saying that your accounts been hacked or there's a picture posted 14 00:01:03,730 --> 00:01:07,060 of you that you don't want up there or, hey, I need some help. 15 00:01:07,060 --> 00:01:13,720 Click through this really fast and someone can fish your password no matter how complex, how elegant, 16 00:01:13,720 --> 00:01:15,430 how perfect your password is. 17 00:01:15,640 --> 00:01:21,250 If you give up that username and password to someone threw a phishing attempt or from them calling and 18 00:01:21,250 --> 00:01:25,330 saying, hey, this is it, I need to log in with your password to fix something. 19 00:01:25,870 --> 00:01:28,270 You have lost everything. 20 00:01:28,270 --> 00:01:29,860 You've lost complete access. 21 00:01:29,860 --> 00:01:32,040 You've given access to someone else. 22 00:01:32,530 --> 00:01:39,050 There's also something I call snacking, and I just do that because it rhymes with hacking, hijacking 23 00:01:39,050 --> 00:01:39,700 and cracking. 24 00:01:40,120 --> 00:01:45,850 But if you've ever looked around someone's workstation before, you may see Post-it notes with passwords. 25 00:01:46,150 --> 00:01:47,920 That one is actually a pretty good one. 26 00:01:47,920 --> 00:01:57,100 Jado one has a password of I hate passwords, high H, eight P and SSW zero r d exclamation. 27 00:01:57,310 --> 00:01:58,780 That's not a terrible password. 28 00:01:58,780 --> 00:02:03,790 What's terrible is it was just complex enough that they had to write it down and they stuck it on their 29 00:02:03,790 --> 00:02:04,480 monitor. 30 00:02:04,840 --> 00:02:09,280 That's a terrible way to handle your passwords, especially putting the username right with it. 31 00:02:09,550 --> 00:02:15,760 Usernames are easy enough to guess without putting it down on a piece of paper, but if your passwords 32 00:02:15,760 --> 00:02:22,480 are so complex that you have to write them down, you might be doing it wrong even if you've got a decent 33 00:02:22,480 --> 00:02:22,990 password. 34 00:02:22,990 --> 00:02:29,440 We saw in the very first example, the very first section in this ethical hacking course that physical 35 00:02:29,440 --> 00:02:31,840 access can overwrite our passwords. 36 00:02:31,840 --> 00:02:37,810 So if we give someone access to our computer and they can pop in a Windows 10 DVD and boot that computer 37 00:02:37,810 --> 00:02:43,930 a couple of times, the special key combinations and just about four commands, they can overwrite our 38 00:02:43,930 --> 00:02:46,750 password and give us a completely new password. 39 00:02:46,750 --> 00:02:51,520 Or they can create a whole new user account, make them an administrator on the computer and they don't 40 00:02:51,520 --> 00:02:52,540 even need our password. 41 00:02:52,540 --> 00:02:55,240 They can see most of our files if we don't have them encrypted. 42 00:02:55,600 --> 00:03:00,430 So all the way back in Section one, we saw that passwords can get hacked with physical access. 43 00:03:00,640 --> 00:03:05,140 We saw in the section on phishing that people can steal our passwords through a phishing Web site if 44 00:03:05,140 --> 00:03:10,900 we're not really careful where we enter our usernames and passwords, if we write our passwords down 45 00:03:10,900 --> 00:03:15,010 and leave them on a Post-it note stuck to the monitor, that's just about the worst case that you can 46 00:03:15,010 --> 00:03:15,400 have. 47 00:03:15,700 --> 00:03:23,080 But I'm going to show you a few techniques to in this section that will both show you how people hack 48 00:03:23,080 --> 00:03:29,120 passwords, hijack and crack passwords, and how you can keep your passwords safer. 49 00:03:29,740 --> 00:03:34,420 So in this very first hands on application, we're going to hijack some passwords. 50 00:03:34,420 --> 00:03:37,900 We're going to reveal passwords stored in a browser. 51 00:03:38,080 --> 00:03:43,900 If you ever store your passwords in your browser, if you tell the browser to remember those passwords, 52 00:03:44,140 --> 00:03:48,220 you need to know that those passwords are susceptible to hijacking. 53 00:03:48,460 --> 00:03:54,790 I'm going to show you how we can change just one character in the source code for the Web page while 54 00:03:54,790 --> 00:03:58,930 it's live on the screen and display those passwords. 55 00:03:59,140 --> 00:04:00,700 So be very careful. 56 00:04:00,700 --> 00:04:04,030 If you ever have a browser, remember your passwords for you. 57 00:04:04,240 --> 00:04:08,080 You need to make sure it's a computer that only you have physical access to. 58 00:04:08,320 --> 00:04:16,210 Never do this at work, at school, at the airport, at an Internet cafe and a library. 59 00:04:16,210 --> 00:04:22,570 Wherever you enter your password and tell the browser to remember it, you've as good as given that 60 00:04:22,570 --> 00:04:26,050 password to even a moderately skilled hacker. 61 00:04:26,260 --> 00:04:30,910 And you're going to see how to reveal those passwords coming up in the next lesson.