How to Hack Passwords
If it is not possible for a hacker to know a user’s password through inference, social engineering, and
physical attack (to be discussed in detail in later chapters), he can instead use several password cracking
tools, such as the following:
you can launch different types of attacks to attempt to recover or crack a password. Here are some of them listed below:
1. Dictionary attacks
As the name implies, these attacks make use of words available in the dictionary against the
system’s password database. This type of attack makes it easy for you to discover weak passwords or passwords that make use of alternative spellings, such as pa$$word to replace “password”. The strength of a dictionary attack tool is based on the number of vocabulary words that it contains.
How to Crack Passwords
2. Brute-force attacks
These attacks are capable of cracking any type of password as it makes use of all combinations of
letters, special characters, and numbers until the password of a device is successfully cracked.
However, it is easy to guess the flaw in this technique – it can take a lot of time to uncover a
password, especially strong ones.
How to Crack Passwords
3. Rainbow Attacks
Rainbow attacks are great for cracking hashed passwords, and these types of attacks can render
higher success rates. Tools that make use of rainbow attacks can also crack passwords faster,
compared to dictionary and brute-force attack tools. The only flaw of this type of attack is that it
can only uncover passwords that have 14 characters or less.
Other Ways to Uncover Passwords As mentioned earlier, the easiest way to crack a password is to have physical access to the system that you are trying to hack. If you are not able to make use of cracking tools on a system, you can use the following techniques instead:
4. Keystroke logging
This is easily one of the most efficient techniques in password cracking since it makes use of a
recording device that captures keystrokes as they are typed in a keyboard. You can use keyboard logging software, such as the KeyLogger Stealth and the Spector Pro, or keylogging
hardware such as the KeyGhost.
5. Searching for weak password storages
There are too many applications in most computers that store passwords locally, which makes
them very vulnerable to hacking. Once you have physical access to a computer, you can easily find
out passwords by simply searching for storage vulnerabilities or making use of text searches.
If you are lucky enough, you can even find stored passwords on the application itself.
3. Weak BIOS Passwords
Many computers allow users to make use of power on passwords in order to protect hardware
settings that are located in their CMOS chips.
However, you can easily reset these passwords by simply changing a single jumper on the motherboard or unplugging the CMOS battery from the board.
You can also try your luck and search online for default user login credentials for different types of motherboards online
1. Cain & Abel – used to crack NT and LM (NTLM) LanManager hashes, Pic and Cisco IOS hashes,
Radius hashes, and Windows RDP passwords.
2. Elcomsoft Distributed Password Recovery – cracks PKCS, Microsoft Office, and PGP
passwords. It can also be used in cracking distributed passwords and recover 10,000
networked computers. It also makes use of GPU accelerator which can increase its cracking
speed up to 50 times.
3. Elcomsoft System Recovery – resets Windows passwords, resets all password expirations, and
sets administrative credentials.
4. John the Ripper – cracks Windows, Unix, and Linux hashed passwords
5. Ophcrack – makes use of rainbow tables to crack Windows passwords
6. Pandora – cracks offline or online user passwords for Novell Netware accounts
7. Proactive System Password Recovery – recovers any password stored locally on a Windows
operating system. This includes passwords for logins, VPN, RAS, SYSKEY, and even WEP or WPA
connections.
8. RainbowCrack – cracks MD5 and LanManager hashes using the rainbow table.
Take note that some of these tools may require having physical access to the system that you want to
hack. In the same vein, keep in mind that once a hacker has physical access to a system that you intend to protect, he would be able to dig into all password-protected or encrypted files that you have, as long as he has the right tools.
When testing out tactics for cracking passwords, one of the most important things that you need to
remember is that the technique that you need to test will be based on the type of encryption of the
password that you need to crack. Also,
if you are testing out password-cracking hacks, you may also need to remember that it is possible for certain systems to lock out associated users, which may cause a denial of service to users who are using the network.
Passwords, after their creation, are then encrypted using a one-way hash algorithm. These hashed
passwords are then seen as encrypted strings. For obvious reasons, the created hashes are not
reversible, which makes passwords impossible to decrypt.
If you are trying to crack passwords on a Linux operating system, there is an added degree of difficulty in doing so because of the added degree of randomness in passwords because this operating system adds “salt”, or a random value to make passwords more unique and prevent two users from acquiring the same hash value. However, if you have the right tools,