Why would you attempt cracking certain passwords when you don’t have to? Before you go the cracking route, there are a few time-saving things you could try instead. I will only briefly go into each one of these methods as there is enough information to write a book about most of them.
True, it might not work like in the movies (100% of the time), but it doesn’t hurt giving it a shot. If you know the person whose password you are trying to crack, then this might be a realistic option. Many people make their passwords personal like their birthday, pets name, spouse’s name, phone number, favorite sports team, you get the idea. Put your place into the person’s shoes and think about what his/her possible password may be.
If you have access to the person’s work place or computer area, look around for sticky notes or other papers that may have the password written down. Many times companies force their employees to make strong passwords but don’t teach them how, this forces them to create passwords they simply can’t or choose to not remember, causing them to note them somewhere.
Another possible technique you can use if you have physical access to the person is to “shoulder surf”. Otherwise known as peeking over the person’s shoulder as he types in his password. This would also be a great time to see if the person glances around his desk looking for a paper with the written down password.
Social engineering is the act of manipulating people to give up sensitive information or to do things that they probably shouldn’t. I will only briefly touch on the subject as a whole book can be written on the subject. In fact, one already has been, it’s called The Art Of Deception by Kevin Mitnick and you should give it a read.
You can use social engineering to get a person to tell you what the password is just by asking for it. Sounds ridiculous? Maybe, but it works. Now you can’t just call someone and be like “Give me your password.” that won’t work, instead you have to pretend to be someone trusted that “should” have the password. Here’s a real world example from SearchLores.org by _A&T:
I picked up the telephone and called him, at 8.30am.
“Good morning sir, I am (insert faked name here), I am willing to speak with Mr. (insert victim’s name here)”
“Yes, hold on please”
“Hello, I am (victim’s name)”
“Good morning sir, I am an employee of the local Hotmail agency (btw, I don’t think Hotmail has ‘local agencies’), I am sorry I am calling you so early…”
“Uh, hotmail, well, I was having breakfast, but it doesn’t matter” (victim is surprised)
“I was able to call you because of the personal data form you filled when creating your account, so don’t be surprised” (with eye-blinking tone)
“My pers.. oh, yes”
“I have to inform you that we had a hard disk crash tonight, and we are trying to restore all our user’s mail.”
“A crash? Is my mail lost?”
“Oh no, sir, we can restore it. But, since we are simple employees, and we are not allowed to mess with our user’s mail, we need your password, otherwise we cannot take any action”(first try, probably unsuccessfull)
“Er, my password? Well…”
“Yes, I know, you have read on the license agreement that we will never ask for it, but it was written by the legal department, you know, all law stuff that’s needed to open business and such. (effort to gain victim’s trust)
Your username is (insert victim’s username), isn’t it? Legals gave us your username and telephone, but, as smart as they are, not the password. See, without your password nobody can access your mail, even we hotmail employees. But we have to restore your mail, and we need access. You can be sure we will not use your password for anything else, well, we will forget it.” (smiling)
“Well, it’s not so secret (also smiling! it’s amazing…), my pass is xxxxxx”
“Thank you very much, sir. We will restore your mail in a few minutes”
“But no mail is lost, isn’t it?”
“Absolutely, sir. You should not experience any problems, but do not hesitate to contact us just in case. You will find contact numbers on our web page” (which our victim has probably never read from begin to end)
“Thanx, you are very efficient, goodbye”
If you are trying to crack a password for a wireless router, firewall, web script, cellphone, etc., chances are it comes with a default password. After installing scripts or services, many people fail to change these default login credentials, leaving it open to the world. Below are a few sites that have a large database of programs/devices with their default passwords.
If you fail to find the software or device in those lists, simply Google the name of it with “default password”. If it exists, it will come up.
If you could infect the victim with malware such as a Trojan or Keylogger, getting the password you desire plus many more wouldn’t be difficult. The hard part would be to get the victim to download and run the malware infected file. If you have access to the victim’s machine this won’t be a problem as you could run it yourself. In case you don’t know, here is a summary of what they do.
Trojan – A trojan horse is a malicious program that can be used to do silly things to a system like changing its desktop, mess with the user interface, and take control of your mouse. It can also be used for some serious things like accessing your data, erasing your files, stealing your saved passwords and capturing your keystrokes.
Keylogger – A keyloggers sole purpose is to log your keystrokes. In other words, it logs everything you type on your keyboard (passwords) and sends it to the attacker.
Hash Table Lookup
A hash table is exactly what it sounds like, a table full of password hashes. With a simple Google search I was able to pull up the following four hash table websites.
Each one has millions password/hash combinations available to be used for free. Simply paste the hash you wish to crack into the text box, click submit, and it’ll check to see if it exists within their ever growing database. As a test, I chose to check the md5 hashed password “ilikecheese” which once hashed, came out to “4449e7bf45f50256a20a14ad667f38db”. After running the hash through each of the databases, one was able to crack it. Imagine the time you would save if your password exists within one of these many hash lookup websites.
Phishing is the act of stealing one’s personal information by pretending to be a legitimate and trustworthy entity. In other words, you can easily steal someone’s password by directing him to a page that looks like the real login page, when in reality it is a duplicate that sends the login details to you and then redirects the victim to the real page.
This attack is very popular because of how easy it is to implement and because it works. It is very commonly used along with social engineering in email messages.