How Password Cracking Works:
The typical process followed
by a password cracker includes these four steps:
Steal passwords by some
nefarious means. That password is encrypted before it is stored using a hash.
Hashes are mathematical functions that transform an input of arbitrary length
into an encrypted fixed-length output.
Choose a cracking
method, such as a brute-force or dictionary attack, and choose a cracking tool.
Prepare password hashes
for cracking programs. This is done by providing an input to the hash function
to create a hash that can be authenticated.
Run the cracking tool.
A password cracker may
also be able to identify encrypted passwords. After retrieving the password
from the computer's memory, the program may be able to decrypt it. Or, using
the same algorithm as the system program, the password cracker creates an
encrypted version of the password that matches the original.
Best Password Cracking Tools:
1.) John the Ripper
John the Ripper is a
good choice for a password cracking tool, mainly because of its open-source
nature and support for a variety of platforms. The open-source nature means
that the code is available to the public, so users do not have to worry about
the legality of the software and the potential malware of malicious programs
that may be deeply integrated into the software.
Link
:https://www.openwall.com/john/
2.) hashcut
Known as the world's
first and only in-kernel rules engine, Hashcat is another password cracking
tool that can help recover various passwords, such as those used for WiFi,
documents, and other file types. Is. Multiple platforms and operating systems
are supported such as Windows, Linux and macOS for desktop. There's also mobile
support for Android, iOS, and Windows Mobile.
Link:
https://hashcat.net/hashcat/
3.) Medusa
Medusa is an online
password-cracking tool that supports protocols such as HTTP, SSH, FTP, CVS,
AFP, POP3, Telnet, and more. The software works as a login brute-forcer;
Multiple credentials are inputted using as many protocols as possible to arrive
at the correct password.
Link: https://www.kali.org/tools/medusa/
4.) THC Hydra
THC Hydra has seen many
comparisons to Medusa as a password cracker, but there are notable differences
between the two software. Like Medusa, THC Hydra is also an online password
cracking tool that uses brute-force password guessing method. One important
difference is that THC Hydra can be installed on Windows, macOS, Linux,
FreeBSD, and Solaris, notably more platforms than Medusa supports. In addition
to the brute-force method, THC Hydra can also use a dictionary attack using an
external wordlist.
Link
:https://www.kali.org/tools/hydra/
5.) WFuzz
WFuzz is another
brute-force password-cracking tool, much like Medusa and THC Hydra. Another
feature of the program is searching for hidden resources such as servlets,
directories and scripts. The tool also supports multiple injection types with
multiple dictionaries.
Link:
https://www.kali.org/tools/wfuzz/
6. Brutus
Brutus can recover
passwords and usernames from websites, operating systems, and other
applications. True to its name, Brutus uses a brute-force dictionary attack to
retrieve passwords.
7.) Rainbow Crack
RainbowCrack is another
password cracker tool that uses Rainbow Table Attack to decipher passwords in
hash form. The main technique used is a time-memory trade-off technique that
can be accelerated with multiple GPUs. Users can use RainbowCrack to generate
rainbow tables to use in the password cracking process or download pre-existing
rainbow tables from the Internet.
Link : http://project-rainbowcrack.com/
8.) L0phtCrack
L0phtCrack is an
open-source password cracking tool that can be used to crack Windows passwords.
The main techniques used by L0phtCrack are dictionary attacks and brute-force
attacks, which allows the program to generate and guess passwords.
9.) Ofcrack
OphCrack is a free,
open-source password cracker that uses a rainbow table attack to decipher
passwords. Specifically, the program cracks LM and NTLM hashes. LM hashes are
for Windows XP and earlier operating systems, while NTLM hashes are for Windows
Vista and later Windows operating systems.
10.) aircrack-ng
Aircrack-ng is a good
alternative for cracking WiFi passwords, allowing users to crack passwords that
use the WEP or WPA/WPA2 PSK standards. For techniques, Aircrack-ng uses a
dictionary attack with several supported algorithms including PTW and FMS.
Link :
https://www.aircrack-ng.org/
11.) Crackstation
Unlike most entries on
the list, CrackStation does not have a standalone program installed on the
computer. rather, crackus sed on any operating system, even on mobile.
Link :
https://crackstation.net/
12.) Cain and Abel
Cain & Abel is a
password recovery tool for Microsoft Operating Systems. It allows easy recovery
of various kind of passwords by sniffing the network, cracking encrypted
passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording
VoIP conversations, decoding scrambled passwords, recovering wireless network
keys, revealing password boxes, uncovering cached passwords and analyzing
routing protocols. The program does not exploit any software vulnerabilities or
bugs that could not be fixed with little effort. It covers some security
aspects/weaknesses present in protocol's standards, authentication methods and
caching mechanisms; Its main purpose is the simplified recovery of passwords
and credentials from various sources, however it also ships some
"non-standard" utilities for Microsoft Windows users.
Link:
https://web.archive.org/web/20190603235413/http://www.oxid.it/cain.html
13.) HackBrowserData
It is an open-source
tool that could help you decrypt data
(password|bookmark|cookie|history|creditcard|download|localStorage|extension)
from the browser. It supports the most popular browsers on the market and runs
on Windows, macOS and Linux.
Note: This post is only
for educational purpose, stay safe, stay ethical.
No comments:
Post a Comment