Introduction to Password Cracking Techniques.

Password Cracking;

Password Cracking attacks are of following types:

1. Passive online Cracking:

In the passive online cracking, attacker tries to authenticate into system by cracking the passwords using Bruteforce, dictionary attacks or rainbow tables. This method is quite complex and time consuming. Also there is no surety of getting the password cracked. or rainbow tables. This method is quite complex and time consuming. Also there is no surety of getting the password cracked.

2. Active online Cracking:
In active online cracking, attacker generally guesses the passwords in order to gain access into the system. Generally, bad passwords and open authentication points are vulnerable to active online cracking. Although it consumes a lot of time and is less efficient way.

3. Offline attacks:
In offline attacks, attacker tries to exploit Lan manager hash (LM Hash), LM hashes are much vulnerable because of the short length and short key they use. Offline attacks are also take much time to crack the passwords. Generally in offline attacks, attacker performs dictionary, hybrid or brute force attacks.

4. Non-electric media attacks:

In this, password cracking took place with using any technical medium. Generally, holder surfing, dumpster diving and social engineering is used to gain passwords and sensitive Information. Hardware key-logger can also be used to sniff each and every typo by the keyboard. This is commonly used non- electric media attacks.

Default password databases:

there are many website which contains databases of default usernames, passwords, ports and various information of networking or other devices. Sometimes, default password provides the access into target system. From the attacker's point of view each and every possibility should be covered.

Some of the website which contains default password databases are:

1. Default Password List:

2. cirt.net/passwords

Manual Password Cracking:

1. ping the target network to check whether it is live or not ultimately choose a valid target. 
2. Make a list of all possible passwords (easily available online)
3. Define the priority of each password on the basis of the key defined
4. Try to get access using password, in case of failure, again try with different password.

Automated Password Cracking:

Automated password cracking uses algorithms to crack passwords. Automated password cracking provides attacker an ease and is quite faster than manual password cracking.

A. Dictionary Attack:

1. In the dictionary attack, firstly the encryption algorithm used is found.
2. The encrypted password is than obtained.
3. From the lists of passwords, each password is encrypted using the same encryption algorithm and matched with original encrypted password (obtained in step 2).
4. It matches each encrypted password with original encrypted password, until the match is found.
5. If match is found, it show the password, else the procedure is repeated again. 

Attack speed is around 250-300 words per second. 

B. Lan Manager Hash:

LM Hash is a algorithm by which the passwords are encrypted.

Algorithm of LM HASH:

1. Suppose the password created is 234567xyzabcd.
2. Firstly, all the characters are converted into uppercase letters, i.e. 234567XYZABCD.
3. If the password is less than 14 characters in length, null is added until the length of 14.
4.  Now the password is split into half, i.e. 234567X and YZABCD 
5. Each half is separately encrypted and the result is concatenated.
6. Now to crack the alpha-numeric part (first half), it take more than 20hours. Whereas it takes less than 5 minutes to crack the alphabetic part (second half).

C. Salting;

Salting is a prevention mechanism for the passwords. It disables or prevents deriving of passwords from the lists of passwords. In salting, the two different hashes may contain same passwords, hence the representation differs.