Password Hacking – 2. Password Cracking
What is Password Cracking?
Password cracking is the act of recovering passwords through unconventional and usually unethical methods from data that has been stored or sent through a computer system.
Password cracking is a very popular computer attack because once a high level user password is cracked, you’ve got the power! There’s no longer a need to search for vulnerabilities and all that other mumbojumbo needed to take over a system that we won’t be discussing in this course.
Also, everyone is susceptible to a password cracking attack. Unless you live in a remote, technology absent area, you have a password for something, and there’s usually something to gain from obtaining your password.
To show you how real and popular this form of attack is today, here are a few recent happenings.
- Password cracking was used to take over a few high-profile twitter accounts, including President Barack Obama, Britney Spears, Kevin Rose, and Rick Sanchez.
- Wal-Mart was a victim of a security breach where sensitive information was taken. Password cracking was one of the many methods used to gain entry.
- 10,000 cracked Hotmail passwords were publicly posted, and every day crackers continue to post new lists on forums all over the internet.
- phpBB.com was hacked and their 200,000+ username/password database was dumped and made publicly available to anyone willing to download it. Of those passwords, over 80,000 were reported to have had been cracked.
What is Password Cracking used for?
Password cracking can be used for both good and evil. If I forgot my password for a certain system or program, I might try cracking it before I completely give up on it. Now if it’s for any other reason, then it probably has an evil basis and is most likely illegal as well.
Notice how for my legitimate reasons I didn’t mention cracking services. Services are usually things like your ISP (Internet Service Provider), email, social networking and other related passwords. The reason why I didn’t mention these is because even if I legitimately forgot my password for a site like Facebook or Yahoo, it is still against their TOS to attempt to crack those passwords. Why? Because you will be attempting 100’s of password/second over the internet which could put a strain on their system and cause a DOS (Denial of Service) attack. Also, if not done properly, most systems would detect it as an
attack and lock you out, sometimes even blocking your IP address completely so that you have absolutely no access to the website from your current ISP given IP address. Even though it is possible to change your IP address, you don’t want to keep doing that. No matter what your reasons are for attempting to crack a password from a service site, it will always be seen as a malicious attack because the websites provide methods for the owner to retrieve their forgotten password. With that said, cracking service site passwords is still very possible and in some cases very easy. It will be discussed later on in the course.
Password Cracking Methods
There are many different types of password cracking methods, and I will introduce you to each one of them within this course. Below is a list of the methods you will soon become a pro in:
- Dictionary Attacks
- Brute Force Attacks
- Hybrid Attacks
- Rainbow Tables