أحلام انصارى, profile picture
Uploaded byأحلام انصارى
PPTX, PDF11,394 views

Password craking techniques

The document discusses various techniques for cracking passwords, including dictionary attacks, brute force attacks, and exploiting weaknesses in password hashing algorithms. Default passwords, social engineering through phishing emails, and the use of tools like Cain and Abel, John the Ripper, and THC Hydra are also covered as effective cracking methods. Common password mistakes that can enable cracking are also listed.

Embed presentation

Downloaded 373 times
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Most passwords can be cracked by using following techniques :
Passwords Dictionary Attack  Attacker can compute H(word) for every word in a dictionary and see if the result is in the password file  With 1,000,000-word dictionary and assuming 10 guesses per second, brute- force online attack takes 50,000 seconds (14 hours) on average This is very conservative; Offline attack is much faster!
Hashing  Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password. If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.  One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length. LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.  Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
Guessing  Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. * blank (none) * the word "password", "passcode", "admin" and their derivatives * the user's name or login name * the name of their significant other or another person (loved one) * their birthplace or date of birth * a pet's name * a dictionary word in any language * automobile license plate number * a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters. and so on....
Default Passwords  A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Brutus Password Cracker  If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.  This techniques takes extremely long time to complete, but password will surely cracked.  Long is the password, large is the time taken to brute force it.
A Quick Look On Brutus Password Cracker
Phishing  This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.  Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password.  Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
SQL Injection  Send a command to the DB  Show the table of (userid, password)  Or email me my password  If userid == ‘x’ OR 1 == 1
Passwords Ten Common Mistakes 1. Leaving passwords blank or unchanged from default value. 2. Using the letters p-a-s-s-w-o-r-d as the password. 3. Using a favorite movie star name as the password. 4. Using a spouse’s name as the password. 5. Using the same password for everything. 6. Writing passwords on post-it notes. 7. Pasting a list of passwords under the keyboard. 8. Storing all passwords in an Excel spreadsheet on a PDA or inserting passwords into a rolodex. 9. Writing all passwords in a personal diary/notebook. 10. Giving the password to someone who claims to be the system administrator.
Password Cracking Tools  The top 3 password crackers were: 1. Cain and Abel: The top password recovery tool for Windows. 2. John the Ripper: A powerful, flexible, and fast multi- platform password hash cracker. 3. THC Hydra: A Fast network authentication cracker which supports many different services.
Window-XP Password Cracking  Using Cain And Abel
Brute-Force Using Cain And Abel
Cryptanalisys  Basically, Cryptanalisy converting encrypted messages to plain crypto- algorithm and/or key employed in This is the fastest technique of password Tables. A rainbow table is a file that is used to look known hash for an algorithm that does n Steps 1 to 4 i.e. up to importing hashes fro technique (i.e. brute-force).  Here, select "cryptanalisys attack" then rainbow tables". Here we can choose either of tables. Click on "Add Table“  Browse for the location of ra and click "open". 8) Select the loaded table and then click on "Start" button...  On completion it will the exact password...
Cracking Gmail Account Password  This method uses 'Social Engineering' rather than 'Phishing'.  Follow the steps as given below :- I. Create your own fake gmail login form using HTML, which may look as follow...
 We require a form processor to process this fake login form, i.e. to store the username and password entered by the victim. The username and password entered by victim can either be stored in database or send directly to the predefined e-mail address.  This can be done in two ways- i. Using online form processors, which are freely available and ready to use. eg. One of such form processor is provided by http://www.formmail.com . ii. If you are having your own domain hosted on some server; know basics of ASP for processing HTML forms, you can create your own processor in ASP (eg. 'login.asp' page) .  As soon as victim click on 'Move' button he/she get redirected to p webpage (eg. http://www.gmail.com), while his/her 'username' an get emailed to you by formmail.com .
Thank you

More Related Content

PPTX
Password Cracking
bySina Manavi
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPTX
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 
PPTX
Password Attack
bySina Manavi
 
PPTX
Brute force-attack presentation
byMahmoud Ibra
 
PPTX
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
PPTX
Ethical hacking : Its methodologies and tools
bychrizjohn896
 
PPTX
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 
Password Cracking
bySina Manavi
 
Password cracking and brute force
byvishalgohel12195
 
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 
Password Attack
bySina Manavi
 
Brute force-attack presentation
byMahmoud Ibra
 
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
Ethical hacking : Its methodologies and tools
bychrizjohn896
 
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 

What's hot

DOCX
Password Cracking
byHajer alriyami
 
PPTX
Password Cracking
bySagar Verma
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPT
Secure Socket Layer
byNaveen Kumar
 
PPT
Software security
byRoman Oliynykov
 
PPTX
Session Hijacking ppt
byHarsh Kevadia
 
PPTX
Web security
byPadam Banthia
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PDF
Offensive OSINT
byChristian Martorella
 
PPTX
Ransomware Attack.pptx
byIkramSabir4
 
PPT
Introduction To OWASP
byMarco Morana
 
PDF
Database forensics
byDenys A. Flores, PhD
 
PPTX
Man in The Middle Attack
byDeepak Upadhyay
 
PPTX
Introduction to Cryptography
byMd. Afif Al Mamun
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
Password Cracking
byHajer alriyami
 
Password Cracking
bySagar Verma
 
Intrusion detection system ppt
bySheetal Verma
 
Pen Testing Explained
byRand W. Hirt
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Secure Socket Layer
byNaveen Kumar
 
Software security
byRoman Oliynykov
 
Session Hijacking ppt
byHarsh Kevadia
 
Web security
byPadam Banthia
 
Cyber Threat Intelligence
bymohamed nasri
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Threat hunting for Beginners
bySKMohamedKasim
 
Offensive OSINT
byChristian Martorella
 
Ransomware Attack.pptx
byIkramSabir4
 
Introduction To OWASP
byMarco Morana
 
Database forensics
byDenys A. Flores, PhD
 
Man in The Middle Attack
byDeepak Upadhyay
 
Introduction to Cryptography
byMd. Afif Al Mamun
 
Basics of Denial of Service Attacks
byHansa Nidushan
 

Viewers also liked

ODP
Password Attack
byAliaqa Hosainy
 
DOCX
Password hacking
byAbhay pal
 
PPT
Ethical Hacking
byMukul Agarwal
 
PPT
Security Vulnerabilities
byMarius Vorster
 
PDF
Ce Hv6 Module 18 Web Based Password Cracking Techniques
byKislaychd
 
PDF
Password Cracking with Rainbow Tables
byKorhan Bircan
 
PPTX
Ethical Hacking
byPallavi Sonone
 
PPTX
password cracking and Key logger
byPatel Mit
 
PDF
Password (in)security
byEnrico Zimuel
 
PPTX
Virus and worms
byVikas Sharma
 
PPT
Viruses, Worms And Trojan Horses
byMario Reascos
 
PPTX
Packet sniffers
byKunal Thakur
 
PDF
Intro to White Chapel
byRob Fuller
 
PPTX
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
PPTX
password cracking using John the ripper, hashcat, Cain&abel
byShweta Sharma
 
PPTX
Packet sniffers
byRavi Teja Reddy
 
PPTX
Cyber security presentation
byBijay Bhandari
 
DOCX
Online movie ticket booking
bymrinnovater007
 
PPT
Spoofing
bySanjeev
 
Password Attack
byAliaqa Hosainy
 
Password hacking
byAbhay pal
 
Ethical Hacking
byMukul Agarwal
 
Security Vulnerabilities
byMarius Vorster
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
byKislaychd
 
Password Cracking with Rainbow Tables
byKorhan Bircan
 
Ethical Hacking
byPallavi Sonone
 
password cracking and Key logger
byPatel Mit
 
Password (in)security
byEnrico Zimuel
 
Virus and worms
byVikas Sharma
 
Viruses, Worms And Trojan Horses
byMario Reascos
 
Packet sniffers
byKunal Thakur
 
Intro to White Chapel
byRob Fuller
 
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
password cracking using John the ripper, hashcat, Cain&abel
byShweta Sharma
 
Packet sniffers
byRavi Teja Reddy
 
Cyber security presentation
byBijay Bhandari
 
Online movie ticket booking
bymrinnovater007
 
Spoofing
bySanjeev
 

Similar to Password craking techniques

PPTX
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
PPTX
Gamifying Ethical hacking for education.pptx
byyg5ptrdvbg
 
DOC
Password hacking
byMr. FM
 
PPTX
Password cracking and brute force tools
byzeus7856
 
PPTX
Cybersecurity Essentials - Part 2
byShobhit Sharma
 
PPT
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
byajajkhan16
 
PPTX
unit2_password_attacks_2fdgf.pdfgdgdghgptx
byzmulani8
 
PDF
Enterprise Password Worst Practices
byImperva
 
PPTX
P@ssw0rds
byWill Alexander
 
PPTX
Passwords
bySonia Rose Mary Karungi
 
PDF
Password War Games Webinar
bynCircle - a Tripwire Company
 
PDF
How to choose a password that’s hard to crack
byKlaus Drosch
 
ODP
Passwords
byKevin OBrien
 
PDF
Password Cracking using dictionary attacks
bylord
 
PPT
Computer Privacy:Passwords-Mike B.
byMike Barker
 
PDF
W make107
byGreg in SD
 
PDF
everybody-password-cracking-101.pdf bbgg
byankomahg434
 
ODP
All Your Password Are Belong To Us
byCharles Southerland
 
PPT
Let me in! 10 tips to better passwords
byMarian Merritt
 
PPTX
Personal Internet Security System
byMatthew Bricker
 
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
Gamifying Ethical hacking for education.pptx
byyg5ptrdvbg
 
Password hacking
byMr. FM
 
Password cracking and brute force tools
byzeus7856
 
Cybersecurity Essentials - Part 2
byShobhit Sharma
 
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
byajajkhan16
 
unit2_password_attacks_2fdgf.pdfgdgdghgptx
byzmulani8
 
Enterprise Password Worst Practices
byImperva
 
P@ssw0rds
byWill Alexander
 
Passwords
bySonia Rose Mary Karungi
 
Password War Games Webinar
bynCircle - a Tripwire Company
 
How to choose a password that’s hard to crack
byKlaus Drosch
 
Passwords
byKevin OBrien
 
Password Cracking using dictionary attacks
bylord
 
Computer Privacy:Passwords-Mike B.
byMike Barker
 
W make107
byGreg in SD
 
everybody-password-cracking-101.pdf bbgg
byankomahg434
 
All Your Password Are Belong To Us
byCharles Southerland
 
Let me in! 10 tips to better passwords
byMarian Merritt
 
Personal Internet Security System
byMatthew Bricker
 

More from أحلام انصارى

PPTX
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
byأحلام انصارى
 
PPTX
Intention recognition for dynamic role exchange in haptic
byأحلام انصارى
 
PPT
Noise Adaptive Training for Robust Automatic Speech Recognition
byأحلام انصارى
 
PPTX
Human behaviour analysis based on New motion descriptor
byأحلام انصارى
 
PPTX
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
byأحلام انصارى
 
PDF
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
byأحلام انصارى
 
PPTX
Security issues in cloud database
byأحلام انصارى
 
PPTX
Html5 offers 5 times better ways to hijack the website
byأحلام انصارى
 
PPTX
Honey pot in cloud computing
byأحلام انصارى
 
PPT
grid authentication
byأحلام انصارى
 
PPTX
Security As A Service In Cloud(SECaaS)
byأحلام انصارى
 
PPT
Dos presentation by ahlam shakeel
byأحلام انصارى
 
PPTX
Soa
byأحلام انصارى
 
PPTX
Rbac
byأحلام انصارى
 
PPT
Operating system vulnerability and control
byأحلام انصارى
 
PPT
Network ssecurity toolkit
byأحلام انصارى
 
PPTX
Image forgery and security
byأحلام انصارى
 
PPTX
Image based authentication
byأحلام انصارى
 
PPT
Dmz
byأحلام انصارى
 
PPT
Cryptography
byأحلام انصارى
 
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
byأحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
byأحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
byأحلام انصارى
 
Human behaviour analysis based on New motion descriptor
byأحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
byأحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
byأحلام انصارى
 
Security issues in cloud database
byأحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
byأحلام انصارى
 
Honey pot in cloud computing
byأحلام انصارى
 
grid authentication
byأحلام انصارى
 
Security As A Service In Cloud(SECaaS)
byأحلام انصارى
 
Dos presentation by ahlam shakeel
byأحلام انصارى
 
Soa
byأحلام انصارى
 
Rbac
byأحلام انصارى
 
Operating system vulnerability and control
byأحلام انصارى
 
Network ssecurity toolkit
byأحلام انصارى
 
Image forgery and security
byأحلام انصارى
 
Image based authentication
byأحلام انصارى
 
Dmz
byأحلام انصارى
 
Cryptography
byأحلام انصارى
 

Password craking techniques

  • 2.
    Password cracking isthe process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Most passwords can be cracked by using following techniques :
  • 3.
    Passwords Dictionary Attack  Attackercan compute H(word) for every word in a dictionary and see if the result is in the password file  With 1,000,000-word dictionary and assuming 10 guesses per second, brute- force online attack takes 50,000 seconds (14 hours) on average This is very conservative; Offline attack is much faster!
  • 4.
    Hashing  Here wewill refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password. If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.  One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length. LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.  Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
  • 5.
    Guessing  Many passwordscan be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. * blank (none) * the word "password", "passcode", "admin" and their derivatives * the user's name or login name * the name of their significant other or another person (loved one) * their birthplace or date of birth * a pet's name * a dictionary word in any language * automobile license plate number * a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters. and so on....
  • 6.
    Default Passwords  Amoderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
  • 7.
    Brutus Password Cracker If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.  This techniques takes extremely long time to complete, but password will surely cracked.  Long is the password, large is the time taken to brute force it.
  • 8.
    A Quick LookOn Brutus Password Cracker
  • 9.
    Phishing  This isthe most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.  Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password.  Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
  • 10.
    SQL Injection  Senda command to the DB  Show the table of (userid, password)  Or email me my password  If userid == ‘x’ OR 1 == 1
  • 11.
    Passwords Ten Common Mistakes 1. Leaving passwords blank or unchanged from default value. 2. Using the letters p-a-s-s-w-o-r-d as the password. 3. Using a favorite movie star name as the password. 4. Using a spouse’s name as the password. 5. Using the same password for everything. 6. Writing passwords on post-it notes. 7. Pasting a list of passwords under the keyboard. 8. Storing all passwords in an Excel spreadsheet on a PDA or inserting passwords into a rolodex. 9. Writing all passwords in a personal diary/notebook. 10. Giving the password to someone who claims to be the system administrator.
  • 12.
    Password Cracking Tools The top 3 password crackers were: 1. Cain and Abel: The top password recovery tool for Windows. 2. John the Ripper: A powerful, flexible, and fast multi- platform password hash cracker. 3. THC Hydra: A Fast network authentication cracker which supports many different services.
  • 13.
  • 14.
  • 15.
    Cryptanalisys  Basically, Cryptanalisyconverting encrypted messages to plain crypto- algorithm and/or key employed in This is the fastest technique of password Tables. A rainbow table is a file that is used to look known hash for an algorithm that does n Steps 1 to 4 i.e. up to importing hashes fro technique (i.e. brute-force).  Here, select "cryptanalisys attack" then rainbow tables". Here we can choose either of tables. Click on "Add Table“  Browse for the location of ra and click "open". 8) Select the loaded table and then click on "Start" button...  On completion it will the exact password...
  • 16.
    Cracking Gmail AccountPassword  This method uses 'Social Engineering' rather than 'Phishing'.  Follow the steps as given below :- I. Create your own fake gmail login form using HTML, which may look as follow...
  • 17.
     We requirea form processor to process this fake login form, i.e. to store the username and password entered by the victim. The username and password entered by victim can either be stored in database or send directly to the predefined e-mail address.  This can be done in two ways- i. Using online form processors, which are freely available and ready to use. eg. One of such form processor is provided by http://www.formmail.com . ii. If you are having your own domain hosted on some server; know basics of ASP for processing HTML forms, you can create your own processor in ASP (eg. 'login.asp' page) .  As soon as victim click on 'Move' button he/she get redirected to p webpage (eg. http://www.gmail.com), while his/her 'username' an get emailed to you by formmail.com .
  • 18.