What is hacking???

What is hacking ?????

There are many definitions of hacking. In this article, we will define hacking as identifying weakness in computer systems and/or networks and exploiting the weaknesses to gain access. An example of hacking is using by passing the login algorithm to gain access to a system. Ahacker is a person who finds and exploits weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

 Before we go any further, let’s look at some of the most commonly used terminologies in the world of hacking.

Types of Hackers

Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.

Symbol	Description
	Ethical Hacker (White hat):A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments.
	Cracker (Black hat):A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
	Grey hat:A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
	Script kiddies:A non-skilled person who gains access to computer systems using already made tools.
	Hacktivist:A hacker who use hacking to send social, religious, and political etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
	Phreaker:A hacker who identifies and exploits weaknesses in telephones instead of computers.

What is Cybercrime?

Cybercrime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers etc.  Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using mobile phones via SMS and online chatting applications.

Type of Cybercrime

• The following list presents the common types of cybercrimes:
• Computer fraud:Intentional deception for personal gain via the use of computer systems.
• Privacy violation:Exposing personal information such as email addresses, phone number, account details etc. onsocial media, websites etc.
• Identity Theft:Stealing personal information from somebody and impersonating that person.
• Sharing copyrighted files/information:This involves distributing copyright protected files such as eBooks and computer programs etc.
• Electronic funds transfer:This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
• Electronic money laundering:This involves the use of computer to launder money.
• ATM Fraud:This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
• Denial of Service Attacks:This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
• Spam:Sending unauthorized emails. These emails usually contain advertisements.

What is ethical hacking?

Ethical hacking is identifying weakness in computer systems and/or computer networks and coming with counter measures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organizationbeen hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

Why ethical hacking?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Legality of ethical hacking

Ethical hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. TheInternational Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.

Summary

• Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
• Cybercrime is committing crime with the aid of computers and information technology infrastructure.
• Ethical hacking is about improving the security of computer systems and/or computer networks.
• Ethical hacking is legal.

What is threat ?

• The ISO 27005 defines a threat asa potential cause of an incident that may result in harm of systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack. In these tutorial series, we will define a threat as a potential attack from a hacker that can allow them to gain unauthorized access to a computer system.

  What are Physical Threats?

  A physical threat is a potential cause of an incident that may result in loss or physical damage of the computer systems.
  The following list classifies the physical threats into three (3) main categories;
  • Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware etc.
  • External: These threats include lightening, floods, earthquakes etc.
  • Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.
  To protect computer systems from the above mentioned physical threats, an organization must have physical security control measures.
  The following list shows some of the possible measures that can be taken:
  • Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out fire. Unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room.
  • External: Lightening protection systems can be used to protect computer systems against such attacks. Lightening protection systems are not 100% perfect, but to a certain extent, they reduce the chances of lightening causing damage. Housing computer systems in high lands is one of the possible ways of protecting systems against floods.
  • Humans: Threats such as theft can be prevented by use of locked doors and restricted access to computer rooms.

  What are Non-physical threats?

  A non-physical threat is a potential cause of an incident that may result in;
  • Loss or corruption of system data
  • Disrupt business operations that rely on computer systems
  • Loss of sensitive information
  • Illegal monitoring of activities on computer systems
  • Others
  The non-physical threats are also known aslogical threats. The following list is the common types of non-physical threats;
  • Virus
  • Trojans
  • Worms
  • Spyware
  • Key loggers
  • Adware
  • Denial of Service Attacks
  • Distributed Denial of Service Attacks
  • Un-authorized access to computer systems resources such as data
  • Phishing
  To protect computer systems from the above mentioned threats, an organization must have logical security measures in place. The following list shows some of the possible measures that can be taken
  To protect against viruses, Trojans, worms etc, an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting website that are most likely to download unauthorized programs onto the user’s computer.
  Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in form of user ids and strong passwords, smart cards or biometric etc.
  Intrusion-detection/prevention systems can be used to protect against denial of service attacks.There are other measures too that can be put in place to avoid denial of service attacks.

  Summary

• A threat is any activity that can lead to data loss/corruption through to disruption of normal business operations.
• There are physical and non-physical threats
• Physical threats cause damage to computer systems hardware and infrastructure. Examples include theft, vandalism through to natural disasters.
• Non-physical threats target the software and data on the computer systems.

What is a programming language?

• A programming language is a language that is used to develop computer programs. The programs developed can range from operating systems; data based applications through to networking solutions.  
  

  Why you should learn how to program?

  • Hackers are problem solver and tool builders, learning how to program will help you implement solutions to problems. It also differentiates you from script kiddies.
  • Writing programs as a hacker, will help you to automat many taskswhich would usually take lots of time to complete.
  • Writing programs can also help you identify and exploit programming errors in applicationsthat you will be targeting.
  • You don’t have to reinvent the wheel all the time, there are a number of open source programs that are readily usable. You cancustomize the already existing applications and adding your own methods to suit your needs.
  • What languages should I learn?
  The answer to this question depends on your target computer systems and platforms. Some programming languages are used to develop for only specific platforms. As an example, Visual Basic Classic (3, 4, 5, and 6.0) is used to write applications that run on windows operating system. It would therefore be illogical for you to learn how to program in Visual Basic 6.0 when your target is hacking Linux based systems.

  Programming languages that are useful to hackers

  SR NO.
  COMPUTER
  LANGUAGES
  DESCRIPTION
  PLATFORM
  PURPOSE
  1
  HTML
  Language used to write web pages.
  *Cross platform
  Web hacking
  Login forms and other data entry methods on the web use HTML forms to get data. Been able to write and interpret HTML, makes it easy for you to identify and exploit weaknesses in the code.
  2
  JavaScript
  Client side scripting language
  *Cross platform
  Web Hacking
  JavaScript code is executed on the client browse. You can use it to read saved cookies and perform cross site scripting etc.
  3
  PHP
  Server side scripting language
  *Cross platform
  Web Hacking
  PHP is one of the most used web programming languages. It is used to process HTML forms and perform other custom tasks. You could write a custom application in PHP that modifies settings on a web server and makes the server vulnerable to attacks.
  4
  SQL
  Language used to communicate with database
  *Cross platform
  Web Hacking
  Using SQL injection, to by-pass web application login algorithms that are weak, delete data from the database etc.
  5
  Python
  Ruby
  Bash
  Perl
  High level programming languages
  *Cross platform
  Building tools & scripts
  They come in handy when you need to develop automation tools and scripts. The knowledge gained can also be used in understand and customization the already available tools.
  6
  C & C++
  High level programming
  *Cross platform
  Writing exploits, shell codes etc.
  They come in handy when you need to write your own shell codes, exploits, root kits or understanding and expanding on existing ones.
  7
  Java
  CSharp
  Visual Basic
  VBScript
  Other languages
  Java & CSharp are *cross platform. Visual Basic is specific to windows
  Other uses
  The usefulness of these languages depends on your scenario.
  * Cross platform means programs developed using the particular language can be deployed on different operating systems such as Windows, Linuxed based, MAC etc.

  Other skills

  In addition to programming skills, a good hacker should also have the following skills:
  • Know how to use the internet and search engines effectivelyto gather information.
  • Get a Linux based operating system and the know the basics commands that every Linux user should know.
  • Practicemakes perfect, a good hacker should be hard working and positively contribute to the hacker community. He/she can contribute by developing open source programs, answering questions in hacking forums etc.

  What are hacking tools?

  They are computer programs and scripts that helps you find and exploit weaknesses in computer systems. Some of these tools are open source while others are commercial.
  

  Commonly Used Hacking Tools

  The following table lists some of the most commonly used tools.
  SR  NO.
  TOOLS
  DESCRIPTION
  URL Link
  1
   Nmap
  Network mapper. This tool is used to explore networks and perform security audits.
  http://nmap.org/
  2
   Nessus
  This tool can be used to perform;
  • Remote vulnerability scanner
  • Password dictionary attacks
  • Denial of service attacks.
  It is closed source, cross platform and free for personal use.
  http://www.tenable.com/products/nessus
  3
  John The Ripper
  Password cracking utility. It is cross platform.
  http://www.openwall.com/john/
  4
  Cain & Abel
  Microsoft Operating System passwords recovery tool. It is used to;
  • Recover MS Access passwords
  • Uncover password field
  • Sniffing networks
  • Cracking encrypted passwords using dictionary attacks, brute-force and cryptanalysis attacks.
  Visit their URL for more details
  http://www.oxid.it/cain.html
  5
  NetStumbler
  Used to detect wireless networks on the windows platform. It can be used for the following tasks;
  • Verifying network configurations
  • Finding locations with poor coverage in a WLAN
  • Detecting causes of wireless interference
  • Detecting unauthorized ("rogue") access points
  • Aiming directional antennas for long-haul WLAN links
  http://www.stumbler.net/
  6
  SQLMap
  Automates the process of detecting and exploiting SQL Injection weaknesses. It is open source and cross platform. It supports the following database engines.
  • MySQL
  • Oracle
  • Postgre SQL
  • MS SQL Server
  • MS Access
  • IBM DB2
  • SQLite
  • Firebird
  • Sybase and SAP MaxDB
  It supports the following SQL Injection Techniques;
  • Boolean-based blind
  • Time-based blind
  • Error-based
  • UNION query
  • Stacked queries and out-of-band.
  Visit their URL for more details
  http://sqlmap.org/

  Summary

• Programming skills are essential to become an effective hacker.
• Network skills are essential to become an effective hacker
• SQL skills are essential to become an effective hacker.
• Hacking tools are programs that simplify the process of identifying and exploiting weaknesses in computer systems.

How to hack using Social Engineering

• The human mind is not immune fromhacking. Social engineering is the art of tricking users into performing certain harmful activities or revealing confidential information to attackers. Knowing the tricks used by hackers to trick users into releasing vital login information among others is fundamental in protecting computer systems

  In this article, we will introduce you to the common social engineering techniques and how you can come up with security measures to counter them.

What is social engineering?

Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain un-authorized access to a computer system. The term can also include activities such as exploiting human kindness, greed and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.

HERE,

• Gather Information: This is the first stage, the learns as much as he can about the intended victiom. The information is gathered from company web sites, other publications and sometimes by talking to the users of the target system.
• Plan Attack: The attackers outline how he/she intends to execute the attack
• Acquire Tools: These include computer programs that an attacker will use when launching the attack.
• Attack: Exploit the weaknesses in the target system.
• Use acquired knowledge: Information gathered during the social engineering tactics such as pet names, birthdates of the organization founders etc is used in attacks such as password guessing.

Common Social Engineering Techniques:

Social engineering techniques can take many forms. The following is the list of the commonly used techniques.

• Familiarity Exploit: Users are less suspicious of people they are familiar with. An attacker can familiarize him/herself with the users of the target system prior to the social engineering attack. The attacker may interact with users during meals, when users are smoking he may join, on social events etc. This makes the attacker familiar to the users. Let’s suppose that the user works into a building that requires an access code or card to gain access, the attacker may follow the users as they enter such places. The users are most like to hold the door open for the attacker to go in as they are familiar with them. The attacker can also ask for answers to questions such as where you met your spouse, the name of your high school math teacher etc. The users are most likely to reveal answers as they trust the familiar face. This information could be used to hack email accounts and other accounts that ask similar questions if one forgets their password.
• Intimidating Circumstances: People tend to avoid people who intimidate others around them. Using this technique, the attacker may pretend to have a heated argument on phone or with an accomplice in the scheme. The attacker may then ask users for information which would be used to compromise the security of the users’ system. The users are most likely give the correct answers just to avoid having a confrontation with the attacker. This technique can also be used to avoid been checked at a security check point.
• Phishing: This technique uses trickery and deceit to obtain private data from users. The social engineer may try to impersonate a genuine website such as yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.
• Tailgating: This technique involves following users behind as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
• Exploiting human curiosity: Using this technique, the social engineer may deliberately drop a virus infected flash disk in an area where the users can easily pick it up. The user will most likely plug the flash disk into the computer. The flash disk may auto run the virus or the user may be tempted to open a file with a name such as Employees Revaluation Report 2013.docx which may actually be an infected file.
• Exploiting human greed: Using this technique, the social engineer may lure the user with promises of making a lot of money online by filling in a form and confirm their details using credit card details etc.

Social Engineering Counter Measures

Most techniques employed by social engineers involve manipulating human biases. To counter such techniques, an organization can;

• To counter the familiarity exploit, the users must be trained to not substitute familiarity with security measures. Even the people that they are familiar with must prove that they have the authorization to access certain areas and information.
• To counter intimidating circumstances attacks, users must be trained to identify social engineering techniques that fish for sensitive information and politely say no.
• To counterphishing techniques, most sites such as yahoo use secure connections to encrypt data and prove that they are who they claim to be. Checking the URL may help you spot fake sites. Avoid responding to emails that request you to provide personal information.
• To counter tailgating attacks, users must be trained not to let others use their security clearance to gain access to restricted areas. Each user must use their own access clearance. 
• To counter human curiosity, it’s better to submit picked up flash disks to system administrators who should scan them for viruses or other infection preferably on an isolated machine.
• To counter techniques that exploit human greed, employees must be trained on the dangers of falling for such scams.

Summary

• Social engineering is the art of exploiting the human elements to gain access to un-authorized resources.
• Social engineers use a number of techniques to fool the users into revealing sensitive information.
• Organizations must have security policies that have social engineering counter measures.

How to make your data safe using Cryptography

Information plays a vital role in the running of business, organizations, military operations etc. Information in the wrong hands can lead to loss of business or catastrophic results. To secure communication, a business can use cryptology to cipher information. Cryptology involves transforming information into non human readable format and vice versa.

In this article, we will introduce you to the world of cryptology and how you can secure information from falling into the wrong hands.

What is Cryptography?

Cryptography is the study and application of techniques that hide the real meaning of information by transforming it into non human readable formats and vice versa.

Let’s illustrate this with the aid of an example. Suppose you want to send the message “I LOVE APPLES”, you can replace every letter in the phrase with the third successive letter in the alphabet. The encrypted message will be “K NQYG CRRNGV”. To decrypt our message, we will have to go back three letters in the alphabet using the letter that we want to decrypt. The image below shows how the transformation is done.

The process of transforming information into non human readable form is called encryption.

The process of reversing encryption is called decryption.

Decryption is done using a secret keywhich is only known to the legitimate recipients of the information. The key is used to decrypt the hidden messages. This makes the communication secure because even if the attacker manages to get the information, it would not make sense to them The encrypted information is known as acipher.

What is Cryptanalysis?

Cryptology encrypts messages using a secret key. Cryptanalysis is the art of trying to decrypt the encrypted messages without the use of the key that was used to encrypt the messages. Cryptanalysis uses mathematical analysis & algorithms to decipher the ciphers. The success of cryptanalysis attacks depends on;

• Amount of time available
• Computing power available
• Storage capacity available

The following is a list of the commonly used Cryptanalysis attacks;

• Brute force attack– this type of attack uses algorithms that try to guess all the possible logical combinations of the plaintext which are then ciphered and compared against the original cipher.
• Dictionary attack– this type of attack uses a wordlist in order to find a match of either the plaintext or key. It is mostly used when trying to crack encrypted passwords.
• Rainbow table attack– this type of attack compares the cipher text against pre-computed hashes to find matches.

What is cryptology

Cryptology combines the techniques of cryptography and cryptanalysis.

Encryption Algorithms

MD5– this is the acronym for Message-Digest 5. It is used to create 128 bit hash values. Theoretically, hashes cannot be reversed into the original plain text. MD5 is used to encrypt passwords as well as check data integrity.  MD5 is not collision resistant. Collision resistance is the difficulties in finding two values that produce the same hash values.

• SHA– this is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate condensed representations of a message (message digest). It has various versions such as;

• SHA-0:  produces 120 bit hash values. It was withdrawn from use due to significant flaws and replaced by SHA-1.
• SHA-1:  produces 160 bit hash values. It is similar to earlier versions of MD5. It has cryptographic weakness and is not recommended for use since the year 2010.
• SHA-2:  it has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32 bit words while SHA-512 uses 64 bit words.
• SHA-3: this algorithm was formally known as Keccak.

• RC4– this algorithm is used to create stream ciphers. It is mostly used in protocols such as Secure Socket Layer (SSL) to encrypt internet communication and Wired Equivalent Privacy (WEP) to secure wireless networks.
• BLOWFISH– this algorithm is used to create keyed, symmetric blocked ciphers. It can be used to encrypt passwords and other data.

Hacking Activity: Hack Now!

In this practical scenario, we will create a simple cipher using the RC4 algorithm. We will then attempt to decrypt it using brute-force attack. For this exercise, let us assume that we know the encryption secret key is 24 bits. We will use this information to break the cipher.

We will use CrypTool 1 as our cryptology tool. CrypTool 1 is an open source educational tool for crypto logical studies. You can download it fromhttp://www.cryptool.org/en/ct1-download-en

Creating the RC4 stream cipher

We will encrypt the following phrase

Never underestimate the determination of a kid who is time-rich and cash-poor

We will use 00 00 00 as the encryption key.

• Open CrypTool 1

• Replace the text with Never underestimate the determination of a kid who is time-rich and cash-poor

• Click on Encrypt/Decrypt menu

• Point to Symmetric (modern) then select RC4 as shown above
• The following window will appear

• Select 24 bits as the encryption key
• Set the value to 00 00 00
• Click on Encrypt button
•  You will get the following stream cipher

Attacking the stream cipher

• Click on Analysis menu

• Point to Symmetric Encryption (modern) then select RC4 as shown above
• You will get the following window

• Remember the assumption made is the secret key is 24 bits. So make sure you select 24 bits as the key length.
• Click on Start button, you will get the following window

• Note: the time taken to complete the Brute-Force Analysis attack depends on the processing capacity of the machine been used and the key length. The longer the key length the longer it takes to complete the attack.

• When the analysis is complete, you will get the following results.

• Note: a lower Entropy number means it is the most likely correct result. It is possible a higher than the lowest found Entropy value could be the correct result.
• Select the line that makes the most sense then click on Accept selection button when done

Summary

• Cryptography is the science of ciphering and deciphering messages.
• A cipher is a message that has been transformed into a non human readable format.
• Deciphering is reversing a cipher into the original text.
• Cryptanalysis is the art of deciphering ciphers without the knowledge of the key used to cipher them.
• Cryptology combines the techniques of both cryptography and cryptanalyst.

How to crack password of an Application

Information is a valuable resource. It needs to be accessed and shared with legitimate people. Towards that end, access to information is usually protected via the use of authentication systems. Password cracking is the process of attempting to gain un-authorized access to restricted systems using common passwords or algorithms that guess passwords.

In this article, we will introduce you to the common password cracking techniques and the counter measures you can implement to protect systems against such attacks.

What is password cracking?

Password cracking is the art of obtaining the correct password that gives access to a system protected by an authentication method. Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or using algorithms to generate passwords that match.

What is password strength?

Password strength is the measure of a password’s efficiency to resist password cracking attacks. The strength of a password is determined by;

Length: the number of characters the password contains.

• Complexity: does it use a combination of letters, numbers and symbol?
• Unpredictability: is it something that can be guessed easily by an attacker?

Let’s now look at a practical example. We will use three passwords namely

1.  password

2.  password1

3.  #password1$

 For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above listed passwords.

Note: the password used is password the strength is 1 and it’s very weak.

Note: the password used is password1 the strength is 28 and it’s still weak.

Note: The password used is #password1$ the strength is 60 and it’s strong.

The higher the strength number, better the password.

Let’s suppose that we have to store our above passwords using md5 encryption. We will use an online md5convertor to convert our passwords into md5 hashes.

 The table below shows the password hashes

Password

MD5 Hash

Cpanel Strength Indicator

password

5f4dcc3b5aa765d61d8327deb882cf99

1

password1

7c6a180b36896a0a8c02787eeafb0e4c

28

#password1$

29e08fb7103c327d68327f23d8d9256c

60

We will now use http://www.md5this.com/to crack the above hashes. The images below show the password cracking results for the above passwords.

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn’t manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;

• Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
• Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value “password” can also be tried as p@$$word using the brute force attack.
• Rainbow table attack– This method uses pre-computed hashes. Let’s assume that we have database which stores passwords as md5 hashes. We can create another  database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found then we have the password.
• Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
• Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Spidering sample dictionary attack wordlist

1976 <founder birth year>
smith jones <founder name>
acme <company name/initials>
built|to|last <words in company vision/mission>
golfing|chess|soccer <founders hobbies

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools

John the Ripper

John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free but the word list has to be bought. It has free alternative wordlists that you can use. Visit the product websitehttp://www.openwall.com/john/ for more information and how to use it.

Cain & Abel

Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing etc. Unlike John the ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product websitehttp://www.oxid.it/cain.html for more information and how to use it.

Ophcrack

Ophcrack is a cross platform windows password cracker that uses rainbow tables to crack passwords. It runs on windows,Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product websitehttp://ophcrack.sourceforge.net/  for more information and how to use it.

Password Cracking Counter Measures

• An organization can use the following methods to reduce the chances of the passwords been cracked
• Avoid short and easily predicable passwords
• Avoid using passwords with predictable patterns such as 11552266.
• Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
• Most registration system have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going tocrack a windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

• Dictionary attack
• Brute force
• Cryptanalysis

We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist herehttp://xato.net/files/10k%20most%20common.zip

For this demonstration, we have created an account called Accounts with the password qwerty on windows 7.

Password cracking steps

• Open Cain and Abel, you will get the following main screen

• Make sure the cracker tab is selected as shown above
• Click on the add button on the toolbar.

• The following dialog window will appear

• The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.

• Right click on the account you want to crack. For this tutorial, we will  use  Accounts as the user account.

• The following screen will appear

• Right click on the dictionary section and select Add to list menu as shown above
• Browse to the 10k most common.txt file that you just downloaded

• Click on start button
• If the user used a simple password like qwerty, then you should be able to get the following results.

• Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
• If the password is not cracked using dictionary attack, you can try brute force or cryptanalysis attacks.

Summary

• Password cracking is the art of recovering stored or transmitted passwords.
• Password strength is determined by the length, complexity and unpredictability of a password value.
• Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
• Password cracking tools simplify the process of cracking passwords.