Password hacking is one of the hottest and most widely discussed topics in the field of
computer hacking. In today’s world, passwords alone play a key role in deciding
the security of a web server or any other computer system. As a result, hacking
the password is one of the easiest and sometimes the only way to gain access to
the system. In this chapter, you will be introduced to various password hacking
techniques that are frequently used in the hacking industry.
To
begin with, I will let you know some of the obvious, simple yet effective
techniques to hack passwords:
1. Social Engineering
This
type of technique involves psychological manipulation of people into performing
actions that lead to the disclosure of their confidential information. In other
words, social engineering is just a trick played by the hacker to gain the
trust of people so that they reveal the password by themselves.
Scenario-1
The hacker
may call the target person by pretending himself as a bank official and ask him
to confirm his password stating that this has to be done as a part of an
ongoing verification program. In most cases, the target person on the other end
believes this and reveals his password to the hacker.
Scenario-2
In order to
avoid suspicion, instead of directly asking the victim to reveal the password,
the hacker may obtain other vital information such as the “Date of Birth”,
“Place of Birth”, “High School Details” etc. from the target person. Using
these details, the hacker can easily reset the password and gain unauthorized
access.
Even
though social engineering seems simple, it is proven that most people would
easily fall victim to this attack. Lack of awareness among people is the prime
reason for the success behind this trick.
2. Guessing
As most
people are known to use easy to remember words such as their “pet’s name”,
“phone number”, “child’s name” etc. as their passwords, it is often possible
for the hacker to easily guess the password.
3. Shoulder surfing
It is the act
of spying on one’s keyboard from behind the shoulders as a person types his/her
password. This technique works well particularly in crowded areas such as cyber
cafes and ATMs where people are usually unaware of what is happening behind
their shoulders.
Password Hacking Methods
Now,
let us jump into some of the serious methods that hackers use to crack
passwords:
DICTIONARY ATTACK
A dictionary attack is a type of password cracking technique where a long list of
words from the dictionary is repeatedly tried against the target until the
right match is found. This technique can be used to crack passwords that
contain words found in the dictionary.
Generally, the success of a dictionary attack is based on the fact
that most people have a tendency to use easy to remember passwords that are
found in the dictionary. However, if one uses a strong password with a
combination of alphabets and numbers or introducing a slight variation to the
actual spelling would make it impossible for the dictionary attack to crack
such passwords.
One of my favorite tool to carry out the dictionary attack is Brutus.
It is a remote online password cracker that works on Windows platform and can
be downloaded from the following link:
NOTE: Some
antivirus programs are known to have conflict with the Brutus application. So, it is recommend that you temporarily disable your antivirus
before running the Brutus application.
Now, let me give you a small demo on how to use Brutus. Here is a step-by-step procedure:
- After downloading the tool from the above link, unzip the package into a new empty folder.
- Run the “BrutusA2.exe” file to open the application as shown in the figure below:
- Enter the IP address (or domain name) of the target server in the “Target” field Select the type of password that you want to crack from the “Type” field or enter your own custom port number in the “Port” field”.
- If you know the username for which you want hack the password for, then check the “Single User” option and enter the username in the “UserID” field. Otherwise leave the default settings to work as it is so that the username list is loaded from the “users.txt” file.
- In the “Pass Mode” field select the option “Word List”. The list of words will be loaded from the “words.txt” file by default which contains around 800+ words. If you’ve a .TXT file that contains more words, then you can use that by selecting the “Browse” option. The bigger the list is, better the chances of cracking the password. Below is an example of how a username and password list might look like:
6. Now,
hit the “Start” button to begin the cracking process. Brutus will try every
word in the password list for
each of the usernames present
in the username list.
It will take a while for the process to complete and if you’re lucky, you
should get a positive
authentication response
and the cracked password as shown in the below figure:
NOTE: It
is always a smart idea to use
a proxy before attempting this
hacking process. This will prevent your real IP address from being stored in
the logs of remote server and thus reduces the chances of being traced back.
BRUTE-FORCE ATTACK
Unlike
the dictionary attack which tries only those words present in the list, the brute force attack on the
other hand tries every possible permutation of alphabets, numbers and even special characters
until the right password if found.
In
theory, it is possible to crack any password using this approach, but here’s
the catch! Brute force attack takes
a long time to crack passwords. The time actually depends on the speed of the
computer and the complexity of the password.
For
example, if the target password is small and doesn’t contain any numbers or
special characters, it is fairly easy to crack such passwords using this
approach. However, if the password is lengthy, contains numbers or even special
characters, this approach may take a long time to complete. For some complex
passwords, brute force approach may take up even years to finish the cracking
process as there are billions of permutations to try.
Here
is how you can configure the Brutus
program to try the brute force approach:
1.
Configure the “Target”, “Type” and “Port” in the same way as in case of the dictionary attack.
Under the “Authentication Options”, select the “Pass Mode” as Brute Force and click on
the “Range” button as shown in the Figure below:
2.
Once you click on “Range” you will see a number of options to select with such
as “Digits only”, “Lowercase Alpha”, “Uppercase Alpha” and so on. You can also
set the Min Length and
Max Length to
narrow your brute force attack options.
In
the above example, Brutus will try all permutations of lower alphabets ranging
from 0 to 6 characters in length. Going for options like “Mixed Alpha” or
“Alphanumeric” and increasing the Max
Length would increase the success rate of
cracking the password but consequently takes more time to complete.
3.
Once your range selection is over, click “OK” and hit the “Start” button. The
brute force cracking attempt will begin and will take anywhere from a few
minutes to a couple of hours to complete. If the crack attempt is successful,
you should see the username and
its corresponding password displayed
on the Brutus window!
RAINBOW TABLE
A rainbow table is a pre-computed table that contains a long list of password
hashes for dictionary words as well as alphanumeric permutation of words. The
hacker initially generates a long list of password hashes and stores them in a
rainbow table for later use.
Although generating a rainbow table initially takes a long time
and utilizes more storage space, once computed it can greatly reduce the time
taken for the password cracking process.
Any computer system that requires password authentication will
maintain a table of usernames and passwords in its database. In case if the
hacker manages to steal this table from the database, he would easily be in a
position to gain access to a large number of accounts on the target system. In
order to prevent this from happening, most systems store the passwords in a
cryptographic hash format as opposed to plain text.
For example, when a user completes the sign-up process on an
online portal, the system may convert his password to MD5 hash format and store
it in its database table. Suppose if the user has his password as goldfish, its MD5 hash would be as follows:
MD5 Hash: 861836f13e3d627dfa375bdb8389214e
Thereafter whenever the user tries to log into the portal, his
password gets converted to the MD5 hash format on the fly and is compared
against the existing hash in the database table. If both the hashes match,
access is granted to the user.
Now, even if the hacker manages to gain access to the database and
steal the password table, he would only see a long list of cryptographic hashes
and not the actual password.
This is where rainbow
tables come in handy. The hacker can
use the rainbow tables to compare the long list of pre-computed hashes against the stolen
list of password hashes. If the hashes match, the password would be the one
that was initially used to generate the hash. Unlike a brute force approach where the hash is computed on every attempt, the rainbow table approach on the other hand utilizes a pre-computed list of hashes
to directly compare them against an existing password hash. As the time required
to compute the hash on every attempt is cut down, the rainbow table approach takes significantly less time to complete the cracking
process.
PHISHING ATTACK
Phishing
is a form of social engineering technique used by hackers to gather sensitive
information such as usernames, passwords and credit card details by posing as a
trustworthy person or organization.
Phishing
scams usually sends an email message to users requesting for their personal
information, or redirects them to a website where they are required to enter
their personal information.
In
most cases, a phishing email directs the victims to follow a link leading to a
website where they will have to enter their login details or other confidential
information. In reality this website is a fake one created by the hacker (often
referred to as spoofed website) which is an exact replica of the original or
appears similar. When the victim enters his/her login details on a spoofed page
they are actually stolen away by the hacker.
For
example, the hacker may send an email that pretends to have been appearing from
the bank where the victim maintains an account and ask him/her to update the
login details by following the link present in the email. The email further
mentions that this update process is mandatory and failing to do so will result
in the bank account being locked. As a response, the victim clicks on the link
where he/she will be taken to the fake login page that looks similar to the
original one. However, when the login details are entered, they are recorded
and stored on the website for later access by the hacker. The victim remains
unaware of the entire process but the hacker skillfully manages to hack the
password.
COUNTERMEASURES
After addressing some of the popular password cracking techniques,
let us now look at some of the countermeasures that can be taken to protect
ourselves from the above mentioned attacks.
Social Engineering
The measures needed to protect yourself from social engineering attacks are pretty simple and straight forward. Never disclose
your password or any other personal information to anyone via phone or email.
Attackers may even try to convince you by pretending to be an authorized person
with whom you can share the personal details with. But remember that passwords
are meant only to be entered on login pages and not to be shared with any
person at all.
Guessing and Shoulder Surfing
Always make sure that your password does not contain your pet
names, birth date, family member names or anything as such that are easy to be
guessed. It is recommended that your password contains a combination of hard to
guess words, numbers and special characters.
As far as the shoulder
surfing is concerned, you can avoid
the same by making sure that no one else behind you is watching the movement of
your fingers over the keyboard when you are typing the password.
Dictionary Attack
To protect yourself from a dictionary attack,
all you need to do is make sure that your password does not contain words from
dictionary. That means, your password is not something like “apple”, “lotus” or
“mango”. Instead use words that are not in the dictionary. You can also use a
phrase like str0ngpAss?? As your password so that it cannot be cracked using the dictionary
attack approach.
Brute-Force Attack and Rainbow Table
Brute-Force attacks often become successful when the passwords are short. That
means, by keeping the password long enough you can make it hard for the
attacker to crack it.
Usually a password whose length is of 8 characters was considered
long enough and safe in the past. However, this is not the case in the present
day scenario as the modern computers have high speed processing capabilities to
try thousands of guesses per second.
So, in order to make your password immune to brute-force attack
make sure it is larger than 8 characters and is a combinations of alphabets,
numbers and special characters.
You can avoid rainbow table attack on your passwords by making it
too long. If your password is more than 12 or 14 characters, it would be
extremely time consuming to create tables for them. This should keep you
protected from such attacks.
Phishing Attack
You can avoid phishing attack by following the below mentioned
guidelines:
- Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
- Do not use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
- Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive information such as passwords, account numbers or credit card details. You will see a lock icon in your browser’s address bar which indicates a secure connection. On some websites like “PayPal” which uses an extended validation certificate, the address bar turns GREEN as shown below:
- Even if the login page is not secure (https://) the target website may still be legitimate. However, look for misspellings like www.papyal.com, www.payapl.com or paypal.somethingelse.com instead of the legitimate site www.paypal.com and make sure that the login details are only entered on the legitimate web page.
ReplyDeleteI have been through thick and thin all in search for trustworthy and efficient hacker, For me it wasnt about the money all i needed was an hacker who could do what he said he could do, after been scammed by several imposters claiming to be hackers i was referred by a friend of a friend to contact; (wizardcyprushacker@gmail.com) who offered me top notch services. I am only doing all this for the genuine people out there like me desperately in need of a hacker you have just been shown the truth, do mention kimperly lopez when contacting him goodluck…..