Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
2. Contents
• Introduction
• What is password
• How passwords are stored
• Password cracker types
• Factors on which password cracking depends
• Incidents
• Gmail Cracking
• Conclusion
3. Introduction
• Password cracking is a term used to describe the penetration of a network,
system, or resource with or without the use of tools to unlock a resource
that has been secured with a password
• It is one of the oldest hacking arts. Every system must store passwords
somewhere in order to authenticate users. However, in order to protect
these passwords from being stolen, they are encrypted.
• Password cracking is the art of decrypting the passwords in order to
recover them.
4. What is Password
• String of characters for authentication and log on
computer, web application , software, Files , network
, Mobile phones, and your life
• Comprises:
[a-zA-z, 0-9, symbols , space]
5. How Passwords are Stored
In order to understand how to compromise passwords, it is first necessary to
understand how passwords are stored on typical systems.
• Unix Password File- It stores the hashed value of passwords in the password file instead
of the actual passwords. Hashed passwords were originally stored in publicly accessible
file /etc/passwd.
• Windows Password File- The password file for Windows, known as the Security Accounts
Manager (SAM) file, is located in
C:windowssystem32configsam
6. Password Cracker Types
Password crackers use two primary methods to identify correct passwords:
• Brute Force Attack
• Dictionary Attack
There are some more methods like-
• Malware
• Social Engineering
7. Dictionary Attack
• When conducting a dictionary search, a password
cracker searches each word in the dictionary (a file
containing most commonly used passwords) for the
correct password.
• Password dictionaries exist for a variety of topics and
combinations of topics, like politics, movies, and
music groups.
8. Brute Force Attack
When a password cracker
uses a brute-force tool, it
tests all the possible
combinations of a
predetermined length until it
finds the right combination
accepted by the computer
system.
9. Phishing
• There's an easy way to hack:
ask the user for his or her
password. A phishing email
leads the unsuspecting
reader to a faked online
banking, payment or other
site in order to login and put
right some terrible problem
with their security.
• Why bother going to the
trouble of cracking the
password when the user will
happily give it you anyway?
10. Some more attacks..
Malware
A key logger or screen scraper can be installed by malware which records
everything you type or takes screen shots during a login process, and then forwards
a copy of this file to hacker central.
Social Engineering
Social engineering takes the whole ‘ask the user’ concept outside of the inbox that
phishing tends to stick with and into the real world.
A favourite of the social engineer is to telephone an office posing as an IT security
tech guy and simply ask for the network access password. You’d be amazed how
often this works.
11. Password Cracking Depends on
• Attacker's strengths
• Attacker's computing resources
• Attacker's mode of access [physical or online]
• Strength of the passwords
• How often you change your passwords?
• How close are the old and new passwords?
• How long is your password?
• Have you used every possible combination: alphabets, numbers and special characters?
• How common are your letters, words, numbers or combination?
• Have you used strings followed by numbers or vice versa, instead of mixing them randomly?
12. Incidents
• On July 16, 1998, CERT reported an incident where an attacker had found
186,126 encrypted passwords. By the time they were discovered, they had
already cracked 47,642 passwords
• On July 18, 2011, Microsoft Hotmail banned the password: "123456”
• In July 2015, a group calling itself "The Impact Team" stole the user data of
Ashley Madison.
• As of 2017, a single GeForce GTX 1080 GPU is capable of testing 25 billion MD5
encryption per second.
13. Gmail Cracking
• By using Dictionary Attack we can easily crack Gmail
Account.
• If you try to use the Brute force technique to hack any
Gmail or Hotmail accounts then it will block your IP
and also account for some specific number of
attempts.
• SMTP server is a simple server with very fewer
functionalities, hence it is easy to perform attacks on
SMTP server.
14. Conclusion
Password Cracking is a good way of accessing information or getting
some useful sources for any organisation, for people. But now a days
many of the password cracking techniques are used for the wrong
purposes. In case you think you're safe from the attentions of such
criminal types, or think they'd never be able to guess your password,
perhaps you might be interested to learn just how wrong you are.