How to Crack Passwords like a Real Hacker
In this article, you will learn how to crack passwords. If you know how to obtain this kind of information, you can easily hack your targets or protect your passwords from potential attackers.
In many cases, hacking attacks begin with obtaining a password to the target network. A password is an important piece of information required to access a network, and users usually choose passwords that can be guessed easily. Lots of people “recycle” passwords or select simple ones – like a childhood nickname – to assist them in remembering it. As a result of this behavior, hackers can guess a password if they have some data about the user involved.
Different Types of Passwords
Nowadays, various types of passwords are employed to give access to networks. The characters that build a password can belong to any of these classifications:
- Numbers only
- Letters only
- Special characters only
- Numbers and letters
- Letters and special characters
- Numbers and special characters
- Numbers, letters, and special characters
Strong passwords can resist password cracking attacks. Here are some tips that can help you in creating a strong password:
- It shouldn’t contain any part of your name
- It should have at least eight characters
- It should contain characters from these categories:
- Special characters
- Lowercase letters
- Uppercase letters
Hackers may use various types of attacks to determine a password and gain access to the target. Here are some types of password attacks:
- Offline – Hybrid, Dictionary, and Brute-force approaches.
- Active Online – Guessing the user’s password. This type includes automated password determination.
- Passive Online – Spying on password exchanges within the target network. This type includes replay, sniffing, and man-in-the-middle attacks.
Let’s discuss these attacks in detail.
These attacks require hackers to physically access a device that contains the usernames and passwords. Once the physical access is established, the hackers need to copy the username and password files onto a removable device (e.g. thumb drives). Here are three common types of offline attacks:
Hackers consider this as the quickest and simplest form of password cracking attack. They use it to determine passwords that are actual words, which can be seen in a dictionary. In most cases, this attack utilizes a dictionary file that contains possible words. This file is encrypted through the algorithm used by the system’s authentication procedure.
Since this attack assumes that the password is an actual word, it won’t work against those that involve numbers or special characters.
This is the second stage of the attack: it is used if passwords cannot be obtained using the dictionary attack. Hybrid attacks begin with a dictionary file. Then, it replaces symbols and numbers for characters that form the password. For instance, lots of users include the number “1” at the end of their password to make it stronger (or at least meet password requirements set by system administrators). Hybrid attacks are designed to find and exploit those anomalies in password creation.
This is the most time-consuming offline attack. In order to crack passwords it tries each possible combination of symbols, numbers, lowercase letters, and uppercase letters. Since there are hundreds (or even thousands) of possible password combinations, the brute-force approach is the slowest offline attack available today.
Many hackers rely on this attack, although it consumes a large amount of time. This is because it is more effective than the two offline attacks discussed above. Since it checks every possible combination, it can identify any password if given sufficient time and computing power.
Active Online Attacks
For some people, the easiest way to gain high-level access to a network is by guessing the administrator’s password. Password guessing is considered as an active form of hacking. It depends on the human behavior involved in creating passwords. However, this technique will only work on weak passwords.
How to Perform Automated Password Guessing
Hackers use automated tools to speed up the password guessing process. A simple way to automate password guessing is to utilize the shell commands of Windows computers. These commands are based on common NET USE syntax. To generate simple password-guessing scripts, do the following:
Use Windows’ Notepad to create a username and password file. You can utilize automated tools (e.g. Dictionary Generator) to create a word list. Name the file as credentials.txt and save it in your computer’s C: drive.
Run the FOR command to pipe this file. Here’s the command you need to use:
C:\> FOR /F “token=1, 2*” %i in (credentials.txt)
See if you can log in to the system’s hidden files by typing:
net use \\targetIP\IPC$ %i /u: %j
Passive Online Attacks
Attacks that belong to this category are referred to as “sniffing” the passwords through wired or wireless connections. In general, the target cannot detect passive attacks. Here, the password is obtained during the user verification process. The passwords acquired through this method are compared against a word list or dictionary file.
Often, account passwords are encrypted (or hashed) when submitted to the network – this is done to prevent unauthorized use and access. Since passwords are hashed or encrypted, you have to use certain tools to the break the system’s algorithm.
MITM (man-in-the-middle) is a popular passive attack and widely used among hackers to crack passwords. Here, the hackers intercept authentication requests and forward them to the server. Before forwarding the requests, the hackers insert a sniffer between the server and the user. A sniffer is a program that captures passwords and monitors user-to-server communications.
The replay attack is also a passive attack done online. It happens when the attackers block the password while it is on its way to the authentication server. Once the password is captured, the hackers will send authentication packets that can be used for future use. This way, the hackers don’t need to crack the password or learn it through MITM. They just need to intercept the password and create authentication packets so they can access the target network later on.
How to Crack Passwords Manually
In some cases, a hacker needs to crack passwords manually. If you are in this situation, you should:
- Search for an authorized account (e.g. Guest or Administrator)
- Generate a list of potential passwords
- Arrange the passwords based on their chances of successfully opening the account
- Enter each password
- Keep on trying until you find the correct password for the account.
Hackers may also generate a script file that enters all the passwords in a list. Although it is still considered as manual password cracking, few people use it since it is time-consuming and ineffective.
The Password Cracking Tools That You Can Use
In this part, you will learn about the different tools that you can use to crack passwords. We won’t provide you with download links since it’s against our policy to share any kind of malicious software. So be careful not to get infected by malware, and make sure you download the tools from authentic websites.
This tool automates the password-guessing process when used in NetBIOS systems. Legion does two things:
- It checks several IP address ranges for Windows computers.
- It provides a dictionary hacking tool that can be used manually.
This is a scanning tool designed for NT 4.0 devices. This tool creates HTML-based reports that contain security problems discovered in the target network. Once you have this information, you can exploit your target’s security issues.
This is a tool used to recover and audit passwords. It conducts SMB (Server Message Block) data captures on the target network and collects information about each login attempt. L0phtCrack has hybrid, dictionary, and brute-force approach capabilities. Although Symantec has stopped developing this tool, you can still get a copy from different online sources.
LC5 Password Cracker
This password cracking tool is similar to L0pthCrack. That means you can use this tool if you can’t download L0pthCrack from any source.
John the Ripper
This tool is in the form of a command-line. You can use it to crack both NT and Unix passwords. The broken passwords are case insensitive and might not show the actual passwords used to access the system.
How to Crack Passwords Used in Windows 2000
Windows computers have a file named “SAM.” This file contains usernames and passwords used to access the computer. You will find this file in this directory: Windows\system32\config. You cannot access SAM file while the operating system is active: this is done to prevent hackers from copying the file. That means you cannot just turn on a Windows 2000 computer, access the file, and copy it onto your thumb drive.
To copy the SAM file, you need to boot the computer using an alternate operating system (Linux or DOS). As an additional option, you may copy this file from the computer’s repair directory. If the administrator employs the RDISK capability of Windows computers to back up the network, you will find a compressed version of the SAM file in C:\windows\repair. This compressed file is named “SAM._”
You can expand this file by entering the following command into the command prompt:
C:\>expand sam._ sam
How to Use Ophcrack
If you want a newer program, you may use Ophcrack instead. Here’s what you need to do to use this powerful tool:
- Go to the webpage: ophcrack.sourceforge.net and download the program.
- Install it into your computer.
- Click the button that says “Load” in order to add hashes. Here are the options that you will find:
- Single Hash Option – You will manually enter the hash
- PWDUMP Option – Import a .txt file that contains the hashes you want to load
- Encrypted SAM Option – Extract the hash from the SAM and SYSTEM files
- Local SAM Option – Dump the SAM file from the machine you are currently using
- Remote SAM Option – Dump the SAM file through a remote computer
I hope that in this password cracking tutorial we explained you well enough how to crack passwords. If you know how to obtain this kind of information, you can easily hack your targets or protect your passwords from potential attackers. We also have some cool password security tips to make your passwords completely unhackable. Do you have any questions? Feel free to post them through the comments section below.