Password Hacking

-: Password Hacking :-

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.

A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.

Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Hacking Tools(Password Crackers)

-: Hacking Tools :-

Password Crackers :-

Cain and Abel :- The top password recovery tool for Windows. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Home:- http://www.oxid.it Latest Release:- cain & abel v4.9.40 Download:- http://www.oxid.it/cain.html

John the Ripper :- A powerful, flexible, and fast multi-platform password hash cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. Home:- http://www.openwall.com Latest Release:- John the Ripper 1.7 Download:- http://www.openwall.com/john/

THC Hydra :- A Fast network authentication cracker which support many different services. When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Home:- http://www.thc.org Latest Release:- THC-Hydra v5.4 Download:- http://freeworld.thc.org/thc-hydra/

L0phtcrack :- Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). Home:- Not Available Latest Release:- L0phtcrack v5.04 Download:- http://download.insecure.org/stf/lc5-setup.exe                   http://download.insecure.org/stf/lc5-crack.zip (keygen)

Pwdump :- Windows password recovery tool. Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file. Home:- http://www.foofus.net/fizzgig/pwdump Latest Release:- pwdump6 version 1.7.2 Download:- http://swamp.foofus.net/fizzgig/pwdump/downloads.htm

RainbowCrack :- An Innovative Password Hash Cracker. The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. Home:- http://www.antsight.com Latest Release:- rainbowcrack v1.2 Download:- http://www.antsight.com/zsl/rainbowcrack/

Brutus :- A network brute-force authentication cracker This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. Home:- http://www.hoobie.net Latest Release:- brutus-aet2 Download:- http://www.hoobie.net/brutus/brutus-download.html

-: Cryptography :-

By definition cryptography is the process of converting recognisable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver's end.

In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.


The Purpose :-
* Authentication : The process of proving one's identity.
* Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
* Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
* Non-repudiation : A mechanism to prove that the sender really sent this message.

In general cryptographic algorithms are classified into three categories as follows :

1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly "encrypt" information.

Secret Key Cryptography :- With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography algorithms that are in use today include :

1) Data Encryption Standard (DES) : DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to "brute force" attacks.
Triple-DES (3DES) and DESX are the two important variants that strengthen DES.

2) Advanced Encryption Standard (AES ) : The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

3 ) International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.

4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.

RC1 : Designed on paper but never implemented.
RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
RC3 : Found to be breakable during development.
RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.

5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.