Skip to main content

How To Hack Like Pro!

Hey, everyone! I’m writing this podcast after a great week at DEF CON!
DEF CON is one of the largest hacking conferences in the world, where hackers from across the globe gather to share ideas, listen to leading security experts, and compete in ruthless hacking contests.
In the spirit of DEF CON and my week of hacking, I’m going to cover one question that I get asked all the time: How do you "crack" a password?
To answer that, I’m going to take you through the steps a hacker would use to break your password--so that you can avoid some of the pitfalls that would make you an easy target to any password cracker out there.

What's a Hash?

First, let’s talk about how passwords are stored. If a website or program is storing your password--like Google, Facebook or anywhere that you have an online account--the password is generally stored in the form of a hash. A hash is basically a secure way of storing passwords based upon math.
A hash is also a way of scrambling a password--so if you know the trick, you can easily unscramble it. It would be similar to hiding a key to your house in your front yard: if you knew where the key was, it would take you only a few seconds to find it. However, if you didn’t know where the key was it would probably take you a long time to find it.

The 2 Types of Hacker Attacks

Now, let’s break down password attacks into two different types: online and offline.
Offline attacks are where a hacker can take a password hash, copy it, and take it home with them to work on. Online attacks require the attacker trying to login to your online account to go to the specific website they are targeting.
Online attacks on secure websites are very difficult for a hacker, because these types of sites will limit the number of times an attacker can try a password. This has probably happened to you if you’ve forgotten your password and been locked out of your account. This system is actually designed to protect you from hackers who are trying billions of guesses to figure out your password.
An online attack would be like if you tried to search for someone’s hidden key in their front yard while they were home. If you looked in a few places, it probably wouldn’t look too odd; however, if you spent all day in front of the house, you’d be spotted and told to leave right away!
how to crack a passwordIn the case of an online attack, a hacker would most likely do a lot of research on a particular target to see if they could find any identifying information about them, such as children’s names, birthdays, significant others, old addresses, etc. From there, an attacker could try a handful of targeted passwords that would have a higher success rate than just random guesses.
Offline attacks are much more sinister, and don’t offer this protection. Offline attacks take place when an encrypted file, such as a PDF or document, is intercepted, or when a hashed key is transferred (as is the case with WiFi.) If you copy an encrypted file or hashed password, an attacker can take this key home with them and try to crack it at their leisure.
Although this may sound awful, it’s not as bad as you may think. Password hashes are almost always "one-way functions." In English, this just means that you can perform a series of scrambles of your password that are next to impossible to reverse. This makes finding a password pretty darn difficult.
Labels:

Comments

Post a Comment

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training programme, which
1 comment
Read more

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP Elitebook BIOS. Fortunately, HP Eliteb
Post a Comment
Read more

Ethical Hacking - TCP/IP Hijacking

TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session. In theory, a TCP/IP connection is established as shown below − To hijack this connection, there are two possibilities − Find the seq which is a number that increases by 1, but there is no chance to predict it. The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing . For sniffing, we use tools like Wireshark or Ethercap . Example An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection. When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user. Shijack In practice, one of the best TCP/IP hijack too
Post a Comment
Read more