How to Crack Passwords, (Principles & Technologies)

By

The Importance & Methods of Password Cracking

Passwords are the most widely used form of authentication throughout the world. A username and password are used on computer systems, bank accounts, ATMs, and more. The ability to crack passwords is an essential skill to both the hacker and the forensic investigator, the latter needing to hack passwords for accessing the suspect's system, hard drive, email account, etc.
Although some passwords are very easy to crack, some are very difficult. In those cases, the hacker or forensic investigator can either employ greater computing resources (a botnet, supercomputer, GPU, ASIC, etc.), or they can look to obtain the password in other ways.
These ways might include insecure storage. In addition, sometimes you don't need a password to access password-protected resources. For instance, if you can replay a cookie, session ID, a Kerberos ticket, an authenticated session, or other resource that authenticates the user after the password authentication process, you can access the password protected resource without ever knowing the password.
Sometimes these attacks can be much easier than cracking a complex and long password. I will do a tutorial on various replay attacks in the near future (look out specifically for my upcoming article on stealing the Facebook cookie to access someone's Facebook account).
Now, let's start with the basics.

Step 1Password Storage

In general, passwords are not stored in clear text. As a rule, passwords are stored as hashes. Hashes are one-way encryption that are unique for a given input. These systems very often use MD5 or SHA1 to hash the passwords.
In the Windows operating system, passwords on the local system are stored in the SAM file, while Linux stores them in the /etc/shadow file. These files are accessible only by someone with root/sysadmin privileges. In both cases, you can use a service or file that has root/sysadmin privileges to grab the password file (e.g. DLL injection with samdump.dll in Windows).

Step 2Types of Attacks

Dictionary

A dictionary attack is the simplest and fastest password cracking attack. To put it simply, it just runs through a dictionary of words trying each one of them to see if they work. Although such an approach would seem impractical to do manually, computers can do this very fast and run through millions of words in a few hours. This should usually be your first approach to attacking any password, and in some cases, it can prove successful in mere minutes.

Rainbow Table

Most modern systems now store passwords in a hash. This means that even if you can get to the area or file that stores the password, what you get is an encrypted password. One approach to cracking this encryption is to take dictionary file and hash each word and compare it to the hashed password. This is very time- and CPU-intensive. A faster approach is to take a table with all the words in the dictionary already hashed and compare the hash from the password file to your list of hashes. If there is a match, you now know the password.

Brute Force

Brute force is the most time consuming approach to password cracking. It should always be your last resort. Brute force password cracking attempts all possibilities of all the letters, number, special characters that might be combined for a password and attempts them. As you might expect, the more computing horsepower you have, the more successful you will be with this approach.

Hybrid

A hybrid password attack is one that uses a combination of dictionary words with special characters, numbers, etc. Often these hybrid attacks use a combination of dictionary words with numbers appending and prepending them, and replacing letters with numbers and special characters. For instance, a dictionary attack would look for the word "password", but a hybrid attack might look for "p@$$w0rd123".

Step 3Commonly Used Passwords

As much as we think each of us is unique, we do show some common patterns of behavior within our species. One of those patterns is the words we choose for passwords. There are number of wordlists that have been compiled of common passwords. In recent years, many systems have been cracked and passwords captured from millions of users. By using these already captured passwords, you are likely to find at least a few on the network you are trying to hack.

Step 4Password Cracking Strategy

Many newbies, when they start cracking passwords, simply choose a tool and word list and then turn them loose. They are often disappointed with the results. Expert password crackers have a strategy. They don't expect to be able to crack every password, but with a well-developed strategy, they can crack most passwords in a very short amount of time.
The key to develop a successful strategy of password cracking is to use multiple iterations, going after the easiest passwords with the first iteration to the most difficult passwords using different techniques for each iteration.

Step 5Password Cracking Software

John

John the Ripper is probably the world's best known password cracking tool. It is strictly command line and strictly for Linux. Its lack of a GUI makes a bit more challenging to use, but it is also why it is such a fast password cracker.
One of the beauties of this tool is its built in default password cracking strategy. First, attempts a dictionary attack and if that fails, it then attempts to use combined dictionary words, then tries a hybrid attack of dictionary words with special characters and numbers and only if all those fail will it resort to a brute force.

Ophcrack

Ophcrack is a free rainbow table-based password cracking tool for Windows. It is among the most popular Windows password cracking tools (Cain and Abel is probably the most popular; see below), but can also be used on Linux and Mac systems.
Image by Ysangkok/Wikimedia Commons
It cracks LM and NTLM (Windows) hashes. For cracking Windows XP, Vista and Windows 7, you can download free rainbow tables. You can download Ophcrack on SourceForge, and you can get some free and premium rainbow tables for Ophcrack here.

L0phtCrack

L0phtCrack is an alternative to Ophcrack, and attempts to crack Windows passwords from hashes in the SAM file or the Active Directory (AD). It also uses dictionary and brute force attacks for generating and guessing passwords.
Image via L0phtCrack
L0phtCrack was acquired by Symantec and they promptly discontinued it in 2006. Later, L0phtCrack developers re-acquired this excellent password cracking tool and re-released it in 2009. You can download the tool here.

Cain and Abel

Cain and Abel just might be the best known password cracking tool on the planet. Written strictly for Windows, it can crack numerous hash types, including NTLM, NTLMv2, MD5, wireless, Oracle, MySQL, SQL Server, SHA1, SHA2, Cisco, VoIP, and many others.
Cain and Abel can crack passwords using a dictionary attack, rainbow attack, and brute force. One of its better features is the ability to select the password length and character set when attempting a brute force attack. And besides being an excellent password cracking tool, it is also a great ARP Poisoning and MiTM tool.

THC-Hydra

THC-Hydra is probably the most widely used online hacking tool. It is capable of cracking web form authentication, and when used in conjunction with other tools such as Tamper Data, it can be a powerful and effective tool for cracking nearly every type of online password authentication mechanism.
The initial help screen for Hydra.

Brutus

Brutus is an online password cracking tool that many consider the fastest online password cracker. It is free and available on both Linux and Windows, and it supports password cracking in HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3, FTP, SMB, Telnet, and other types such as IMAP, NNTP, NetBus, etc.
Brutus has not been updated in quite awhile, but it can still be useful and since it is open source, you can update it yourself. Brutus can be downloaded here.

Aircrack-Ng

In my humble opinion, aircrack-ng is undoubtedly the best all-around Wi-Fi hacking software available. It is capable of cracking both WEP and WPA2, and it is also capable of doing the following, among many other things.
  1. Creating a Soft AP
  2. Creating an Evil Twin
  3. Creating a Rogue AP
  4. Conducting a DOS attack against a Wi-Fi AP
It is only available for Linux and requires a bit of a learning curve to master, but you will be richly rewarded for the time spent learning it. In addition, to be most effective you will need to use an aircrack-ng compatible wireless card, so check their extensive list before buying your card. You can find more info on aircrack-ng over in my Wi-Fi hacking series.
Aircrack-ng is built into BackTrack and Kali and can be downloaded here.

Popular posts from this blog

Crack passwords in Kali Linux with Hydra

By
Image
Tech And KALi Linux For years, experts have warned about the risks of relying on weak passwords to restrict access to data, and this is still a problem. A rule of thumb for passwords is the longer, the better. In this guide I will use FTP as a target service and will show how to crack passwords in Kali Linux with Hydra. There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallelized connects. We’ve previously covered password cracking using John the Ripper, Wireshark,NMAP and MiTM. Hydra can be used and compiled cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. Currently THC Hydra tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, M
Read more

Kali Linux Hacking eBooks Download in PDF

By
Image
List of Free Kali Linux Hacking eBooks Download In PDF 2017 Ethical Hacking, Hacking ebooks pdf, Hacking ebooks free download, hacking ebooks collection, Best Hacking eBooks. List curated by Hackingvision.com Disclaimer: The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks. DMCA takedown cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded. To know more on DMCA takedown policy here. Kali Linux Hacking eBooks Download In PDF  2–Metasploit The Penetration Testers Guide.pdf Basic Security Testing with Kali Linux.PDF Building Virtual Pentesting Labs for Advanced Penetration Testing (Fri).pdf Ethical Hacking and Penetration Testing Guide – Baloch, Rafay.pdf Instant Kali Linux – Singh, Abhinav.pdf KALI.LINUX.ASSURING.SECURIT
Read more

Links to Online Jobs Sites – Typing, Data Entry, Writing, Coding, and more!

By
Image
Section No. 1 –   Paid To Click [PTC] sites Yes, there are real paid-to-click, or PTC, sites on the internet. Unfortunately, PTC has earned a bad reputation because many people have been scammed by phony PTC companies. Such fraudulent companies ask users to pay a membership fee, which is a tell-tale sign of a scam. Do not worry about scams. I will show you a list of 100% legitimate PTC sites. You can join these sites for free and you will never, ever pay a single dollar from your own pocket. In these sites, you can make money online by playing simple online games, doing typing jobs, completing online surveys, playing flash games, and most important, you can make money online just by browsing the internet. Yes, these sites allow you to earn money by doing very simple online jobs. Here are the links: ClixSense Points2shop SquishyCash CashCrate TreasureTrooper Section No. 2 –  Online Freelance Websites Guru UpWork  [A merger of Elance and oDesk] Free
Read more