How Hackers Take Your Encrypted Passwords & Crack Them
You may have asked yourself, "How do hackers take my password, if the website owner can't?" The answer is simple. When a website stores your login password for the site, it is run through a cryptographic hash function before it enters the database.
So how are hackers getting these passwords?
When a website is breached and has their database stolen, the password hashes will be in there. A hacker will analyze the hashes, and see which hash type they are, and then bruteforce them. Bruteforcing is when you systematically cycle through each letter in a letterset until it matches a password. A letter set can be all lower-case, symbols, or anything the hacker wants. So the hacker bruteforces until they find a hash that matches yours, resulting in "guessing" your password.
I'm going to show you how to do this on both Windows and Linux.
Step 1: Cracking MD5 on Windows
On Windows, we're going to need to download and install Cain & Abel. Cain is part of the software suite, and is a AIO (All-In-One) Windows hacking tool. We will be using its bruteforce function to crack MD5 hashes.Hash a Word
Let's hash the word "cowsay" using Miracle Salad's MD5 hash generator.
We get the following as a result:
0f606505ce5a8e34d306f707067786ef
Bruteforce with Cain
I'm going to show you in a Tutorial how to crack the hash of the word "cowsay". Follow closely!
See how quick and easy that was? Load the hash, click dictionary attack, and wait. This was on a single core processor in a Virtual Machine, so imagine what it would be like on a powerful computer with GPU's.
Step 2: Cracking MD5 on Linux
On Linux, cracking hashes is a bit different. We will be using JTR (John the Ripper). Linux is a bit faster at cracking hashes, as you will see in the video a bit later.Installation
- First, download JTR from here.
- Extract with tar zxvf john-1.7.8.tar.gz
- Navigate to the john directory
- Install with ./configure && make && sudo make install
I'm going to crack the hash of the word "cowsay" again, but this time with JTR.
Commands will be listed below, if you miss any.
Commands:
- nano hash (inject hash into file and save)
- john --format=raw-md5 hash
- john --format=raw-md5 --show hash
Step 3: Protect Yourself from Password Cracking
Check out my previous guide on keeping passwords strong and safe. The same rules apply here. Keep your passwords longer than 12 characters, and use symbols. It greatly increases the time it takes to crack.
Do you have questions, comments, or suggestions? Feel free to post a comment!
Read These Awesome Related Posts: Tutorials
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "How Hackers Take Your Encrypted Passwords & Crack Them"
Post a Comment