Page 78 - Electronic Mechanic - TP - Volume - 2
P. 78
ELECTRONICS MECHANIC - CITS
2 Dictionary search. Here, a password cracker searches each word in the dictionary for the correct password.
Password dictionaries exist for a variety of topics and combinations of topics, including politics, movies and
music groups.
3 Phishing. These attacks are used to gain access to user passwords without the use of a password cracking
tool. Instead, a user is fooled into clicking on an email attachment. From here, the attachment could install
malware or prompt the user to use their email to sign into a false version of a website, revealing their password.
4 Malware. Similar to phishing, using malware is another method of gaining unauthored access to passwords
without the use of a password cracking tool. Malware such as key loggers, which track keystrokes, or screen
scrapers, which take screenshots, are used instead.
5 Rainbow attack. This approach involves using different words from the original password in order to generate
other possible passwords. Malicious actors can keep a list called a rainbow table with them. This list contains
leaked and previously cracked passwords, which will make the overall password cracking method more
effective.
6 Guessing. An attacker may be able to guess a password without the use of tools. If the threat actor has
enough information about the victim or the victim is using a common enough password, they may be able to
come up with the correct characters.
What are password cracking tools?
Password crackers can be used maliciously or legitimately to recover lost passwords. Among the password
cracking tools available are the following three:
Cain and Abel. This password recovery software can recover passwords for Microsoft Windows user accounts
and Microsoft Access passwords. Cain and Abel uses a graphical user interface, making it more user-friendly than
comparable tools. The software uses dictionary lists and brute-force attack methods.
Ophcrack. This password cracker uses rainbow tables and brute-force attacks to crack passwords. It runs on
Windows, macOS and Linux.
UNIX password cracking
• Generally harder than NT to crack.
• 3-step process used by cracking programs
• create file of possible passwords (dictionary file)
• Encrypt file of possible passwords
• Compare results with encrypted form of passwords
• Obvious why it is harder to guess if you dont use simple words. Dictionary created must include combinations
of words with various connectors
• There are different dictionaries for different environments/countries.
UNIX Password Encryption
• UNIX uses an encryption algorithm called crypt to encrypt passwords.
• Crypt is a hash algorithm that performs a one-way transformation.
• There is thus no way to decrypt a password that has been encrypted with crypt
• Each encrypted password is 11 characters and is combined with a 2-character salt.
UNIX Password Crackers
• CRACK
• John the Ripper
• XIT
• Slurpie
Password Cracking Lab
• Two password files, one for NT, one for Unix.
61
CITS : E & H - Electronics Mechanic - Exercise 135