OtherPassword CrackingPenetration Testing

Hack Today : How to Crack Passwords – Part 2

Welcome back to TheHackToday,  How to Crack Passwords

Few days back I started ” How to Crack Passwords  – Part 1 ” If your new to cracking passwords we have a strategy technique for you in Part 2 & Each type of passwords require a unique strategy for cracking. The Encryption can be (MD5, SHA1, NTLM, etc.), remote vs. offline, salted or unsalted, and so on. In Part-2 I want to discuss password cracking strategy. Many Beginners password crackers run their password cracking tool and expert a breakthrough, They use wordlists with huge about of data. You need to have a good speed for cracking you can check hardware on Part 1. No strategy will work on all passwords with the exception of the CPU and time-intensive brute force cracking.

 I’m assuming here that we are after more than one password. Usually password cracking is an exercise to capture the hashes first. On Windows systems, they are in the local SAM file systems, LDAP Active Directory systems, and / etc / shadow on Linux and UNIX systems. These hashes are one-way encryption that are unique to each password entry (well, almost all password entry, to be precisely accurate). In each case, we have to know what encryption scheme is used to decrypt the hash.

How to Crack Passwords (Example)

For example, Linux and Unix systems use MD5 and modern Windows systems use HMAC-MD5. Other systems may use SHA1, MD4, NTLM, etc. Make sure that you know what hash is used in the system you are trying to decode otherwise spend hours or days without satisfactory results.

Mostly People said, John the Ripper has an automatic detector hash is right around 90% of the time, but when it is bad, there is no way of knowing. Cain and Abel, and hashcat, we must tell the tool what kind of hashish that we are trying to decode.



Here we can see a screenshot of the types of hashes that we can crack using hashcat and their numeric values.

Step 1: Hybrid Attack

include passwords as “tht23tht” and “st3tht34tht34”. These are relatively strong passwords, including special characters and numbers, but because they include variations of dictionary words that are often easily manipulated.

Fortunately, this is something that John the Ripper automatically ago, but other password crackers (Cain and Abel) do not necessarily do. Hashcat can be run with one of their many sets of rules for combining words and special characters your word list.


Step 2: Combine Words with Numbers


Now we want to attack the remaining hashes and take the next step in complexity.In this iteration, we will run the remaining hashes through a wordlist that has longer dictionary words and dictionary words with numbers. Users, because they are forced to change passwords periodically, will often just add numbers to the beginning or end of their passwords. Some of our password cracking tools like hashcat and John the Ripper allow us to use rules to apply to wordlist to combine words, append and prepend numbers, change case, etc.

Step 3: Try Common Passwords

Humans, although we think that only tend to think and act similarly. Just as beasts of burden, we follow the herd and act similarly. The same is true of passwords.

Users want a password that meets their minimum password political organizations, but also easy to remember. So you will see passwords, such as “P @ ssw0rd” so often. Despite its apparent simplicity, it meets a password policy for a minimum of 8 characters, uppercase and lowercase letters, a special character, and number. Believe it or not, this password and its variations are used on numerous occasions.

Knowing that human beings tend to use such passwords, in my next iteration of the hash password list, I’ll try a list of passwords passwords are commonly found. Numerous web sites include lists of words or captured cracked passwords. In addition, you can try to scrape the web to capture the largest number of possible passwords.


Step 4: Brute Force Passwords

While it might seem counter intuitive, often start by trying to brute force very short passwords. Although the brute force of long passwords can be slow (days to weeks) long, very short passwords can be brute forced in minutes.

I start by trying to brute force passwords six characters or less. Depending on my hardware, it usually can be accomplished in minutes or hours. In many environments, this will result in at least a couple of passwords.

Besides, I also try to brute force all numeric password at this stage. Number passwords are easier to crack. A numeric password of 8 characters only requires that we treat 100 million possibilities, and even a number of password of 12 characters only requires 1 billion options. With powerful hardware, we can do this with little muss.



If you don’t like Reading the Above Stuff!!

If all else fails, what remains is that brute force passwords. This can be very slow with only one CPU, but can be accelerated 1000x or more with a botnet, a password cracking ASIC or a cookie fast GPU multiple password (I will do tutorials on each of them in the near future) . Among the fastest of these, one password cracker 25 GPU is capable of 348 billion hashes per second!

Even when we were with a brute force attack, we can be strategic about it. For example, if we know that the password policy is a minimum of 8 characters, try brute force with only eight characters. This will save time and will likely give some passwords.

Additionally, you can choose to configure your character. Again, if we know that the password policy is uppercase, lowercase, and numbers, select only those character sets brute force.

Finally, some as hashcat password crackers (look for my next tutorial on hashcat) have built-in “policies” that you can choose to try to brute force. These are similar to strategies and help setting their attacks based on protocol password construction, followed by a company or group.

These rules can be used in other password cracking tools like John the Ripper. Here we can see a list of these rules in hashcat (these can be used in John the Ripper, too).

It is important to succeed in deciphering passwords that follow a systematic strategy, no matter what tool you use, requiring multiple iterations to break as many passwords. This strategy generally works of passwords are easier to crack for the most difficult.

Of course, this strategy will be in part dependent on the tools you are using, lists of words that are used, and the password policy of the victim. Although, I have hereunto set my strategy of password cracking, yours may be different and having to adapt to the environment you are working in.

Read here : Cracking Part – 1

I’m sorry if i did any mistake writing article, if you have suggestion please comment below!



Related Articles

Back to top button