How to Crack a Password What is Password Cracking? Password cracking is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords. In other words, it’s an art of obtaining the correct password that gives access to a system protected by an authentication method. Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or use algorithms to generate passwords that match In this Tutorial, i will introduce you to the common password cracking techniques and the countermeasures you can implement to protect systems against such attacks. Topics covered in this tutorial What is password strength? Password cracking techniques Password Cracking Tools Password Cracking Counter Measures Hacking Assignment: Hack Now! What is password strength? Password strength is the measure of a password’s efficiency to resist password cracking attacks. The strength of a password is determined by; Length: the number of characters the password contains. Complexity: does it use a combination of letters, numbers, and symbol? Unpredictability: is it something that can be guessed easily by an attacker? Let’s now look at a practical example. We will use three passwords namely 1. password 2. password1 3. #password1$ For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above-listed passwords. Note: the password used is password the strength is 1, and it’s very weak. Note: the password used is password1 the strength is 28, and it’s still weak. Note: The password used is #password1$ the strength is 60 and it’s strong. The higher the strength number, better the password. Let’s suppose that we have to store our above passwords using md5 encryption. We will use an online md5convertor to convert our passwords into md5 hashes. The table below shows the password hashes Password MD5 Hash Cpanel Strength Indicator password 5f4dcc3b5aa765d61d8327deb882cf99 1 password1 7c6a180b36896a0a8c02787eeafb0e4c 28 #password1$ 29e08fb7103c327d68327f23d8d9256c We will now use Best Darkweb Carding Forum and Hacking Forum to crack the above hashes. The images below show the password cracking results for the above passwords. As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn’t manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number. www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools John the Ripper John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free, but the word list has to be bought. It has free alternative word lists that you can use. Visit the product website Best Darkweb Carding Forum and Hacking Forum for more information and how to use it. Cain & Abel Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing, etc. Unlike John the Ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website Best Darkweb Carding Forum and Hacking Forum for more information and how to use it. Ophcrack Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It runs on Windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website Best Darkweb Carding Forum and Hacking Forum for more information and how to use it. [paste:font size="5"]10k-Most-Common.zip For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7. [paste:font size="5"]Password cracking steps Open Cain and Abel, you will get the following main screen Make sure the cracker tab is selected as shown above Click on the Add button on the toolbar. The following dialog window will appear The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine. Right click on the account you want to crack. For this tutorial, we will use Accounts as the user account. The following screen will appear Right click on the dictionary section and select Add to list menu as shown above Browse to the 10k most common.txt file that you just downloaded Click on start button If the user used a simple password like qwerty, then you should be able to get the following results. Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine. If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks. Summary Password cracking is the art of recovering stored or transmitted passwords. Password strength is determined by the length, complexity, and unpredictability of a password value. Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking. Password cracking tools simplify the process of cracking passwords.