So, why would we need to learn about password cracking techniques and the very cool tools used to do so? Password cracking plays a major role in cybersecurity. It is the processes of recovering passwords in order to breach the security of a computer system as both as a preventive measure and to locate weak links that may be vulnerable to an attack.
Brute-force attacks involve trying all possible keys including dictionary words and non-dictionary words too. Brute-force attacks can crack any password, once given the time to do so.
However, how long are you willing to wait for that password? For example, 128-bit key running at a billion keys per second equals 340,283,366,970,938,463,463,374… possible key combinations. In years, that’s just shy of 100,000,000,000,000. Brute-force can often be the last resort with the upside being that brute-force will always find the password. The downside is will you still be around when brute-force reveals the password.
Dictionary attacks use possibilities that are most likely to succeed derived from a dictionary software program. Dictionary attacks may not crack every key, but it is often faster than brute-force. However, although dictionary attacks remove the time-factor, the program will not be successful if the password is not in your dictionary file. For example, if your password is B#h$7yt, the simple addition of symbols and numbers can thwart the success of the attack.
Rainbow table attacks are by far the fastest method of password cracking, mainly because they come along with pre-computed hashes. For a basic example of hashing, say your password is Apple; After it is hashed it is transformed into 865948plpogh76542187629bd1. Woo Hoo, it is secure.
Not so fast, although hashing is a one-way function, meaning that you can never decrypt the hash unveiling the underlying clear text. That’s not the end of the story; basically, rainbow tables are humongous sets of pre-computed tables chock-full with hash values that are pre-matched to potential plaintext passwords.
Essentially, these tables allow anyone to reverse the hashing function in order to determine what the plaintext password might be. Additionally, it is possible for multiple different passwords to result in the same hash, pointing out that it is not important to find out what the original password was, just as long as it has the same hash. As long as the hash is matched, then it does not matter what the original password was.
The Very Cool Tools
(There are other tools available. However, these are my favorites. I have included the links and descriptions so you can visit the sites, download the tools, explore them and learn.)
Cain and Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS and contains filters to capture credentials from a wide range of authentication mechanisms.
John the Ripper is a well known and popular free and Open Source software. Ripper supports fifteen different platforms including Unix, Windows, DOS, BeOS, and OpenVMS. You can use this either to identify weak passwords or to crack passwords for breaking authentication. Including performs brute-force attack with all possible passwords by combining text and numbers. Additionally, you can also use it with a dictionary of passwords to perform dictionary attacks
Additionally, Ripper can be used to identify weak passwords or to crack passwords for breaking authentication; perform brute-force attacks with all possible passwords by combining text and numbers and/or use it with a dictionary of passwords to perform dictionary attacks
Rainbow Crack is also a popular brute-forcing tool used for password cracking. It generates rainbow tables for using while performing the attack. In this way, it is different from other conventional brute-forcing tools. Rainbow tables are pre-computed. It helps in reducing the time in performing the attack.
Various organizations published the pre-computer rainbow tables for all Internet users. To save time, you can download those rainbow tables and use in your attacks.
This tool is still in active development. It is available for both Windows and Linux and supports all latest versions of these platforms.
Aircrack-ng is a complete suite of tools to assess WiFi network security. Aircrack-ng (the ng, refers to next generation) focuses on different areas of WiFi security including Monitoring: Packet capture and export of data to text files for further processing by third party tools; Attacking: Replay attacks, deauthentication, fake access points and others via packet injection; Testing: Checking WiFi cards and driver capabilities (capture and injection) and Cracking: WEP and WPA-PSK (WPA 1 and 2).
The tools are command line which allows for heavy scripting. It supports Linux primarily but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.
THC Hydra is often the tool of choice when you need to brute-force crack a remote authentication service. THC Hydra can perform rapid dictionary attacks against more than 50 protocols, including Telnet, FTP, HTTP, HTTPS, SMB, several databases, and much more.
This free-to-use tool allows pen testers, security analysts and others to learn how easy or difficult it would be to gain remote access to a system. This tool also lets you add new modules to increase the functionality. Via its GitHub page, you can also participate in the development process of THC Hydra. TCH Hydra supports Windows, Linux, Solaris, FreeBSD, and OS X platforms.
Cybersecurity is a shared responsibility. Stop. Think. Connect.