Ethical Hacking - Overview
Ethical Hacking - Password Hacking
A password is an unspaced sequence of character used to determine that a computer user requesting access to a computer system is really that particular user.
Method When Choosing A Password:-
-Don't pick a password that someone can easily guess if they know who you are (For Ex- Birthday,petname,or favourite actor name)
-Don't choose a word that you can easily remember.
-Don't choose a password that is similar to your previous password
-Don't choose a mixture of letter and least one number.
Choose A easy Password to remember
-India is the great country all over the world.(Ii@tg&caotw!)
-Lata mangeshker is my favorite singer her birthdate is 28\09\1929(Lmimfshbi28091929@@!)
Types Of Password Cracking Techniques.
A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.Hydra is a popular tool that is widely used for dictionary attacks. Take a look at the following screenshot and observe how we have used Hydra to find out the password of an FTP service.
This type of attack is used when attacker gets some information about the password. This is the most powerful attack because the cracker knows about the type of password. This technique involves use of brute force, dictionary and syllable attacks.
In a brute-force attack, the hacker uses all possible combinations of letters, numbers, special characters, and small and capital letters to break the password. This type of attack has a high probability of success, but it requires an enormous amount of time to process all the combinations. A brute-force attack is slow and the hacker might require a system with high processing power to perform all those permutations and combinations faster.
John the Ripper or Johnny is one of the powerful tools to set a brute-force attack and it comes bundled with the Kali distribution of Linux.
Rainbow attack is nothing but a little advanced from of precomputed hash. It uses already calculated information stored in memory to crack the cryptography. In rainbow attack the same technique is used, the password hash table is created in advance and stored into the memory. Such a plain table is known as rainbow table. A rainbow table is a look-up table specially used in recovering the plain text password from a cipher-text.
A hybrid attack is the next level of attack a hacker attempts if the password can’t be found using a dictionary attack. The hybrid attack starts with a dictionary file and substitutes numbers and symbols for characters in the password. For example, many users add the number 1 to the end of their password to meet strong password requirements. A hybrid attack is designed to find those types of anomalies in passwords.
Syllable attack is combination of both brute force and dictionary attack. This cracking technique is used when the password is not an existing word. Attackers use the dictionary and other methods to crack it. It also uses the possible combination of every word present in the dictionary.