Category: Password Cracking

Open post
Unshadow the file and dump Linux password

How to Unshadow the file and dump Linux password

Hello friends, welcome again!

In the last post I told about Understanding Linux system security for Users After reading this post you have knowledge about Linux file system, and where username and password are stored in Linux? where you can dump this password? when you dump password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password

Unshadow the file and dump password in encrypted format

In this tutorial I am going to show you demo on Ubuntu 14.04 machine to unshadow the files and dump the linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After boot machine with Kali Linux OS Here is great automatic mounting utility in kali linux, you don’t need to mount manually anymore. You just click on linux filesystem under place menu Linux partition will be mounted automatic. Go into Place>filesystem

Linux system will be automatic mount on /media directory with a specific mounting value. Next, If you want to see mounting point value write the following commad

#ls /media

Go into Ubuntu file system by excuting following command

#cd /media/mounting value/

#cd etc

Copy both file shadow and passwd on Desktop

#cp shadow /root/Desktop

#cp passwd /root/Desktop

Unshadow Utility:

The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.

Use unshadow utility in kali linux to unshadow the password hashes, and dump into new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file

#cd /root/Desktop

#ls

#unshadow passwd shadow > unshadow

#ls

Next step is cracking the password hashes with help of john the ripper

#john unshadow

John will detect automatic hashes type if you don’t provide formate type.

Dump Linux hashes and crack with John in Kali Linux Offline mode Video Tutorial

https://www.youtube.com/watch?v=_SvH36bLtFQ

Open post
Understanding Linux system security

Understanding Linux system security for Users

Know about Linux system security

One of the most important Linux system security feature are passwords today. Most of server administrator and users use password to secure their system to get access by others. In Linux (RHEL/DEBIAN) these passwords are saved in passwd and shadow files in /etc directory. In deep description about passwd and shadow both file’s data encrypted.

Most distro uses one way encryption called DES (Data Encryption Standard) to encrypt passwords saved into /etc/passwd and /etc/shadow files. When you attempt the login the username and password, the password encrypted again and compare with saved password, if match found then you are allowed to access otherwise decline by the system.

Understanding /etc/passwd File:

This file contain the required information which used at time of user login. This is text file contains a list of user accounts for System. This contain the following entry in each line each field is separated by : so you can understand easily.

  1. Username : it is used when user logs in.
  1. Password: An x character indicates that password is encrypted and stored in /etc/shadow file.
  2. User ID (UID): Each user must be assigned a unique user ID (UID). UID 0 (zero) is reserved for root.
  3. Group ID (GID): The primary group ID (stored in /etc/group file)
  4. User ID Info: This field allow you to add extra information about the users such as user’s full name, phone number etc.
  5. Home directory: This is path of user’s home directory
  6. Command/shell: this is  path of a command or shell (/bin/bash)

passwd file

Understanding etc/shadow File:

This file stores passwords in encrypted format for user’s account. And also contain additional properties related passwords. It contains the following field and every field is sperated with a colon (:) character.

  1. User name : It is users login name
  2. Password: It is users encrypted password.
  3. Last password change: This contained the information when last password changed.
  4. Minimum: The minimum number of days required between password changes.
  5. Maximum: The password validity for maximum numbers of Days.
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since, that account is disabled

shadow file

 

Open post
Administrator password hashes from SAM database

Find Window password hashes from SAM database

What is Password Hashes and SAM Database?

SAM is stand for Security Account Manager. SAM database is a part of  windows Operating system consist user name and password in encrypted format called password hashes. SAM file is exist under C:/Windows/System32/config in Window 7/8/8.1/10. If User want to logon on the machine, user name and password should be match for authentication entered by user. If user put wrong username and password, authentication being failed. The encryption algorithm is NTLM2 used. The main purpose of SAM to save the computer and data by unauthorized person like hacker’s. But it is not completely work against a professional hacker. Here I am going to show you how hacker dump these encrypted password hashes from database and find out the password by cracking these hashes.

Boot Window machine with Kali Linux?

As I know you are learner here, so you have two option to make exercise on this topic. First create and install window (xp/7/8/8.1/10) machine on Virtual box, it is pretty easy and no harm for base computer. Another method is Do practice on base machine installed window OS already, in this condition you have to boot window machine by Kali Linux live Persistent DVD/Flash Drive.

When penetester boots Window machine with Kali Linux live then can use window file system without any interruption, As described above SAM are saved in the location C:/Windows/system32/config.  So we have main task to go to this location and find out the SAM database. After booting system with Kali Linux you should follow the given instruction to find out the password.

Step1: First step mount the window system partition

click on Place> Filesystem.

Mount window partitoin on Kali Linux

When you clicked on file system window partition will be mounted automatically on /media directory. Open the terminal and type following command to reach in location where SAM database saved.

#cd /media/Mounting Point value/Windows/System32/config

In above mounting value will be changed according the system you can see this value by executing following command

#ls /media

Step2: Relieve bootkey.

#bkhive SYSTEM /root/Desktop/system.txt
bkhive and bootkey

System.txt is a file where bootkey is stored and /root/Desktop is location to save system.txt file.

Step 3: Dump the password hashes

Password hashes is retrieved with combination of bootkey and SAM database, This process is completed with the help of samdump2 utility found in kali linux by default. Command is giving following

#samdump2 SAM /root/Desktop/system.txt > /root/Desktop/hashes.txt
samdump2 to get administrator password hashes

In implemented command SAM database and system.txt filed has been merged and created new file name hashes.txt. To see the password hashes dumped into hashes.txt file use given command

#cat /root/Desktop/hashes.txt

Change directory to /root/Desktop by using following command

#cd /root/Desktop

Step 4: John the Ripper a password cracking tool

After reaching the directory to crack hashes use excute john by given command

#john –formate=nt2 –users=vijay hashes.txt

john and ripper example to crack the password hashes

Open post

Dictionary attack tool thc-hydra tutorial for beginner

A very fast network login cracker with dictionary attack tool which support many different services.

Dictionary attack tool thc-hydra Description:

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however none does Either support more than one protocol to attack or support panellized Connects.

Protocols supported by thc-hydra

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,  HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,  MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,  PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,  SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to use hydra in Kali Linux

Thc-hydra is available in kali linux already you don’t need to install or configure it. In Kali Linux hydra available in two mode Graphical and Command line.

Graphical Interface of Hydra in Kali Linux:

Graphical interface is easy to use so let’s look on graphical interface of hydra:

  1. Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
    Open hydra-gtk
  2. Configure Hydra for Attack
  3. Target: there are following option are available:
    1. Single Target: Give the IP address of Single target
    2. Target List: you can upload file consist targets list.
    3. Define Port: specify port
    4. Protocol: Select protocol for attack
      configure target tab
  4. Passwords: In this tab you set the username and password and more…
    1. Username: Give the username if you know
    2. Username list: if you don’t know the username provide file location consist multiple usernames
    3. Password: This option for single password
    4. Password List: Here you provide the wordlist location
    5. Check on try login as password
    6. Check on Try empty password
    7. Check on Try reversed login
      configure passwords tab
  5. Tuning: Following options for this tab:
    1. Number Task: Repeat task
    2. Time out: configure timeout on not response
    3. Proxy: Set proxy if you are using. Or leave by default No proxy
  6. Specific: Leave default
  7. Start: Here you can start stop attack and save result
    start and result tab

Command line Interface of Hydra in Kali Linux:

As in Linux command line have their own importance and value and most of tools are available with command line interface for linux, Hydra is one of them. to know more about the hydra just execute following command

#Hydra –h

This command will show all options used with hydra command.

hydra -h

 

You have many options on how to attack with logins and passwords

With -l for login and -p for password you tell hydra that this is the only

login and/or password to try.

With -L for logins and -P for passwords you supply text files with entries.

e.g.:

hydra -l admin -p password ftp://localhost/

hydra -L default_logins.txt -p test ftp://localhost/

hydra -l admin -P common_passwords.txt ftp://localhost/

hydra -L logins.txt -P passwords.txt ftp://localhost/

Additionally, you can try passwords based on the login via the “-e” option.

The “-e” option has three parameters:

s – try the login as password

n – try an empty password

r – reverse the login and try it as password

If you want to, e.g. try “try login as password and “empty password”, you

specify “-e sn” on the command line

 

 

Source: https://www.thc.org

https://github.com/vanhauser-thc/thc-hydra

Open post
Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes with rcracki_mt

Rcracki_mt is a tool used to crack hashes and found in kali linux by default.  It is used rainbow tables to crack the password. Some other tools generate rainbow tables. You can download Rainbow table https://www.freerainbowtables.com/tables2/ if you don’t want to download rainbow table you can create you own by Using winrtgen in window and rtgen in Kali Linux

Generate Rainbow Tables in Kali Linux

You have entred in next step. here you can learn to generate rainbow tables by using some tools, There are some tools working for rainbow table are found in kali linux, location is /usr/share/rainbowcrack if you want to generate rainbow table

  1. Opne Terminal
  2. #cd /usr/share/rainbowcrack
    here you will see some tools. Use rtgen to create rainbow table.
  3. #rtgen hash_algorithm charset plaintext_length_min plaintext_length_max table_index chain_len chain_num part_index
    Example #rtgen md5 loweralpha-numeric 6 8 0 3800 33445532 0
  4. Your rainbowtable will be saved in the current location (/usr/share/rainbowcrack)

Generate Rainbow Tables

Crack Hashes with rcracki_mt in Kali Linux

Then issue the command rcracki_mt -h [hash] -t [num threads] [directory of rainbow tables]
For this example, [hash] is the cryptographic hash you wish to reverse. [num threads] is how many threads you wish to dedicate to the task. You should usually use an amount equal to the amount of processor cores available on your computer. The last parameter is the directory where the rainbow tables are located.

crack hashes

RCRACKI_MT in depth

The RCRACKI_MT process can be divided into 3 distinct phases.

  1. The pre-calculation phase
  2. The search phase
  3. The false alarm checking phase

RCRACKI_MT in depth

 

Open post
hashcat tutorial for Password Cracking

Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking

Hashcat Tutorial for beginner

Hello friends, you reading articles on Password cracking under Penetration Testing this article will cover about another tools hashcat tutorial. It is best password cracking tool. and give the best result with GPU Machine.

Description of Hashcat for Password Cracking

According to official website Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

How to use Hashcat in Kali Linux

Hashcat is preinstalled in Kali Linux, To see more about hashcat execute following code in terminal

#hashcat –h

#hashcat –help | more

Press enter and read about available options for hashcat

Features Of Hashcat :

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2, AVXand XOP accelerated
  • All Attack-Modesexcept Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatiblewith JTR and PasswordsPro
  • Possible to resumeor limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generaterandom rules
  • Load saltlistfrom external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlistsor multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithm implemented with performance in mind
  • ……and much more

Combinator Attack with hashcat

In this attack hashcat create password list by combinator method in this method each word of a dictionary is appended to each word in a dictionary.

For Example I have following world in my dictionary:

  • Pass
  • 123
  • Rock
  • You

 

Output we get by hashcat

  • PassPass
  • Pass123
  • passRock
  • PassYou
  • 123Pass
  • 123123
  • 123Rock
  • 123You
  • RockPass
  • Rock123
  • RockRock
  • RockYou
  • YouPass
  • You123
  • YouRock
  • YouYou

hashcat is that cpu hashcat does the combination of the plains given in a single dictionary file (word list) This implies that one should specify only and exactly 1 (dictionary) file within the command line for hashcat (besides the hash file).
Example of combinatory attack
The combinator attack hence will combine each and every word within the single dictionary file.

#hashcat -m 0 -a 1 hash.txt dict.txt

crack the hashes using hashcat

 

Brute-Force Attack with Hashcat Tutorial

Tries all combinations from a given Keyspace. It is the easiest of all the attacks.

In Brute-Force we specify a Charset and a password length range. The total number of passwords to try is Number of Chars in Charset ^ Length. This attack is outdated. The Mask-Attack fully replaces it.

Dictionary Attack with hashcat tutorial

The dictionary attack is a very simple attack mode. It is also known as a “Wordlist attack”.

All that is needed is to read line by line from a textfile (called “dictionary” or “wordlist”) and try each line as a password candidate.

combinator atack

Mask Attack with hashcat tutorial

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.

Here is a single example. We want to crack the password: Julia1984

In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.

In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 52*26*26*26*26*10*10*10*10 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.

Built-in charsets

built in charset hashcat

Custom charsets

costum charset

Examples of Mask Attack

The following commands all define the same custom charset that consists of the chars “abcdefghijklmnopqrstuvwxyz0123456789” (aka “lalpha-numeric”):

-1 abcdefghijklmnopqrstuvwxyz0123456789

-1 abcdefghijklmnopqrstuvwxyz?d

-1 ?l0123456789

-1 ?l?d

-1 loweralpha_numeric.hcchr # file that contains all digits + chars (abcdefghijklmnopqrstuvwxyz0123456789)

The following command defines a charset that consists of the chars “0123456789abcdef”:

-1 ?dabcdef

The following command defines a full 7-bit ascii charset (aka “mixalpha-numeric-all-space”):

-1 ?l?d?s?u

The following command sets the first custom charset (-1) to russian language specific chars:

-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr

Example

The following commands creates the following password candidates:

mask Attack by hashcat

command: -a 3 ?l?l?l?l?l?l?l?l

keyspace: aaaaaaaa – zzzzzzzz

command: -a 3 -1 ?l?d ?1?1?1?1?1

keyspace: aaaaa – 99999

command: -a 3 password?d

keyspace: password0 – password9

command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d

keyspace: aaaaaa1900 – Zzzzzz1999

command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

keyspace: 00aaaaa – ffZZZZZ

command: -a 3 -1 efghijklmnop ?1?1?1

keyspace: eee – ppp

Password length increment

A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “–increment” flag.

?l

?l?l

?l?l?l

?l?l?l?l

?l?l?l?l?l

?l?l?l?l?l?l

?l?l?l?l?l?l?l

?l?l?l?l?l?l?l?l

Source www.hashcat.net

Open post
Most used Password cracking techniques by Cain and Abel Software

Most used Password cracking techniques by Cain and Abel Software

Password cracking techniques by Cain and Abel

Hello Friends, Welcome again!

In the last post Cain and Abel software for cracking hashes you have read about basics of Cain and Abel, and in the end of post I write about password cracking. When the cain captures some password hashes it sends to cracker tab automatically. When you gets password hashes you can use many Password cracking techniques by Cain and Abel Software. 

Right click on the desired user name, you want to obtain password. As you right click on the username you will find all possible techniques for cracking password.

There are mostly three techniques to crack the password

Dictionary attack

Dictionary attack is a type of attack, in which Attacker uses a word list contain lots of words or possible passwords. Tools checks login credential with every word from list. if the password is consist in the word list, attacker get success if not, he fails. This attack can be performed by Cain and abel further more detail Dictionary attack For Cracking passwords using Cain and Abel This tool checks all the entries into dictionary (wordlist) when hashes got match it will stop the attack. and attacker will find his result. If passphrase is not into dictionary then you will be unable.

Brute force attack

Brute force attack attempt to get access by trying different password words, or letter ( alphabet, number and symbol). In simple attack may have a dictionary with common used password with in software. another hand complex attack uses every key combination ( alphabet, number and symbol) for finding correct password.
it can take several hours, days,months and year for success depends on password and encryption complexity.

For more detail Brute Force Attack for Cracking Passwords using Cain and Abel

Cryptanalysis attack (Using Rainbow Table)

Using rainbow table attacker can crack 14 character long password within 160 second. It is much faster than dictionary attack and brute force attack Rainbow table is dictionary stored plain text password and encrypted password hashes we can say it is pre compiled and pre calculated hashes.
In this process tools matches  hashes with rainbow table. If matched, it shows in plain text. other wise failed in process. you can generate your own rainbow table using winrtgen 

More detail: Rainbow Tables Attack (Cryptanalysis attack) and winrtgen

Conclusion

Cain and Abel is a powerful tool that does a great job in password cracking. It can crack almost all kinds of passwords, and it’s usually just a matter of time before you get it.

 

Open post
Rainbow Tables Attack (Cryptanalysis attack) and winrtgen

Rainbow Tables Attack (Cryptanalysis attack) and winrtgen

Hello friends welcome again !

You have read two articles on cracking passwords 1. Cain and Abel software for cracking hashes tutorial 2. Dictionary attack For Cracking passwords using Cain and Abel and 3. Brute Force Attack for Cracking Passwords using Cain and Abel In this article I am going to tell you about another attack for cracking passwords called Rainbow tables attack and some time Cryptanalysis attack.  before performing attack we need to create rainbow tables help of winrtgen.

Cryptanalysis attack (Using Rainbow Tables Attack) with cain and abel

From Wikipedia: “A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plain text password, up to a certain length consisting of a limited set of characters. It is a practical example of a space-time trade off, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employ a salt makes this attack infeasible. Rainbow tables attacks are a refinement of an earlier, simpler algorithm by Martin Hellman.”

How To Make A Rainbow Table using winrtgen?

There are many tools that create a rainbow table and there are many rainbow tables already available on the internet.Fortunately, Cain comes with a tool called winrtgen, which is located in its own folder in the installation.

After run winrtgen follow the instruction to create a rainbow table

  1. Start winrtgen
    Run winrtgen to create rainbow tables
  2. Click on Add table at bottom –left corner
  3. Select hashes type minimum and maximum length of password
  4. Select charset option
    winrtgen available option
  5. Click on OK
  6. Again OK

Rainbow table is started generate after some time you will find you rainbow table Use this and crack the password

Open post
Brute Force Attack for Cracking Passwords using Cain and Abel

Brute Force Attack for Cracking Passwords using Cain and Abel

Hello friends, Welcome again!

We are discussing about Penetration Testing Tutorial and this article under section cracking passwords and hashes cracking.

Brute force attack with cain and abel

In my previous post Cain and Abel software for cracking hashes tutorial you have learnt about basic features or cain and abel. In the last of post I wrote about cracking passwords and how you dump NTLM hashes from local PC. After getting passwrod hashes our next task to crack password by using difference techniques, Brute Force attack one of them. In this tutorial you will learn how to perform brute force attack for cracking hashes by Cain and Abel

Brute Force Attack Definition

From Wikipedia: “In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.”

Cracking password by brute force attack using Cain and Abel:

  1. Right click on the desired user.
  2. Brute-force Attack
    Right click on the user
  3. Click on NTLM Hashes: A new window will be open, Here you need to set following things
    1. Charset: under this section there are two option first predefined charset or custom, where you can use character, numbers and sysmbles according yourself.
    2. Password length: Define minimum and maximum length of password
      brute force attack
  4. Click and start.
  5. You will get result.
    password cracked
Open post
Cracking passwords by Dictionary attack using Cain and Abel

Dictionary attack For Cracking passwords using Cain and Abel

Dictionary attack

From Wikipedia: “A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack). Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.”

Cracking passwords by Dictionary attack using Cain and Abel:

To perform dictionary attack for cracking passwords by using cain and abel first you will import the NTLM hashes. Then in cracker tab you find all imported username and hashes. Select desired user and follow the steps

  1. Right click on the user
  2. Select dictionary attack
    Right click on the user
  3. NTLM hashes
    New window will be popup

    1. Right click on top blank area.
    2. Add to list
    3. Browse dictionary or wordlist file
      add a dictionary
  4. Click on the start

 

it checks all the entries into dictionary when hashes matched it will stop the attack. You will find your result. If pass phrase is not into dictionary then you will be unable.

Posts navigation

1 2
Scroll to top