Password cracking is the process of recovering secret passwords from
data that has been stored in or transmitted by a computer system. A
common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using Hashing, Guessing, Using Default
passwords, Brute Force and Phishing. However, we can see many shareware
products that costs near 100$ and they guarantees to hack account, The
important thing is that
There is no ready made software which can hack passwords in 2 or 3 steps!!!
If you see something like this, it may be some scam to steal your money..Beware..
The hacking methods are:
1) Hashing :-
hashing will refer to the one way function (which may be either an
encryption function or cryptographic hash) employed as a hash and its
output as a hashed password.
If a system uses a reversible function to obscure stored passwords,
exploiting that weakness can recover even 'well-chosen' passwords.
For example, LM hash that Microsoft Windows uses by default to store user passwords which have less than 15 characters.
The LM hash breaks the password into two 7-character fields which are
then hashed separately, allowing each half to be attacked separately.
Note: Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
2) Guessing
:- Many passwords can be guessed either by humans or by sophisticated
cracking programs armed with dictionaries (dictionary attack) and the
user's personal information.
Actually, many users choose weak passwords, usually one related to
themselves in some way. Repeated research over some 40 years has
demonstrated that around 40% of user-chosen passwords are readily
guessable by programs. Examples of insecure choices include:
blank (none)
the word "password", "passcode", "admin" and their derivatives
the user's name or login name
their birthplace or date of birth
- the name of their significant other or another person (loved one)
His/her favourite pet's name
- a dictionary word in any language
automobile licence plate number
a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
- abcd, abcdef, 1234 etc
- His/Her Mobile Number
- iforgot, idontknow, passworderror, incorrectpassword etc or similar words
- a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
In one survey of MySpace passwords which had been phished, 3.8% of
passwords were a single word found in a dictionary, and another 12
percent were a word plus a final digit; two-thirds of the time that
digit was.
3) Default Passwords
:- A moderately high number of local and online applications have
inbuilt default passwords that have been configured by programmers
during development stages of software. There are lots of applications
running on the internet on which default passwords are enabled. So, it
is quite easy for an attacker to enter default password and gain access
to sensitive information. A list which containing default passwords of
some of the most popular applications is available on the internet.
Always disable or change the application's (both online and offline)
default username-password pairs.
4) Brute Force
:- If all other techniques failed, then attackers uses brute force
password cracking technique. Here an automatic tool is used which tries
all possible combinations of available keys on the keyboard. As soon as
correct password is reached it displays on the screen.This techniques
takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing
:- This is the most effective, Most popular and easily executable
password cracking technique which is generally used to crack the
passwords of e-mail accounts, and all those accounts where secret
information or sensitive personal information is stored by user such as
social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login
screen and send it to the victim, hoping that the victim gets fooled
into entering the account username and password. As soon as victim click
on "enter" or "login" login button this information reaches to the
attacker using scripts or online form processors while the user(victim)
is redirected to home page of e-mail service provider.
Note:Sometimes you will get emails which are
demanding for your username-password, urging to be e-mail service
provider. Dont reply for them. Most Email providers and Social networks
will not ask like this.
It is possible to try to obtain the passwords
through other different methods, such as social engineering,
wiretapping, keystroke logging, login spoofing, dumpster diving,
phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using
a Trojan Horse or virus, identity management system attacks (such as
abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.
It is recommended to use a strong passwords
for your secure datas. Using long passwords containing lowercase,
UPPERCASE, and $ymbols will secure your data much. Using strong
passwords, you can bypass dictionary attacks, Brute force and guessing.
using more lengthy passwords will increase brutal force attacking time
and the hacker will leave it.
Learn Spoken English Quickly.pdf