Password cracking

Password cracking are methods of attempting to gain unauthorized access to an account credentials by systematically trying a huge amount of combinations of passwords or encryption keys. Basically uses sheer computational power to try passwords until the correct one is found by comparing the hash results of the tries versus the target hash, as all passwords are/should be stored in hash format.

Brute Force attack

While this attack could technically find any password, its limited by time and resources, as it is the most time-consuming of all password attacks as it tries all possible combinations of characters specified from the start to a set limit. For example, if we were to crack the result of the hash from the password "red" b1f51a511f1da0cd348b8f8598db32e61cb963e5fc69e2b41485bf99590ed75a We would start by comparing the hash of red with the hash of "aaa" 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0 It doesn't match, so the program would move to "aab", then "aac", then "aad"... And so on until finally we reach "reb" "rec", !"red". Now the hash matches, so it must be the password. While very effective for short passwords, this attack is useless for long passwords as it could take from days to years to compare all possible combinations once we start adding more than 12 characters and different characters like numbers or symbols.

Dictionary attack

This attack uses wordlists, these are a collection of already found passwords in database leaks or made-up collections of possible passwords guessed from the personal information of the victim. Instead of trying character by character, this attack uses common and known used passwords on the internet, while it may not be as well-aimed as brute force, it has the advantage of trying long passwords. It uses probability to save time. The most famous wordlist is "rockyou" from the breach of 2009 to the company RockYou, they had the passwords of 32 million user accounts stored in plain text. That led to the creation of a wordlist with 14.344.392 unique passwords that has been used since to crack common passwords. Anyway there are way bigger and more dangerous wordlists out there, but this one is iconic and comes preinstalled in your pentesting distro. You could also make your own wordlist with personal info of the victim, for example the dog name + birthday + city born, favorite football team, whatever. There are many methods to create wordlists, easiest ones involve using programs like crunch or John the Ripper.

Rainbow tables

Similar to dictionary attacks, but instead of computing each password and comparing the result, a rainbow table is a wordlist already hashed with a chosen algorithm, for example SHA256, so the process of comparing the target hash versus the tries is much faster, almost like a grep into a file. The disadvantage is using more storage, having the same wordlist repeated in different hash algorithms, useless if the password is salted, so its not as used today as it was before.

Last updated 7 months ago