Support The Ethical Hacker !! - Click Here If You Like My Contents !!!

Showing posts with label Brute Force. Show all posts
Showing posts with label Brute Force. Show all posts

Wednesday, December 2, 2009

Password Cracking Attacks -Common Known Methods

Password cracking is considered as the most common attack in the internet.Have you thought why...?
The answer is simple "Man needs security everywhere but he hates complexity".. Hey its my observation.. So, I say the best method to be secure online for a layman is to use passwords rather going for signing in using Biometrics and similar stuffs.The sense of security one gets by password protecting his accounts is enormous.And evidently the methods for storing and processing of password protected security is relatively simple. Hey but here you will realize that its not that simple to break a password as you read more.

So now its time to discuss different common methods used by a hacker or a cracker to bypass password securities.

Password Guessing:
This is mostly anyone's first attempt to crack a password.The attacker conducts a background check on the victim.This in most cases allows him to come up intelligent guesses and allow the breach.But not all passwords can be broken using this method.It needs a lot of hard work and patience to do this and in many cases its a failure.

Dictionary Based Attacks:
Attackers use automatic tools that tries out all words found in the dictionary as the password.Here we may include any dictionaries,even the local language dictionaries.But everything depends on how powerful is your selected tool.This method can only be used efficiently in case when the victim uses a word from dictionary as the password.Yeah !! I know that you are thinking  that even your password is not a dictionary based one.So now you are saved !!!

This is the main problem with this method.Not many people uses passwords from dictionary.So we can conclude that this method of password cracking is slow and inefficient .

Default Passwords :
Many softwares and networks have default passwords.These are configured by the developers for facilitating easier development.These passwords may even give us access to critical functionality of the software or the network.Lazy programming habits is the main cause of these type of vulnerabilities.Many admins are lazy to check for the default password secured accounts.

NB:
  • You may be surprised to know that a big known military hacking revealed many accounts which gave the hacker full access to critical missions where saved with default passwords.
  • If you are an Admin do check your user accounts for default passwords regularly and delete those immediately
Brute Force Password Cracking :
This is the most successful method of password cracking.You are assured with 100% success rate in this type of attacks.But the time taken by this method is the main drawback.It may take several days for breaking a good password.
The attacker uses an automatic tool that tries out all permutations and combination of the provided character set .For 100% success rate we must provide a character set which will contain all the keys found on the keyboard.But this efficiency is provided with a trade off with the time taken for the process.In most of the cases the correct password gets displayed after a long time.
The speed of password cracking is very much dependent on the speed of the machine,speed of the network,character set provided etc.So in my personal opinion this method is very slow and inefficient.

NB:
  • I know that I started this topic by depicting this as the most successful method but now you know whyI had to say that it is very slow and inefficient.
DO's And DON'T's

DO NOT
  • use relatives names as passwords
  • use words from dictionary
  • use any important dates in your life as your password.
  • use short passwords
  • disclose passwords even to spouse 
  • login to your password protected accounts from public systems if possible
  • fall for social engineering
  • use same password for both critical and non critical accounts
  • write your passwords anywhere.Memory is the best place to store critical data.
DO
  • Try to use a combination of letters form alphabet digits and special characters.
  • Try to use both upper and lower case characters in password
  • Use different passwords for different accounts.
  • Be aware that you are the only person who can stop one from hacking your passwords.
  • A regular security check for the presence of default passwords

NB:
All these are some countermeasures or guidelines on how to prevent password theft.But still it can be stolen !!!

Tools

Cain and abel
John the Ripper
Posted by Swaroop Krishnan S at 1:18 AM 5 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)