Scribd
Upload
118 views19 pages

1 Password Cracking

The document discusses password cracking concepts, including types of password attacks like brute force, dictionary, and rainbow table attacks. It also covers password cracking tools, techniques for hardening passwords, and factors that affect how easily passwords can be cracked, such as password length, complexity, and frequency of changes. The overall topics covered are types of password attacks, tools used for cracking, and methods for strengthening password security.

Uploaded by

manushrivas26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
118 views19 pages

1 Password Cracking

The document discusses password cracking concepts, including types of password attacks like brute force, dictionary, and rainbow table attacks. It also covers password cracking tools, techniques for hardening passwords, and factors that affect how easily passwords can be cracked, such as password length, complexity, and frequency of changes. The overall topics covered are types of password attacks, tools used for cracking, and methods for strengthening password security.

Uploaded by

manushrivas26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

Password

Attacks
Instructor : Saurabh Pandey
18th August 2020
About Me
My name is Saurabh Pandey,
B.Tech (CSE)
CEH Certificate holder
Contact : [email protected]
Agenda
• What is Password?
• Password Cracking Concepts
• Types of Password Attacks
• Application Software Password Cracking
• Password Cracking Tools
• Hardening the password
• Password Cracking Depends on
What is Password
• String of characters for authentication and log
on computer, web application , software, Files ,
network , Mobile phones, and your life 
• Comprises:
[a-zA-z, 0-9, symbols , space]

Password
No short length
Characteristics
 No birthday or phone number, real name , company name
 Don’t use complete words or Shakespeare quotes
 
 ▫ Example:
 ▫ Hello123: Weak
 ▫ @(H311l0)@: Strong
 ▫ Easy to remember, hard to guess
Password Security

• Don’t use your old passwords


• Don’t use working or private email for every
website registration such as games, news,….etc.
Password Cracking Concept
• guessing or recovering a password
• unauthorized access
• To recover a forgotten password
• A Penetration testing step ( e.g. Network and
Applications)
Password Cracking Concept
• Password Cracking is illegal purpose to gain
unauthorized access
•To retrieve password for
authorize access purpose
( misplacing, missing) due to
various reason.
( e.g. what was my password??)
Type of Password Attacks
• Dictionary Attack
• Brute Force Attack
• Rainbow table attack
• Phishing
• Social Engineering
• Malware
• Offline cracking
• Guess
Password Cracking Types
• Brute Force, Dictionary Attack, Rainbow Table
Password Cracking Types:(Guessing
Technique)

I have tried many friends house and even some companies that , their
password was remained as default, admin, admin  . (Using
Guessing Techniques)
Password Cracking Types:
(Phishing)
Password Cracking Types:(Social Engineering)
• sometimes very lazy genius non-IT Geeks can
guess or find out your password
Application Password Cracking:
(Malware)
Password Cracking Types:(Offline Cracking)

• We have enough time to break the password


• Usually take place for big data
• Or very strong and complicated password
• After attack
• Forensics investigation
Password Cracking Tools
• Brutus
▫ Remote online cracking tool, Windows base, free, supports:(HTTP, POP3, FTP, SMB, ...etc), resume/pause
option .no recent update but still on top ranking.
• RainbowCrack
▫ Hash cracker tool, windows/linux based, faster than traditional brute force attack, compare both plain text
and hash pairs. Commercial and free version
• Wfuzz
▫ Web application brute forcing (GET and POST), checking (SQL, XSS, LDAP,etc) injection
• Cain and Able ***
▫ Few features of password cracking ability: Syskey Decoder,VNC Password decoder , MS SQl MYSQL and
Oracle password extractor Based64, Credential Manager Password Decoder, Dialup Password Decoder,PWL
Cached Password Decoder, Rainbowcrack-online client, Hash Calculator,
• John the Ripper
▫ Offline mode, Unix/linux based, auto hash password type detector, powerful, contain several built-in
password cracker
• THC Hydra
▫ Dictionary attack tool for many databases, over 30 protocols (e.g. FTP.HTTP,HTPPS,...etc)
• Medusa
• AirCrack-NG
▫ WEP and WPA-PSK keys cracking, faster than other WEP cracker tools

• OphCrack
• L0phtCrack

Password Hardening
Techniques or technologies which put attacker, cracker or any other
malicious user in difficulties
 Brings password policy
 Increase the level of web,network , application and physical access
of to the company or organization.
 Using biometric technologies such as
 fingerprint, Eye Detection, RFID Tag Cards….etc
Password Hardening
• All the Security solution just make it more
difficulte. Harder but possible
Password Cracking Depends on
• Attacker's strengths
• Attacker's computing resources
• Attacker's knowledge
• Attacker's mode of access [physical or online]
• Strength of the passwords
• How often you change your passwords?
• How close are the old and new passwords?
• How long is your password?
• Have you used every possible combination:
alphabets, numbers and special characters?
• How common are your letters, words,
numbers or
combination?
• Have you used strings followed by numbers or vice
versa, instead of mixing them randomly?

You might also like