Cracking 101

Introduction to Password Cracking
Password Recovery
Tools out there

Introduction to Password Cracking

TOP

Password cracking is the alternate way to determine the password that is stored in a system or is being transmitted over wire from/to a system. The reason for us to say that it is an alternative way is because, password cracking process is not something where you are directly talking to the system and asking it for the stored or transmitted password. You are pretty much forcing the system with different techniques to spit out the password. These techniques include password guessing, bruteforce, dictionary, rainbow table, etc. Although, the word 'cracking' immediately sounds illegal or unauthorized and for sure password cracking is used by most attackers to gain unauthorized access, they are used for password storage and retrieval of authorized users too. Authorized users might forget or misplace passwords, due to various reasons. This happens especially when people pick "hard to remember" passwords. "Hard to remember" does not mean "hard to guess" always. Sometimes they do go hand-in-hand, although it is like saying that a wallet that cannot be reopened is secure. Well yes, they are secure. But what is the use of a wallet, if it is not accessible to authorized users themselves. This is why we must follow the concept of "easy to remember, hard to guess".

Password Recovery

TOP

Password recovery tools uses the concept of password cracking to recover forgotten passwords to authorized users. Although, if you use password storage tools to securely store your passwords for several accounts, password cracker is not required unless you have forgotten the password of the storage tool itself. The time taken to crack a password can vary from few seconds to days, to years. This depends on various factors, some of which includes:

Password Strength.

Algorithm used.

Implementation of the algorithm.

Properties of the password recovery system [processing power, RAM, multi-threading, multi-processing, multi-core, etc.]

[Sometimes] Knowledge of the person running the cracking tool

Situation that the password cracker is at - The need

Tools out there

TOP

There are various tools that could crack passwords. Although, it is good to pick and choose the one that would really help you by converting your manual labor into semi-automated task and thereby reducing your time and energy, utilized to crack passwords. Some of the the famous tools that are commonly used for password cracking are Cain and Abel, John the Ripper, THC Hydra, Aircrack, L0phtcrack, AirSnort, SolarWinds, Pwdump, RainbowCrack and Brutus [1]. There are other tools from ElcomSoft, Lastbit, LCPSoft and other organizations that dedicate their time and money in building password retrieval/extracting tools. If you would like to go further and educate yourself with the types, techniques and the tools used for password cracking, checkout the "Theory" and "Research" sections in Password Analytics web-portal.

References

TOP

[1] Top 10 Password Crackers -- http://sectools.org/crackers.html

EvilFingers Arsenal

Socialize with RootkitAnalytics

Socialize with EvilFingers

Tweets

@abbietoeknee Ooh. #evilfingers

#FF @yuridiogenes, @PrivateiAlbert, @dave_rel1k, @j0emccray, @Jabra, @hdmoore, @rodsoto, @cyb3rs3c, @EvilFingers,

Thx to @Sebdraven @EvilFIngers @alisoncdiana and @RickBlaisdell for mentions, #FF, RTs and the kind words

RT @EvilFingers: The Pirate Bay returns, Anonymous hater takes credit for DDoS http://t.co/lToXLoUW

RT @mickmcavoy: Actually this has now trumped my previous intriguing comic book cover! #evilfingers http://t.co/HyuB26Wr

Actually this has now trumped my previous intriguing comic book cover! #evilfingers http://t.co/HyuB26Wr

@EvilFingers Sen Ruppersberger said the same thing about #CISPA. But his focus was on importance of info sharing #UMDCyber

@EvilFingers companies not reqd to clean data they vol give gov #UMDCyber

@EvilFingers companies not reqd to clean data they vol give gov

RT @EvilFingers: Cybersecurity Bill Runs Into Trouble: http://t.co/NdI0YlHF < According 2 Panel @ #UMDCyber on cyberlegislation (cont)

Tweeting Times Release http://t.co/qFIdqEqw - top stories by AnonymousPress, egyp7, EvilFingers

The Cybersecurity Daily is out! http://t.co/Z8G9X7Un ▸ Top stories today via @evilfingers @security_expert @amarshall_asi @anuesystems

Fun with #pcap again https://t.co/maCfpmfr

a k'wala's PrivSec Daily is out! http://t.co/swVv36jO ▸ Top stories today via @evilfingers @kaepora

My Tweeted Times http://t.co/FERk0sHU - top stories by threatpost, suffert, EvilFingers

#FF @yuridiogenes, @PrivateiAlbert, @dave_rel1k, @j0emccray, @Jabra, @hdmoore, @rodsoto, @cyb3rs3c, @EvilFingers

RT @evilfingers: Unrepentant Hippie and World Networker Randy Bush Enters Net’s Hall of Fame: Randy Bush, known for his volunteer......

RT @SecureThinking: @nesitct @zecurion @evilfingers @score4africa - Thanks for the mention, appreciated!

My Tweeted Times http://t.co/YR09QIG3 - top stories by CryptoCoinMedia, PrivacyMemes, EvilFingers

@nesitct @zecurion @evilfingers @score4africa - Thanks for the mention, appreciated!

The NESIT Daily is out! http://t.co/Q4W1RuHO ▸ Top stories today via @zecurion @evilfingers @score4africa @securethinking

top news from security list http://t.co/1RBZYhf6 - top stories by EvilFingers, nicolasbrulez, briankrebs