Skip to main content

Ethical Hacking - Password Hacking

We have passwords for emails, databases, computer systems, servers, bank accounts, and virtually everything that we want to protect. Passwords are in general the keys to get access into a system or an account.
In general, people tend to set passwords that are easy to remember, such as their date of birth, names of family members, mobile numbers, etc. This is what makes the passwords weak and prone to easy hacking.
One should always take care to have a strong password to defend their accounts from potential hackers. A strong password has the following attributes −
  • Contains at least 8 characters.
  • A mix of letters, numbers, and special characters.
  • A combination of small and capital letters.

Dictionary Attack

In a dictionary attack, the hacker uses a predefined list of words from a dictionary to try and guess the password. If the set password is weak, then a dictionary attack can decode it quite fast.
Hydra is a popular tool that is widely used for dictionary attacks. Take a look at the following screenshot and observe how we have used Hydra to find out the password of an FTP service.
Dictionary Attack

Hybrid Dictionary Attack

Hybrid dictionary attack uses a set of dictionary words combined with extensions. For example, we have the word “admin” and combine it with number extensions such as “admin123”, “admin147”, etc.
Crunch is a wordlist generator where you can specify a standard character set or a character set. Crunch can generate all possible combinations and permutations. This tool comes bundled with the Kali distribution of Linux.
Hybrid Attack

Brute-Force Attack

In a brute-force attack, the hacker uses all possible combinations of letters, numbers, special characters, and small and capital letters to break the password. This type of attack has a high probability of success, but it requires an enormous amount of time to process all the combinations. A brute-force attack is slow and the hacker might require a system with high processing power to perform all those permutations and combinations faster.
John the Ripper or Johnny is one of the powerful tools to set a brute-force attack and it comes bundled with the Kali distribution of Linux.
Brute Force

Rainbow Tables

A rainbow table contains a set of predefined passwords that are hashed. It is a lookup table used especially in recovering plain passwords from a cipher text. During the process of password recovery, it just looks at the pre-calculated hash table to crack the password. The tables can be downloaded from http://project-rainbowcrack.com/table.htm
RainbowCrack 1.6.1 is the tool to use the rainbow tables. It is available again in Kali distribution.
Rainbow Table

Quick Tips

  • Don’t note down the passwords anywhere, just memorize them.
  • Set strong passwords that are difficult to crack.
  • Use a combination of alphabets, digits, symbols, and capital and small letters.
  • Don’t set passwords that are similar to their usernames.
Labels:

Comments

Post a Comment

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training programme, which
1 comment
Read more

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP Elitebook BIOS. Fortunately, HP Eliteb
Post a Comment
Read more

Ethical Hacking - TCP/IP Hijacking

TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session. In theory, a TCP/IP connection is established as shown below − To hijack this connection, there are two possibilities − Find the seq which is a number that increases by 1, but there is no chance to predict it. The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing . For sniffing, we use tools like Wireshark or Ethercap . Example An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection. When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user. Shijack In practice, one of the best TCP/IP hijack too
Post a Comment
Read more