Hi Folks, Hope you all like my previous article Hacking Class 1, 2 & 3.
Cracking Password: Part 4:
Passwords are the only form of security on most websites and computer systems.
It has become one of the most common and easiest ways for a hacker to gain unauthorized
access to your computer or network.Today lets see the methods to crack password.
The common methods which is used obtain someone's passwords are:
1. Social Engineering (SE) Don't under estimate it, 100% it'll work,
2. Dictionary Attacks (Old method),
3. Rainbow Table (Old method),
4. Brute force attacks (Old method),
5. Phishing (Its Outdated),
6. iStealer (Its like keylogger but it steal only password)
7. Keylogger (Many peoples are using this only),
9. Guessing (Old method)
10. RAT (Ultimate method, will work for sure not only for password but it also
contains many features, Lets we discuss it latter. keylogger-inbuilt)
1. Social Engineering: Social engineering is when a hacker takes advantage of trusting human beings to get information from them, Sometimes hacker use your detail and reverse engineer. Eg. Hacker use Forgot my password option and they answer your security question by the info they gain from using SE. And they can change your password.
2. Dictionary attacks: A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In this Brutus is a very common password cracker,
to do a dictionary attack against an ftp server. Brutus is a Windows only program, Some programs are also there for MAC and LINUX.
3. Rainbow Table: A Rainbow table is a huge pre-computed list of hash values for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm that transformed it into something absolutely foreign. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5.
Let’s say you are registering for a website. You put in a username and password. Now when you submit, your password goes through the MD5 algorithm and the outcome hash is stored in a database. Now since you can’t get the password from the hash, you may be wondering how they know if your password is right when you login. Well when you login and submit your username and password, a script takes your password and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the database. If they are the same, you are admitted. If I were to run the word “cheese” through the md5 algorithm, the outcome would be fea0f1f6fede90bd0a925b4194deac11. Having huge tables of every possible character combination hashed is a much better alternative to brute-force cracking. Once the rainbow tables are created, cracking the password is a hundred times faster than brute-forcing it. I will show an example of rainbow table cracking when we get into Windows password cracking.
5. Phishing: Its outdated. Just use your creativity to do phishing. Because normal phishing method is not work for sure. Better you go for keylogger, Reverse Engg, SE. etc.,
6, 7, 10: In my future post I'll be explain the complete tutorial for Keylogger, istealer and RAT.
9. Guessing: If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this are: date of birth, phone number, favorite pet, and other simple things like these.
Hope you enjoy reading this.
My Newxt post is > Hacking Facebook Password > Introduction To Keylogger > & Keylogger TuT :)
Happy Hacking :)
Comments
Post a Comment