search for ccna answer

Monday, November 7, 2016

How hacker crack your password

Original Title: Beware! This are the 6 ways by which hackers crack your Password



If your bank account or online accounts like Gmail, Yahoo, Facebook or Twitter has ever been hacked, you should know that the cyber criminals use specific trick to get into your account. With passwords being the central theme of almost all your accounts, hackers prefer to go after your password to hack into your financial as well as online accounts.

If your account is hacked, the criminals probably used one of the 6 below given ways to crack your account. If you study these methods you can prepare yourself better to repel such hacks and control your accounts easily.

Brute force attack

Brute force is about overpowering the computer’s defenses by using repetition. Brute force attack is a random trial and error method hack repeated till the password is finally cracked. Hackers randomly keep applying names and numbers to crack password through this pattern. Sometimes, a lot of guesswork is also used to decode password. Arithmetic numbers, birth date, pet’s name, favourite actor’s name are the password that users commonly use.



Dictionary Hacking

Dictionary hacking is also a form of brute force attack. But in Dictionary hack, hackers use various permutations and combinations of dictionary words. They repetitively use the dictionary software and try various combination of words to crack your password. A report says, over 50 percent of the passwords are cracked through this process.

Brute force dictionaries always start with simple letters “a”, “aa”, “aaa”, and then eventually moves to full words like “dog”, “doggie”, “doggy”. These brute force dictionaries can make up to 50 attempts per minute in some cases.



Phishing

Phishing is another most commonly used tool of hackers to to acquire  usernames and passwords. Also, phishing is the most used method because it takes just a trick to fool the victim into divulging his/her login credentials. Most trojans spread through phishing while sometimes hackers create cloned websites or fake internet address is created wherein you are asked to fill in your username and password details.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Spidering attack

Another hacking tool is the Spidering attack. Just as the name suggests, hackers also crawl your website like a spider and collect all the common information. Cyber criminals normally use spidering attack to target big companies.

A spider is a tool that crawls a website looking for all the available content. There’s a few different ways to discover content:



– Static Content
– Dirbuster
– HTTP Method
– Ascension Fuzz
– Query Fuzz
– Cookie Fuzz
– Robots.txt / Sitemap.xml
– RIA Checks
– UserAgent
– Regexp path/url
– Public cache search
– /status

Keylogger attack

This hacking tool is very similar to Phishing and is generally spread through malware infection. The victim is usually trapped into installing a keylogger on his/her PC/Laptop by clicking on an attachment is sent to victim email. The moment you download the attachment, it scans through your browser. Once installed, the keylogger records all your Internet activity which is than relayed back to the command and control servers.

Rainbow Table

While you might think of Rainbow Tables as eclectic colorful furniture, those aren’t the ones we are going to discuss. The Rainbow Tables that we are talking about are used to crack passwords and are yet another tool in the hacker’s ever growing arsenal.

This method requires a good knowledge of computers and coding.Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. It’s possible for two different passwords to result in the same hash so it’s not important to find out what the original password was, just as long as it has the same hash. The plaintext password may not even be the same password that was created by the user, but as long as the hash is matched, then it doesn’t matter what the original password was.

The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves, Storage these days is plentiful and cheap so this is not a big issue for hackers. You can also get  precomputed Rainbow Tables for cracking passwords of vulnerable operating systems such as Windows XP, Vista, Windows 7, and applications using MD5 and SHA1 as their password hashing mechanism (many web application developers still use these hashing algorithms).

Credits to Vijay Prabhu
Do drop in your comments about the above six methods of password cracking.

No comments: