The document discusses password cracking and brute force tools, outlining various methods and tools used to gain unauthorized access to systems or recover forgotten passwords. It details common cracking techniques such as brute force attacks, social engineering, and phishing, along with specific tools like Brutus, RainbowCrack, and Cain & Abel. Emphasis is placed on the importance of complex passwords to counteract these attacks and the various methods employed by hackers to acquire sensitive information.

1. Password Cracking
And BruteForce
Tools.
PREPARED BY:-
KAMAL PUROHIT 130670107087.

2. Contents Include:-
 What is password Cracking?
 Different methods use in Password Crackng.
 Tools Used In Password Cracking.
 What is Bruteforcing.?
 Differet types of bruteforce tools.

3. What is password Cracking?
 The process of attempting to guess or crack passwords to gain
access to a computer system or network.
 Crackers will generally use a variety of tools, scripts, or software to
crack a system password.
 The goal of the cracker is to ideally obtain the password
for root (UNIX) or system and administrator (Windows, NT).
 Password cracks work by comparing every encrypted dictionary
word against the entries in system password file until a match is
found.

4. Password Cracking.
 In cryptanalysis and computer security, password cracking is the
process of recovering passwords from data that have been stored in or
transmitted by a computer system.
 A common approach (brute-force attack) is to try guesses repeatedly
for the password and check them against an available cryptographic
hash of the password.
 The purpose of password cracking might be to help a user recover a
forgotten password (installing an entirely new password is less of a
security risk, but it involves System Administration privileges), to gain
unauthorized access to a system, or as a preventive measure by System
Administrators to check for easily crackable passwords. 4
 On a file-by-file basis, password cracking is utilized to gain access to
digital evidence for which a judge has allowed access but the
particular file's access is restricted

5. How Password are cracked?
 First of All u have to do is to Collect Some information About the
victim or your Device,For Which have To crack An Password.
 Like Password Length,Password Type,etc.
 Then Create an List Of that type Of Password,and try each one
one on your victim or your device.if the device get successfully
login credential,then u done.if not then keep tryping.
 All though there are many tools available on internet,such as
bruteforcing tools,password cracking tools,etc.by using it u can
easily get an password.

6. Types Of Password Cracking.
 There are number of methods out their used by hackers to hack your
account or get your personal information. Among them Some of the
Common Method are listed here.
A. Brute Force Attack.
B. Social Engineering.
C. Rats And Keyloggers.
D. Phishing.
E. Rainbow Table.
F. Guessing.

7. Brute Force Attack:-
 Any password can be cracked using Brute-force attack. Brute-force
attacks try every possible combinations of numbers, letters and special
characters until the right password is match.
 Brute-force attacks can take very long time depending upon the
complexity of the password.
 The cracking time is determined by the speed of computer and
complexity of the password.
 Countermeasure: Use long and complex passwords. Try to use
combination of upper and lowercase letters along with numbers. Brute-
force attack will take hundreds or even thousands of years to crack
such complex and long passwords.
 Example: Passwords like "iloveu" or "password" can be cracked easily
whereas computer will take years to crack passwords like "aN34lL00"

8. Social Engineering:-
 Social engineering is process of manipulating someone to trust you
and get information from them.
 For example, if the hacker was trying to get the password of a co-
workers or friends computer, he could call him pretending to be
from the IT department and simply ask for his login details.
 Sometime hackers call the victim pretending to be from bank and
ask for their credit cards details.
 Social Engineering can be used to get someone password, to get
bank credentials or any personal information.
 Countermeasure: If someone tries to get your personal or bank
details ask them few questions. Make sure the person calling you is
legit. Never ever give your credit card details on phone.

9. RAT & KEYlogger:-
 In keylogging or RATing the hacker sends keylogger or rat to the
victim.
 This allows hacker to monitor every thing victim do on his computer.
Every keystroke is logged including passwords.
 Moreever hacker can even control the victims computer.
 Countermeasure: Never login to your bank account from cyber
cafe or someone else computer. If its important use on-screen or
virtual keyboard while tying the login. Use latest anti-virus software
and keep them updated. Check out below article to know more
about Rats and Keyloggers.

10. Rainbow Table:-
 Phishing is the most easiest and popular hacking method used by
hackers to get someone account details.
 In Phishing attack hacker send fake page of real website like
facebook, gmail to victim. When someone login through that fake
page his details is send to the hacker.
 This fake pages can be easily created and hosted on free web-
hosting sites.
 Countermeasure: Phishing attacks are very easy to avoid. The url of
this phishing pages are different from the real one. For example URL
of phishing page of facebook might look like facbbook.com (As you
can see There are two "b"). Always make sure that websites url is
correct.

11. Rainbow Table:-
 A Rainbow table is a huge pre-computed list of hashes for every
possible combination of characters.
 A password hash is a password that has gone through a
mathematical algorithm such as md5 and is transformed into
something which is not recognizable.
 A hash is a one way encryption so once a password is hashed there
is no way to get the original string from the hashed string.
 A very commonly used hashing algorithm to store passwords in
website databases is MD5.
 It is almost similar to dictionary attack, the only difference is, in
rainbow tables attack hashed characters are used as passwords
whereas in dictionary attack normal characters are used as
passwords.

12. Rainbow Table:-
 Example: ‘hello’ in md5
is 5d41402abc4b2a76b9719d911017c592 and zero length string ("")
is d41d8cd98f00b204e9800998ecf8427e
 Countermeasure: Make sure you choose password that is long and
complex. Creating tables for long and complex password takes a
very long time and a lot of resources

13. Guessing:-
 This seems silly but this can easily help you to get someones
password within seconds.
 If hacker knows you, he can use information he knows about you to
guess your password. Hacker can also use combination of Social
Engineering and Guessing to acquire your password.
 Countermeasure: Don't use your name, surname, phone number or
birthdate as your password. Try to avoid creating password that
relates to you. Create complex and long password with
combination of letters and numbers.

14. Password Cracking & BruteForce
Tools.
 Various Types Of Password cracking & BruteFroce Tools Are
Avialable.They Are Listed here Below:-
I. BRUTUS.
II. Rainbow Crack.
III. Wfuzz.
IV. Cain and Abel.
V. THC Hydra.

15.  Brutus:-Brutus is one of the most popular remote online password
cracking tools.
 It claims to be the fastest and most flexible password cracking tool.
This tool is free and is only available for Windows systems.
 It was released back in October 2000.
 Supporting Device:-It supports HTTP (Basic Authentication), HTTP
(HTML Form/CGI), POP3, FTP, SMB, Telnet and other types such as
IMAP, NNTP, NetBus, etc.
 You can also create your own authentication types.
 This tool also supports multi-stage authentication engines and is able
to connect 60 simultaneous targets

16.  Rainbow Crack:- RainbowCrack is a hash cracker tool that uses
a large-scale time-memory trade off process for faster password
cracking than traditional brute force tools.
 Time-memory trade off is a computational process in which all plain
text and hash pairs are calculated by using a selected hash
algorithm.
 After computation, results are stored in the rainbow table. This
process is very time consuming. But, once the table is ready, it can
crack a password must faster than brute force tools.
 Download link:- Download Rainbow crack here: http://project-
rainbowcrack.com/

17.  Wfuzz:-Wfuzz is another web application password cracking tool that tries to
crack passwords with brute forcing.
 It can also be used to find hidden resources like directories, servlets and scripts.
 This tool can also identify different kind of injections including SQL Injection, XSS
Injection, LDAP Injection, etc in Web applications.
 Key Features:-
 Multi Threading
 Brute force HTTP Password
 POST and GET Brute forcing
 Time delay between requests
 Cookies fuzzing
• Download link:- http://resources.infosecinstitute.com/10-popular-password-
cracking-tools/#download

18.  Cain & Cabel:-Cain and Abel is a well-known password cracking
tool that is capable of handling a variety of tasks.
 The most notable thing is that the tool is only available for Windows
platforms.
 It can work as sniffer in the network, cracking encrypted passwords
using the dictionary attack, recording VoIP conversations, brute
force attacks, cryptanalysis attacks, revealing password boxes,
uncovering cached passwords, decoding scrambled passwords,
and analyzing routing protocols.
 Donwload Link:-http://www.oxid.it/ca_um/

19.  THC HYRDRA:- THC Hydra is a fast network logon password
cracking tool. When it is compared with other similar tools, it shows
why it is faster. New modules are easy to install in the tool.
 You can easily add modules and enhance the features. It is
available for Windows, Linux, Free BSD, Solaris and OS X. This tool
supports various network protocols.
 Currently it supports Asterisk, AFP, Cisco AAA, Cisco auth, Cisco
enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-
GET, HTTP-HEAD,etc.
 If you are a developer, you can also contribute to the tool’s
development.
 Download Link:-https://www.thc.org/thc-hydra/

20. BruteForce:-
 Definition - What does Brute Force Attack mean?
 A brute force attack is a trial-and-error method used to obtain
information such as a user password or personal identification number
(PIN).
 In a brute force attack, automated software is used to generate a
large number of consecutive guesses as to the value of the desired
data.
 Brute force attacks may be used by criminals to crack encrypted data,
or by security analysts to test an organization's network security.
 A brute force attack may also be referred to as brute force cracking.

21. BruteForce Tools List:-
 Some Of The privately Designed Tools,which Has been Used For
cracking Premium password For Different Sites Are listed here Below.
 Vertex.
 Account Htiman.
 Sentry Mba.
 Fast Rdp Brute(VPS Cracker).
 V Crack.
 AIOHNB
 LetsBrute.
 Among Them Sentry Mba And Vertex Is The most trusted Tools,which
is Used For Cracking Premium Pass OF Site

22. Example Of Sentry Mba For
Cracking Facebook Password.
 First of All u need Combo list(Email:Pass) n Some Bunch oF Proxies
And Some Time.
 Get The Configs.load it in Tools.And Start Cracking….take Some
Time N See after Some Time
 You Will get Some Hits.

23.  By Using Sentry MBA…We can Also Crack Premium Accounts For
Multiple Sites Like:-
 ESPN.COM
 EBAY.COM
 AMAZON.COM
 VPS N VPN.
 GMAIL.COM.
 Etc.

24.  Prepared By:-
Sahil Patel. 130670107076.
Kamal purohit 130670107087.
Sandeep Shekva 130670107103.
 Guided By:-
Khusboo Varu.