How to hack app password

 7) Crack password


What is password cracking?


Password cracking is the process of attempting to gain unauthorised access to restricted systems using generic passwords or algorithms that imply passwords. In other words, it is the art of obtaining the correct password, which gives access to an authenticated system.
Cracking passwords uses a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against a list of words, or using algorithms to generate passwords that match







In this guide, we will introduce you to general password cracking techniques and countermeasures that you can apply to protect systems from such attacks.

Topics covered in this tutorial


• How strong is the password?
• Password cracking techniques
• Password cracking tools
• Password cracking measures
• Hacking Purpose: Hack Now!


How strong is the password?


Password strength is a measure of the effectiveness of a password against password cracking attacks . The strength of the password is determined;
Length : the number of characters that the password contains.
Complexity : Does it use a combination of letters, numbers, and a symbol?
Unpredictability : Can an attacker guess this easily?

Let's now look at a practical example. We will use three passwords, namely
1.   password
2.   password1
3.   # password1 $
 In this example, we will use the Cpanel password strength indicator when generating passwords. The figures below show the strengths of each of the passwords listed above.

Note . The password used is a password, its strength is 1, and it is very weak.




Note : The password used is password1, the strength is 28 and it is still weak.


Note . The password used is # password1 $, the strength is 60 and it is secure.
The higher the strength score, the better the password.
Let's assume we have to store our passwords using md5 encryption. We will use the online md5 hash generator to convert our passwords to md5 hashes.
 The table below shows password hashes
passwordMD5 HashStrength Indicator Cpanel
password5f4dcc3b5aa765d61d8327deb882cf991
password17c6a180b36896a0a8c02787eeafb0e4c28
# Password1 $29e08fb7103c327d68327f23d8d9256c60

 
We will now use http://www.md5this.com/ to crack the aforementioned hashes. The pictures below show the password cracking results for the above passwords.






As you can see from the above results, we were able to crack the first and second passwords with lower security scores. We were unable to crack the third password, which was longer, more complex and unpredictable. It had a higher strength number.

Password cracking techniques


There are a number of techniques that can be used to crack passwords . We will describe the most commonly used ones below;
Dictionary attack - This method involves using a list of words to compare against user passwords.
Brute Force Attack - This method is similar to a dictionary attack. Brute force attacks use algorithms that combine alphanumeric characters and symbols to come up with passwords for the attack. For example, a password with the value "password" can also be used as the word p @ $$ using a brute force attack.
Rainbow Attack - This method uses pre-computed hashes. Let's assume we have a database that stores passwords as md5 hashes. We can create another database that has md5 hashes of frequently used passwords. We can then compare the hash of the password we have with the stored hash in the database. If a match is found, then we have a password.
Guess - As the name suggests, this method involves guessing. Passwords like qwerty, password, admin, etc. are usually used or set as default passwords. If they have not been changed or the user is not careful when choosing passwords, then they can be easily compromised.
Spidering - Most organizations use passwords that contain company information. This information can be found on company websites, social networks such as Facebook, Twitter, etc. Spidering collects information from these sources to compile word lists. The wordlist is then used to carry out dictionary and brute force attacks.

Spidering example dictionary attack dictionary
1976 <founder birth year>

smith jones <founder name>

acme <company name / initials>

built | to | last <words in company vision / mission>

golfing | chess | soccer <founders hobbies

Password cracking tool


These are programs that are used to crack user passwords . In the example above, we have already looked at a similar tool for checking password strength. The www.md5this.com website uses a rainbow table to crack passwords. We will now look at some of the most commonly used tools.
John the Ripper
John the Ripper uses the command line to crack passwords. This makes it suitable for advanced users who are comfortable working with teams. It uses a wordlist to crack passwords. The program is free, but the wordlist must be purchased. It has free alternative word lists that you can use. Visit the product website at https://www.openwall.com/john/ for more information and usage.
Cain and Abel
Cain and Abel run through the windows. Used to recover passwords for user accounts, recover Microsoft Access passwords; network analysis, etc. Unlike John the Ripper, Cain & Abel uses a graphical user interface. It is very common among beginners and children of scripting due to its ease of use. Please visit the product website at http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml for more information and how to use it.
Ophcrack
Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It works on Windows, Linux and Mac OS. It also has a module for brute force attacks, among other features. Visit the product website at http://ophcrack.sourceforge.net/  for more information and usage.

Password cracking measures


◇ An organisation can use the following techniques to reduce the likelihood of password cracking.
◇ Avoid short and easily predictable passwords
◇ Avoid using passwords with predictable patterns such as 11552266.
◇ The passwords stored in the database must always be encrypted. For md5 encryption, it is better to salt the password hashes before storing them. Salting involves adding some word to the supplied password before generating the hash.
◇ Most registration systems have indicators of password strength, organisations should adopt policies that support high password strength values.


Hacking Activities: Hack Now!


In this hands-on scenario, we are going to hack a Windows account with a simple password . Windows uses NTLM hashes to encrypt passwords . We will use the NTLM cracker tool in Cain and Abel to do this.
Cracker Cain and Abel can be used to crack passwords;
◇ Dictionary attack
◇ Brute force
◇ cryptanalysis

We will be using a dictionary attack in this example. You need to download the attack dictionary dictionary here 10k-Most-Common.zip
For this demo, we created an account named qwerty on Windows 7.


Password cracking steps

◇ Unlock Cain and Abel , you will get the next main screen




◇ Make sure cracker tab is selected as shown above
◇ Click the Add button on the toolbar.




◇ The following dialog will appear


◇ Local user accounts will be displayed as follows. Please note that the results shown will refer to user accounts on your local computer.



◇ Right click on the account you want to hack. For this tutorial, we will be using accounts as a user account.



◇ The following screen will appear



◇ Right click on a dictionary section and select Add to Menu List as shown above.
◇ Navigate to the 10k most common .txt file you just downloaded



◇ Click on the Start button
◇ If the user used a simple password such as qwerty, then you should be able to get the following results.



Note : The time it takes to crack a password depends on the strength of the password and the complexity and processing power of your computer.
◇ If the password has not been cracked using a dictionary attack, you can try using brute force or cryptanalysis techniques.


Summary


◇ Cracking a password is the art of recovering saved or transmitted passwords.
◇ The strength of a password is determined by the length, complexity, and unpredictability of the password value.
◇ Common password techniques include dictionary attacks, brute force, rainbow tables, webbing, and cracking.
◇ Password cracking tools make it easy to crack passwords.




Previous Post Next Post