Page 77 - Electronic Mechanic - TP - Volume - 2
P. 77
ELECTRONICS MECHANIC - CITS
EXERCISE 135: Demonstrate process of password
cracking
Objectives
At the end of this exercise you shall be able to
• to demonstrate process of password cracking.
Requirements
Tools/Materials
• Cain and Abel • John the Ripper
• Ophcrack • Slurpie
Procedure
What is password cracking?
Password cracking is the process of using an application program to identify an unknown or forgotten password
to a computer or network resource. It can also be used to help a threat actor obtain unauthorized access to
resources.
With the information malicious actors gain using password cracking, they can undertake a range of criminal
activities. Those include stealing banking credentials or using the information for identity theft and fraud.
A password cracker recovers passwords using various techniques. The process can involve comparing a list of
words to guess passwords or the use of an algorithm to repeatedly guess the password.
How do you create a strong password?
Password crackers can decipher passwords in a matter of days or hours, depending on how weak or strong the
password is. To make a password stronger and more difficult to uncover, a plaintext password should adhere to
the following rules:
Be at least 12 characters long. The shorter a password is, the easier and faster it will be cracked.
Take advantage of password creation tools and managers. Some smartphones will automatically create
long, hard-to-guess passwords. For example, Apple iPhones will create strong website passwords for users. An
iPhone stores the passwords in its password manager, iCloud Keychain and automatically fills the password into
the correct field so the user doesn’t have to remember the complicated password.
What does a password cracking attack look like?
1 The general process a password cracker follows involves these four steps:
2 Steal a password via some nefarious means. That password has likely been encrypted before being stored
using a hash Hashes are mathematical functions that change arbitrary-length inputs into an encrypted fixed-
length output.
3 Choose a cracking methodology, such as a brute-force or dictionary attack, and select a cracking tool.
4 Prepare the password hashes for the cracking program. This is done by providing an input to the hash function
to create a hash that can be authenticated.
5 Run the cracking tool.
6 A password cracker may also be able to identify encrypted passwords. After retrieving the password from the
computer’s memory, the program may be able to decrypt it. Or, by using the same algorithm as the system
program, the password cracker creates an encrypted version of the password that matches the original.
What are password cracking techniques?
1 Brute force. This attack runs through combinations of characters of a predetermined length until it finds the
combination that matches the password.
60