SEE!!! the Different Ways Hackers Crack passwords(EXPLAINED)
Password cracking is an art by hackers whereby hackers try to obtain the security login details of their victim and try to gain account into the victim's account for different purposes.
Password cracking started a long time ago and the methods hackers used then were:
Social Engineering: In this method of password cracking, the hacker applies what was called a "con game", where the hacker cooks up a story and makes the victim believe that he/she(the hacker) is a genuine person and tries to get victim to give away the login detail. Here, the hacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources, and the victim might be convinced to give out their login details.
Guessing: Here, the hacker tries to guess the victim's password. He might try things like their pet name, birthday, child's name, etc.
Shoulder surfing: Here the hacker looks over the victim's shoulder as they type in their password shoulder surfing can also be done at a distance using binoculars and other vision enhancing devices, hidden cameras can be also used by the hacker
The above methods of password cracking are old methods of Hacking, most people have become aware of the methods and taken precaution.
Here are the latest methods of password cracking :
Dictionary Attack : Here, list of every word in a dictionary is used to crack the password database. Dictionary attack can also be used to find the keys necessary to decrypt an encrypted message and document. A password cracker is used for the attack too,
Dictionary attack will not be successful if words that a not in the dictionary, multiple-phrase words or combination of uppercase and lowercase words are used for password.
Brute Force Attack: With this method, virtually all passwords can be cracked provided that time is given. The brute force attack tries every combination of letters, numbers and special characters until the right password is found. The attack usually takes a longer time depending on the speed of the system running the cracking process. In brute force attack, the number of attempts is limited by the maximum length and the number of characters to try per position
Rainbow Table: This can be defined as a pre-computed table for reversing cryptographic hash functions
usually for cracking password hashes. A password hash is a password that has gone through a mathematical algorithm that has transformed it into something else. A hash is a one way encryption and once a password is hashed, the original string cannot be gotten from the hashed string. When the user puts their password, the password goes through an algorithm and the outcome hash is stored in a database such that when the user logs in again, the password is compared to the hashed string in the database, if it is the same, the user will be admitted. Once the rainbow table is created, cracking passwords can be faster than the brute force attack.
Phishing: It is a password cracking process where the hacker pretends to be a reputable individual or entity and tries go get information such as log in details, credit card details or other information from unsuspecting victim. The name comes from the word "fishing" and it involves laying baits just like fishing. For example, a hacker can replicate a gmail login page and send the victim the link to the gmail login telling the victim to log in and check a mail he sent or something like that, when the victim logs in from the link with their correct gmail login details, the login details is sent to the hacker. For a hacker to be able to use phishing for password cracking, he must have a knowledge of php and html where a php program is written to perform the action.
I will post a tutorial on how to use the different methods of password cracking on my next post
DISCLAIMER: The information provided in this post is to be used for educational purposes only. The writer is in no way responsible for any misuse of the information provided. All of the information in this post is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly.
Password cracking started a long time ago and the methods hackers used then were:
Social Engineering: In this method of password cracking, the hacker applies what was called a "con game", where the hacker cooks up a story and makes the victim believe that he/she(the hacker) is a genuine person and tries to get victim to give away the login detail. Here, the hacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources, and the victim might be convinced to give out their login details.
Guessing: Here, the hacker tries to guess the victim's password. He might try things like their pet name, birthday, child's name, etc.
Shoulder surfing: Here the hacker looks over the victim's shoulder as they type in their password shoulder surfing can also be done at a distance using binoculars and other vision enhancing devices, hidden cameras can be also used by the hacker
The above methods of password cracking are old methods of Hacking, most people have become aware of the methods and taken precaution.
Here are the latest methods of password cracking :
Dictionary Attack : Here, list of every word in a dictionary is used to crack the password database. Dictionary attack can also be used to find the keys necessary to decrypt an encrypted message and document. A password cracker is used for the attack too,
Dictionary attack will not be successful if words that a not in the dictionary, multiple-phrase words or combination of uppercase and lowercase words are used for password.
Brute Force Attack: With this method, virtually all passwords can be cracked provided that time is given. The brute force attack tries every combination of letters, numbers and special characters until the right password is found. The attack usually takes a longer time depending on the speed of the system running the cracking process. In brute force attack, the number of attempts is limited by the maximum length and the number of characters to try per position
Rainbow Table: This can be defined as a pre-computed table for reversing cryptographic hash functions
usually for cracking password hashes. A password hash is a password that has gone through a mathematical algorithm that has transformed it into something else. A hash is a one way encryption and once a password is hashed, the original string cannot be gotten from the hashed string. When the user puts their password, the password goes through an algorithm and the outcome hash is stored in a database such that when the user logs in again, the password is compared to the hashed string in the database, if it is the same, the user will be admitted. Once the rainbow table is created, cracking passwords can be faster than the brute force attack.
Phishing: It is a password cracking process where the hacker pretends to be a reputable individual or entity and tries go get information such as log in details, credit card details or other information from unsuspecting victim. The name comes from the word "fishing" and it involves laying baits just like fishing. For example, a hacker can replicate a gmail login page and send the victim the link to the gmail login telling the victim to log in and check a mail he sent or something like that, when the victim logs in from the link with their correct gmail login details, the login details is sent to the hacker. For a hacker to be able to use phishing for password cracking, he must have a knowledge of php and html where a php program is written to perform the action.
I will post a tutorial on how to use the different methods of password cracking on my next post
DISCLAIMER: The information provided in this post is to be used for educational purposes only. The writer is in no way responsible for any misuse of the information provided. All of the information in this post is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly.
Comments
Post a Comment