A secret string of characters is used for the authentication process in various applications is called a password. It is used to gain access to various accounts, repositories, and databases but at the same time, protects them from unauthorized access.
As much as it is important to create an undecipherable password, it is important for it to be stored in human brain with the ease of its recollection. On the event of losing a password due to inability of recollection, there are certain processes through which a person may have to go to bring back or change the password. Sometimes it can be a strenuous process if it’s a bank account or an online resource of similar importance.
Industries in which passwords are a high priority:
- Banking & Finance
- Share Trading
- Social Media
- Telecommunication & Gadgets
Types of Cyber security Attacks which aim to crack passwords:
- Brute Force Attack
In this type of attack, the hacker tries to determine the password by trying every possible combination of characters.
The number of attempts gets restricted by the number of characters and maximum length that is to be tried per position (or a byte if we are considering Unicode passwords too).
The time taken to complete is relatively more, but there are more chances of coverage of likely clear text value (all possibilities only if set to the maximum length and every possible character is considered in every position). It is like a combination lock which requires three numbers to be taken in sequence; one tries every possible combination – e.g., First 1-2-3, then 1-2-4.
A brute force attack may not try all options in sequential order. An advanced brute force attack can make certain assumptions like complexity rules require uppercase, first character more likely to be upper than lower case.
- Dictionary Attack
An attack which is based on estimation guessing using precompiled lists of options. Options which are likely to work are only tried in this attack and not all options are gone forward with.
The dictionary/possible combinations are based on some possible values and tend not to consider options of remote possibility. It may be based on the knowledge of one or a few key information about the target (family member names, birthday, etc.). The dictionary is based on the patterns or combinations that were observed across a massive number of users to determine the most commonly used patterns. The dictionary is more likely to include real words than random strings of characters.
The dictionary attack’s execution time is reduced because the number of combinations is restricted only to those on the list. However, the coverage is less and a good password may not be on the list and will be missed.
- Rainbow Table
It is a precompiled table for reversing cryptographic hash functions, mostly used for cracking password hashes. This technique proves to be good for recovering plaintext passwords, debit card numbers, etc. up to a limited length which consists of a limited group of characters. Space & time’s trade-offs practical example using less time in/for processing and extra storage capability than the brute force attack which computes a hash at every attempt, but involves more time for processing and lesser storage than table of lookup with an entry a hash.
This attack was ingeniously invented by Philippe Oechslin, based on the application of an algorithm by Martin Hellman.
Best Password Cracking Tools List ?
One of the widely used remote online tools used for password-cracking is Brutus. Brutus claims to be the fastest paced and flexible password cracking tool. It is available free of cost and can only be operated in Windows. I t was released in October 2000.
HTTP for Basic Authentication, Pop3, Telnet, HTTP (HTML Form/CGI), FTP, SMB, and other types such as NetBus, IMAP, NNTP, etc. are supported in this. One can also create his own types of authentication. This tool supports the multi-stage authentication engines and is also capable of connecting with 60 simultaneous targets. Resume and Load are two of its good features. Using these features, one can halt the attack process any time and then resume whenever one would want to resume.
This tool hasn’t been updated for years now. However, it can still be used in the current times.
2) Rainbow Crack
It falls in the hash cracker tool category that utilizes a large-scale time-memory trade off process for faster password cracking compared to traditional brute force tools. Time & memory trade-off is a process of computation where all plain text and hash pairs get calculated by using a chosen hash algorithm. The results are then stored in the rainbow table. This process can be very time-consuming. But, once the table is ready, it is capable of cracking passwords much faster than tools using brute force.
One doesn’t necessarily need to make tablets (rainbow) by themselves. RainbowCrack’s makers have been successful in generating rainbow tables (LM), md 5 rainbow table, rainbow table (NTLM), and sha 1 rainbow table.
The tables are free, therefore, anyone can get these tables and utilize them for their cracking of password processes.
This tool is for Linux and Windows systems also.
Rainbow cracker can be downloaded here
Wfuzz is a web application for password cracking that cracks passwords using brute forcing. It can be used to find hidden resources too like servlets, directories and scripts. This tool is also capable of identifying different kinds of injections with, XSS Injection, LDAP Injection, SQL Injection, etc. in applications of Web.
Prominent features of Wfuzz tool:
- Capability of injecting via multiple dictionaries with multiple points.
- Output with coloured HTML.
- Headers, post and authenticated data brute forcing.
- SOCK and Proxy Support.
- Multiple Proxy Support.
- Brute Force HTTP Password.
- GET and POST Brute forcing.
- Time delay between two requests.
- Fuzzing of cookies.
4) Cain & Abel
Cain and Abel is a popular password cracking tool. Is can handle varying tasks. The most noticeable thing is the tool’s availability only in Windows platforms. It can function as a sniffer on the network, for cracking of encrypted passwords by the dictionary attack, uncovering cached passwords, decoding scrambled passwords, brute attacks, recording VoIP conversations, password boxes revelation, cryptanalysis attacks, and analyzing protocols of routing.
Abel & Cain don’t exploit any bugs or vulnerability. It covers only the security weakness of a protocol to grab the password. This tool was mainly developed for network administrators, forensics staff, security professionals, and testers of penetration.
5) John the Ripper
John the Ripper is yet another popular free open source tool for password cracking in Linux, Mac OS X and Unix. A version for Windows is also available. This tool detects weak passwords. The pro-version of this tool is also available, which offers greater features with native packages for the test of target operating systems.
6) THC Hydra
THC Hydra can be said to be the fast paced network logon tool for password cracking. In comparison to other similar tools, it is clearly shown why it is faster. New modules can be easy to install in the tool. One can easily enhance the features by adding modules. It is available only for Windows, Free BSD, Linux, Solaris and OS X. The tool supports a large variety for network protocols. Currently supporting HTTP-FORM-POST, HTTP-PROXY, HTTP-GET, HTTPS-FORM-POST, HTTP-HEAD, HTTPS-FORM-GET, HTTP-FORM-GET, Ms(sql), Nntp, My(SQL), Ncp, PCNFS, Oracle’s Listener, Oracle, HTTPS-HEAD, pc-anywhere, Oracle’s SID, Pop3, Postgres, R.D.P, Rlogin, Rsh, rexec, SAP’s R3, Asterisk, Afp, Cisco’s AAA, Cisco auth, Cisco enable, Cvs, Firebird, FTP, HTTPS-GET, Telnet, Icq, IRC, HTTP-Proxy, SSH v1 & v2, Teamspeak (TS2), VMware-Auth, Subversion , XMPP & VNC, Imap, SIP, LDAP, SMB, SMTP Enum, SMTP, SOCKS5 and SNMP.
If one is a developer, then he can also contribute to the development of the tool.
Medusa is another tool for password cracking like THC Hydra. It is known to be a speedy parallel, login brute forcing tool and modular. When cracking the password; host, password and username can be a flexible input while the performance of the attack.
Medusa is popular for being the command line tool, so one need to understand commands before utilizing the tool. Tool’s efficiency depends on network’s connectivity. It can test 2000 passwords per minute on a local system.
In this tool the attacker can also carry out parallel attacks at one time. It allows one to crack passwords of multiple email accounts simultaneously. He can specify the username list along with the password list.
OphCrack is available for free which is a rainbow-table based tool for password cracking on Windows. It is a popular Windows password cracking tool which can also be used on Linux or Mac. It can crack LM and NTLM hashes. For cracking Windows 7, Vista or Windows XP, free rainbow-tables are made available.
A live CD of OphCrack is made available for the simplification of the cracking. One can utilize the Live CD of OphCrack to crack the Windows-based passwords. This tool is made available for free.
L0phtCrack serves as substitute to OphCrack. It makes various attempts on cracking Windows passwords from hashes. For cracking these passwords, it utilizes the primary controllers of domain, workstations (windows), network server, also Active Directory. It also makes use of dictionary attack and brute force attacking in guessing and generating of passwords. It became an acquisition to Symantec and discontinued in the year 2006. Later developers of L0pht again re-acquired it and launched their L0phtCrack in the year 2009.
It is available with an audit feature of schedule routine. One can set daily, weekly or monthly audit, it will still start scanning on the scheduled time.
Aircrack-NG is a tool for cracking of WiFi passwords that can crack WPA or WEP passwords. It analyses wireless encrypted packets also then tries to crack the passwords with cracking its algorithm. The FMS attack is utilized with other useful attacking methods for cracking of passwords. It is available on Linux and Windows systems. CD of Aircrack is also made available live.
Things to Be Considered While Creating a Password
- Upper & Lower case
- Username not be used as a password.
- Make it difficult to crack.
- Do not use known things to people about yourself like birthdate.
- Dictionary words are not to be used.
- Do not use key strokes adjacent to each other like “1234”, etc.
- Avoid the exact same password everywhere.
- Do not store the passwords as a list on the system.
- There are online third-party services that help users to safeguard sensitive passwords, along with LastPass, DashLane, and 1Password that store passwords at the cloud and secure them all using a master password.
11) Passware – Kit Forensics
Passware Kit Forensic is the complete electronic evidence discovery solution that reports all the password-protected items on a computer and decrypts them. The software recognizes 280+ file types and works in batch mode recovering their passwords. Password recovery for 280+ file types MS Office, PDF, Zip and RAR, Quickbooks, FileMaker, Lotus Notes, Bitcoin wallets, Apple iTunes Backup, Mac OS X Keychain and many other popular applications.
Live Memory analysis
Analyzes live memory images, hibernation files and extracts encryption keys for FileVault2, TrueCrypt, VeraCrypt, BitLocker, logins for Windows & Mac accounts from memory images & hibernation files.
Cloud Data Acquisition
Acquires backups and data from cloud services (Apple iCloud, MS OneDrive, and Dropbox).
Recovers passwords for Apple iPhone/iPad and Android backups as well as Android images and extracts data from images on Windows phones. Integrated with Oxygen Forensic Suite.
Accelerated password recovery with multiple computers, NVIDIA and AMD GPUs, Tableau Password Recovery and TACC, and Rainbow Tables.
Detects all encrypted files and hard disk images and reports the type of encryption and the complexity of the decryption.
Linux Agent Ready
Run a portable Passware Kit Agent from a bootable Linux USB drive.
Decryption of FDE
Decrypts or recovers passwords for BitLocker, FileVault2, APFS, TrueCrypt, VeraCrypt, LUKS, McAfee, Apple DMG, and PGP disk images. And many more..
12) Elcomsoft Password Recovery
Complete suite of ElcomSoft password recovery tools allows corporate and government customers to unprotect disks and systems and decrypt files and documents protected with popular applications. Based on in-house tests as well as feedback from ElcomSoft valuable customers, these password recovery tools are the fastest on the market, the easiest to use and the least expensive.
- Industry certified: Microsoft Gold Certified Partner, Intel Software Partner, NVIDIA Developer Support
- Broad compatibility: recovers document and system passwords to various file formats
- GPU acceleration: patented technology reduces password recovery time by a factor of 50
- Linear scalability: allows using a number of multi-core and multi-processor workstations connected over a LAN or the Internet with linear increase of recovery speed
- Minimum bandwidth utilization and zero scalability overhead
- Flexible queue control and easy job management
- Remote management of password recovery workstations
- Completely traceable: keeps track of CPU time and resource utilization, password recovery jobs and user activities
As weak as passwords are generally, they’re not going to fade away anytime soon in future. Every coming year we have rising number of passwords to deal with, and every coming year they are getting easier to break. Therefore the strategies mentioned above will make one’s password difficult to crack if frequent change is implemented along. The effectiveness of password cracking depends largely on two independent things which are power and efficiency. Power is simply computing power. Computers have become faster and are capable to test multiple passwords per second which can be eight million every second. Such crackers run for days, rather months
Efficiency deals with the capability to guess passwords cleverly. It makes no sense to go through every eight-letters of combination right from “aaaaaaaa” to “zzzzzzzz” in such an order. That will be 200 billion possible passwords, many of them are unlikely. Password crackers then try the most common passwords first.
Password cracking tools are however used with various motives, sometimes negative other times, positive. Being aware of such software enlightens the people especially in the information technology and security domain. In the study of information security, such applications are taught with more detail. There are certain applications available to reduce the chances of such attacks through the above mentioned tools and techniques. Whether it is a password for bank account, broking account, social media account or a document password it is ought to be made unbreakable to ensure its utmost security and avoiding unauthorized access. But having mentioned this, the easiest way to guess a password isn’t to guess it at all, but to exploit the inherent insecurity in the underlying operating system.
Digital Forensic Forest is an initiative to exchange and share knowledge. Digital Forensic is quite new field. people are keen to learn about Digital Forensics and process but very few sources are available to learn. Digital Forensic Forest is an active and open platform which promotes people to share any ideas and ask any technical problems to each other. We welcome all kind of quires and suggestion to improve this.
This Blog doesn’t only limited to technical stuff we are also working on Digital investigation techniques as well. very soon you will find post related to this. If someone wants to post his/her research work for to help others kindly let us know.