No announcement yet.

System Hacking - Password Cracking

  • Filter
  • Time
  • Show
Clear All
new posts

  • System Hacking - Password Cracking

    You use password cracking to obtain the credentials of a given user account, found bu enumerating the target, with the intention of using the account to gain authorized access to the target system under the guise of an authentic user.
    Password cracking is the process of recovering passwords from transmitted or stored data. System administrators may also use password cracking to audit and test a system in order to strengthen the system, and attackers may use password cracking to gain authorized access. Passwords may be cracked or audited using manual or automated techniques designed to reveal credential.
    A password is often something an individual can remember easily but at the same time not something that can be easily guessed or broken. This is where the problem lies: Human beings tend to choose passwords that are easy to remember, which can make them easy to guess. Although choosing passwords that are easier to remember is not a bad thing, it can be a liability if individuals choose passwords that are too simple to recall or guess.

    Here are some examples of passwords that lend themselves to cracking
    • Passwords that use only numbers
    • Passwords that use only letters
    • Passwords that are all upper- or lowercase
    • Passwords that use proper names
    • Passwords that use dictionary words
    • Short passwords. Fewer than ~8 characters

    Generally speaking, the rules for creating a strong password are a good line of defense against the attacks we will explore. Many companies already employ these rules in the form of password requirements or complexity requirements.
    Typically, when a company is writing a policy or performing training they will have a document, guidance, or statement that says to avoid the following:
    • Passwords that contain letters, special characters, and numbers: [email protected]
    • Passwords that contain only numbers: 13243546
    • Passwords that contain only special characters: &*#@!(%)
    • Passwords that contain letters and numbers: empl123
    • Passwords that contain only letters: SOMEWORD
    • Passwords that contain only letters and special characters: [email protected]&di
    • Passwords that contain only special characters and numbers: [email protected]$9

    People that select passwords that contain patterns that adhere to any of the points on this list are less vulnerable to most attacks targeted at recovering passwords.
    No password is bulletproof just because they adheres to the conventions in the list. Adherence to these guidelines makes it less vulnerable, but not impervious.
    In general long passwords that contain both upper- and lowercase characters, numbers and special characters, that are not dictionary words, will be fairly secure.
    Certified Security Geek