gijake

Password cracker

14 posts in this topic

Hi, I am new here, and reletivly new at hacking. I was reading an article and it said somthing about using a bruteforce program to find a password. I was wondering if someone could fill me in on this.

Thanks,

Jake

0

Share this post


Link to post
Share on other sites

If you have the password hash, you can use a password cracker like "John the Ripper".

However, if you're cracking something on just a remote service, you want to learn

more about networking and such first, because these "attacks" can be very heavy on

resources, and you'll get caught and sent to jail. The easiest way is if you have a hash

but don't do it unless it's your password, or if you're doing an audit for someone.

There are different types of attacks on passwords, the two basic attacks are "brute force"

and "dictionary based". Dictionary based password cracking basically just runs through

a given list of known words, and tests each word against the password hash. This is the

fastest way of cracking weak passwords. The second way "brute force" can take much

longer to crack, but it tests every possible password (within the defined parameters).

0

Share this post


Link to post
Share on other sites

Hi there! Here is a link to a bruteforce program:

Brutus

Brutus is for use with Windows.

I have messed around with Cain & Abel.

(when I used Windoze)

I cant tell you very much more becuase I havent ever found much use for this type of attack. Personally, I think that if you can SE to find out the password its a lot easier. If you have a home LAN and there are other computers within the network, try it out on those.

Thats my ten cents. :ninja:

-Alk3

0

Share this post


Link to post
Share on other sites

what are password hashes? and what is SE? Im really new at this. thanks for the link Alk.

Edited by gijake
0

Share this post


Link to post
Share on other sites

what are password hashes? and what is SE? Im really new at this.

Check out

http://www.irongeek.com Has a lot of hacking/technical tutorial, movies, and links.

http://www.openwall.com/john/ That is "Johnt The Ripper"

Default Password List Basic list of passwords for routers.

SE stands for social engineering. Basically manipulation, and someone else might be able to explain it better.

-Alk3

Edited by Alk3
0

Share this post


Link to post
Share on other sites

SEing is basically "tricking" someone into giving you what you want.

0

Share this post


Link to post
Share on other sites

To add on to stderr's post, and answer your question about hashes:

a 'hash function' is an algorithm (one example is md5) that takes some input, like the word 'password' and produces some random-looking output, 5f4dcc3b5aa765d61d8327deb882cf99. This is the 'hash'.

The hash function only works one way, meaning it is computationally infeasible to get the plaintext ( ''password'' ) from the hash (5f4dcc3b5aa765d61d8327deb882cf99).

For this reason the passwords on your own or remote systems are stored in the hash form, not the plaintext form, and authentication is done when you login by taking the plain password which you provide, hashing it, and comparing the hash with the hash stored on the system.

If you were to get a hold of the password hashes on a system, the only way to 'crack' them would be to use a program such as John the Ripper that goes through a dictionary file and calculates hashes of those words, and checks if the hashes match any hashes in the file you are trying to crack. JtR would then print the hash and corresponding plaintext if it finds a match.

Another method is to use a large table of pre-computed plaintext and corresponding hashes (Rainbow Tables) and look up your hash in the database to find the password from which it originated.

0

Share this post


Link to post
Share on other sites

SEing is basically "tricking" someone into giving you what you want.

You can also SE with heavy objects and various kitchen tools.

0

Share this post


Link to post
Share on other sites

If you want more information on John the Ripper and Cain & Able then I would highly suggest Irongeek's Videos.

0

Share this post


Link to post
Share on other sites

If you want more information on John the Ripper and Cain & Able then I would highly suggest Irongeek's Videos.

Irongeek is a pro at cracking just about any type of password and his tuts and files are good base learning tools so I definatley suggest checking all that stuff out if your interested in pass cracking, but you do know there is more to hacking than just passwords right?

0

Share this post


Link to post
Share on other sites

If you want more information on John the Ripper and Cain & Able then I would highly suggest Irongeek's Videos.

Irongeek is a pro at cracking just about any type of password and his tuts and files are good base learning tools so I definatley suggest checking all that stuff out if your interested in pass cracking, but you do know there is more to hacking than just passwords right?

Of course I know that.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now