Ethical Hacking - Password Hacking

Password Hacking

Passwords are set for the things that we desire to protect like for emails, servers, databases, computer systems etc. The Key to obtain an access into a system or an account is Password.

Password Hacking

Passwords are usually set in such a way that they are remembered easily like date of births, family member names, mobile numbers etc. But this results in easy hacking of the passwords.

To defend from the potential hackers, passwords should be very strong.

The attributes of a strong password are:

  • Contains at least 8 characters.
  • A mix of letters, numbers, and special characters.
  • A combination of small and capital letters.
Password Hash

How the passwords are hacke

There are different options by which password can be hijacked like:

  1. Dictionary Attack :

In a dictionary attack, lists of words from a dictionary are used to guess the password. The password can be decoded easily by Dictionary Attack, if the set password is weak.

Hydra is a popular tool that is widely used for dictionary attacks. In the screenshot below Hydra is used to find the password of FTP service.

Dictionary Attack

Hybrid Dictionary Attack

Hybrid dictionary attack uses a set of dictionary words combined with extensions. For instance, the word “admin” is combined with extension like “admin123” etc.

A standard character set can be specified by a wordlist generator called Crunch. All the permutations and combinations can be generated using Crunch. This tool comes with Kali for Linux OS.

Hybrid Dictionary Attack

Brute-Force Attack

In a brute-force attack, the passwords can be hacked by using all possible combinations of letters, numbers, special characters, and small and capital letters. This attack requires huge amount of time to process all the combinations. A brute-force attack is slow and the hacker might require a system with high processing power to perform all those permutations and combinations faster.

John the Ripper or Johnny is one of the powerful tools to set a brute-force attack and it comes with the Kali distribution of Linux.

Brute-Force Attack

Rainbow Tables

A rainbow table contains a set of predefined passwords that are hashed. This table is used in recovering passwords from a cipher text. It appears like a pre-calculated hash table to crack the password. The link to download this table is http://project-rainbowcrack.com/table.htm

RainbowCrack 1.6.1 is the tool to use the rainbow tables. It is available again in Kali distribution.

Rainbow Tables

Quick Tips

  • Do not write the passwords anywhere, memorize them.
  • Strong passwords which are difficult to crack need to be set.
  • A combination of alphabets, digits, symbols, and capital and small letters need to be used to set the password.
  • Passwords set should not be similar to that of the usernames.