Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Techniques used to cracked password and most of them work great-list follow as
- Social Engineering:
- Default Passwords
- Shoulder surfing:
- Dumpster Driving:
- Dictionary Attacks:
- Brute-force Attacks:
- Rainbow Tables:
- RATing and Keylogging:
Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he could call the co-worker pretending to be from the IT department. Social Engineering is used for different purposes.
Countermeasure: If somebody tries to get login information or any other sensitive information from you, ask them some questions. Try to find whether the one who is trying to get the info is legit or not.
A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Countermeasure:Always disable or change the applications’ (both online and offline) default username-password pairs.
Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password. If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even ‘well-chosen’ passwords. One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Countermeasure:Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
This method doesn’t need the usage of hacking knowledge. The hacker would simply attempt to look over your shoulder as you type in your password.
Countermeasure:Make sure nobody’s looking when you type your login info.
In this the hacker would simply try to find any slips of paper in which you have written the password.
Countermeasure: Do not write your passwords or login information anywhere. If you write, keep them somewhere safe.
If yours is a weak password, a hacker could simple guess it by using the information he knows about you.
1. Blank (None). (Most of the websites do not allow blank passwords)
2.The word “password” “passcode” “admin” and their derivatives.
3. The username or login name.
4. The names of their loved ones.
5. Their birthplace or date of birth.
6. A dictionary word in any language.
7. Automobile license plate number.
8. A row of letters in a standard keyboard layout.
Example: asdfghjkl or qwertyuiop etc.
Countermeasure: Use passwords that are not easily guessable and not found in any dictionary.
A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack.
Countermeasure: Use the passwords that are not found in dictionary in any language.
Brute-force attacks can crack any password. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password.
Countermeasure: Use a password that is complex and long. Brute-force attack may take hundreds, even thousands of years to crack complex and long passwords.
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm (such as md5) that transformed it into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5. It is almost like a dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords. ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592
Countermeasure: Choose a password that is long and complex. Creating tables for passwords that are long takes a very long time and a lot of resources
Many hackers and internet security experts say that Phishing is the most easiest and popular way to get the account details. In a Phishing attack the hacker sends a fake Facebook or any other webpage link to the victim which the hacker has created or downloaded and uploaded it to any free hosting sites like http://www.100mb.com or any free webhost. The hacker sends the fake login page link through E-mail or while chatting, etc. When the victim enters the login details, the victim is redirected to the original login page and the hacker gets the victim’s login details.
Countermeasure: Phishing attacks are very easy to avoid. When you are asked to put your personal information into a website, look up into the URL bar. If for example you are supposed to be on facebook.com and in the URL bar it says something like facebook.something.com or something, the you should know it’s fake.
- What Is Phishing Technology
- How to Hack Gmail using Advance Phishing Technique
- Trick to hack facebook account using phishing technique
RATing and Keylogging:
In keylogging or RATing the hacker sends a keylogger server or RAT server to the victim. The keylogger records every key stroke of the victim. When the victim is typing the account details, the keylogger records and sends it to the hacker.
Countermeasures: It is better to use on-screen keyboards or virtual keyboards while tying the login info or personal info. Install the latest anti-virus software and keep them updated.
- Make actual spy keylogger a full version (100 % working)
- Make your keylogger undectable using binders and crypters
- How to detect keylogger
Note: There are several other types of password cracking but, these are the most common types.