CHAPTER 1

INTRODUCTION

1.1 Definition and importance of password security

In cryptanalysis and computer security, password cracking is the process of recovering

passwords from data that has been stored in or transmitted by a computer system in scrambled
form. A common approach (brute-force attack) is to repeatedly try guesses for the password and
to check them against an available cryptographic hash of the password. Another type of
approach is password spraying, which is often automated and occurs slowly over time to remain
undetected, using a list of common passwords.

In the digital age, password security is a critical part of cybersecurity. Passwords are used to
safeguard personal, financial, and sensitive information, making them one of the first lines of
defense against unauthorized access. This report explores the definition and importance of
password security, addressing the various aspects and considerations that come into play in
ensuring the protection of data.

The primary goal of password security is to protect access to a system, application, or account.
Passwords are a fundamental part of authentication, which is the process of verifying the
identity of a user or entity trying to access a resource. Passwords serve as a barrier that should
only allow authorized individuals to gain access, while keeping unauthorized users or potential
attackers out.

Password security aims to ensure that:

i. Only authorized users can access a system or account: Passwords are used to verify that
the person entering the password is the legitimate account holder or an authorized user.

ii. Confidential information stays confidential: Passwords help protect sensitive data and
information stored within an account or system from unauthorized access.

iii. System integrity is maintained: Passwords are essential for supporting the integrity of a
system by preventing unauthorized changes or misuse.
1.2 The history of password security

Early Days (1960s): In the early days of computing, there were no standardized password
security systems. Users often did not have passwords, or they were simply used for basic access
control.

Unix Passwords (1970s): The introduction of Unix in the 1970s brought about one of the
earliest password security systems. Passwords were hashed using the DES (Data Encryption
Standard) algorithm and stored in the /etc/passwd file.

Password Hashing Algorithms (1980s): As computing power increased, DES became

susceptible to brute force attacks. More advanced password hashing algorithms like MD5 and
SHA-1 were introduced, which supplied better security.

Salting (1980s-1990s): To enhance security, the concept of "salting" passwords was introduced.
A unique random value (the salt) was added to each user's password before hashing, making it
more difficult to precompute attacks.

Password Policies (2000s): Organizations started implementing password policies that required
users to create stronger passwords, including a mix of letters, numbers, and special characters,
and to change them regularly.

1.3 Evolution of Password Cracking Techniques:

● Brute Force Attacks: In the early days, attackers used simple brute force methods,
trying every combination of characters until they found the correct password.

● Dictionary Attacks: Attackers began using dictionary-based attacks, trying a list of

frequently used words and phrases as potential passwords. This approach is more
efficient than brute force.

● Rainbow Tables (2000s): To crack hashed passwords more quickly, attackers started
using rainbow tables. These precomputed tables allowed for the rapid lookup of hash
values to find corresponding plaintext passwords.
 ● GPU Acceleration (2010s): With the rise of powerful GPUs (Graphics Processing
Units), attackers could perform many more hashing operations per second, making
password cracking faster and more efficient.

● Specialized Hardware (ASICs): Password cracking ASICs (Application-Specific

Integrated Circuits) were developed to further accelerate the process. These devices are
highly specialized for password cracking tasks.

● Pass-the-Hash Attacks: Attackers no longer needed to crack passwords; they could

capture and use password hashes directly, exploiting vulnerabilities in the authentication
process.

1.4 Common Mistakes in Password Creation:

Using Weak Passwords: Many users still choose easily guessable passwords like "password,"
"123456," or "qwerty." These are among the first passwords that attackers try.

Using Common Words: Using familiar words, phrases, or patterns like "football," "iloveyou,"
or "123456789" is a common mistake. Attackers often use dictionary attacks to crack such
passwords.

Lack of Complexity: Passwords without a mix of uppercase letters, lowercase letters, numbers,
and special characters are vulnerable. Simple passwords like "abcdef" can be easily guessed.

Short Passwords: Short passwords supply fewer combinations, making them easier to crack. A
password like "abc12" is far less secure than "Abc123$."

Personal Information: Avoid using easily obtainable personal information like your name,
birthdate, or the name of a family member or pet. This information is often available on social
media.

Reusing Passwords: Using the same password for multiple accounts is risky. If one account is
compromised, all linked accounts become vulnerable.

Not Updating Passwords: Not changing passwords regularly can be problematic, especially if
a data breach occurs and your password is exposed.
Default or Simple Passwords: Not changing default passwords on devices or accounts, like
"admin" or "password," is a significant security mistake.

1.5 Impact of Weak Passwords on Security:

Data Breaches: Weak passwords make it easier for attackers to gain unauthorized access to
your accounts. In the case of a data breach, your personal information, financial data, and more
can be exposed.

Identity Theft: Weak passwords can lead to identity theft, where an attacker uses your personal
information to commit fraudulent activities, open accounts in your name, or impersonate you
online.

Account Hijacking: Attackers can hijack your accounts, lock you out, and misuse your account
for malicious purposes or financial gain.

Financial Loss: Weak passwords on financial accounts can lead to unauthorized transactions
and financial losses. This is especially critical for online banking and payment accounts.

Privacy Invasion: Email accounts often hold sensitive and confidential information. Weak
email passwords can lead to privacy invasions and unauthorized access to your correspondence.

Spam and Phishing: Weak passwords can lead to email and social media account takeovers,
which can be used for sending spam, phishing messages, and other malicious activities.

1.6 Implementing Password Complexity Requirements:

A password policy is a set of rules designed to enhance computer security by encouraging users
to employ strong passwords and use them properly. A password policy is often part of an
organization's official regulations and may be taught as part of security awareness training.
Either the password policy is merely advisory, or the computer systems force users to comply
with it

Minimum Length: Set a minimum password length to ensure that passwords are not too short.
A common recommendation is a minimum of 8-12 characters.

Complexity Rules: Require a mix of character types, including uppercase letters, lowercase
letters, numbers, and special characters (e.g.! @, #, $).
No Common Words: Implement checks to prevent the use of frequently used words, phrases,
and patterns. This helps protect against dictionary attacks.

No Personal Information: Forbid the use of easily obtainable personal information like names,
birthdays, or family members' names.

No Password Reuse: Enforce a policy that prevents users from using the same password for
multiple accounts. This reduces the risk of credential reuse attacks.

Password History: Maintain a password history to prevent users from changing their password
to a previously used one.

1.6 Password Expiration and Change Policies:

Password Expiration: Passwords should have an expiration period, typically between 60 to

180 days (about 6 months). This forces users to change their passwords periodically.

Password Change Frequency: Set the frequency at which users must change their passwords,
considering the sensitivity of the data or system.

Password Lockout: Implement a policy that locks out a user after a certain number of failed
logins attempts to prevent brute force attacks.

Account Recovery: Ensure users have a way to recover their account if they forget their
password, but this should involve additional security measures, like email verification or
security questions.

Two-Factor Authentication (2FA): Encourage or require the use of 2FA. If users have 2FA
enabled, they have an additional layer of security, even if their password is compromised.

1.7 How Passwords Are Stored and Encrypted by Services:

Hashing: The most common method for storing passwords is to hash them. A hash function
takes the plaintext password and transforms it into a fixed-length string of characters. Common
hashing algorithms include bcrypt, scrypt, MD5 and SHA-256.
Salting: To enhance security, a unique random value called a "salt" is generated for each user.
The salt is then combined with the password before hashing. Salting ensures that even if two
users have the same password, their hashed values will be different.

Key Derivation: Many services use key derivation functions (KDFs) to hash passwords. KDFs
are specifically designed to be computationally intensive and slow, making it more difficult for
attackers to crack passwords using brute force or dictionary attacks.

Encryption: Some services may choose to encrypt passwords rather than hashing them. While
encryption provides an additional layer of protection, it can be less secure if the encryption key
is compromised.

1.8 Salting and Hashing for Password Protection:

Salting: Adding a unique salt to each user's password before hashing prevents attackers from
using precomputed tables like rainbow tables, as they would need to compute the hash for each
salt individually.
With password salting, a random piece of data is added to the password before it runs through
the hashing algorithm, making it unique and harder to crack.

When using both hashing and salting, even if two users choose the same password, salting adds
random characters to each password when the users enter them. As a result, completely
different hashes are generated to prevent the passwords and accounts from being compromised.

Here is how it works:

User Password 1 orange

Salt 1 y3Unz
Salt added to password 1 Orangey3Unz
Hash ("orange" + salt) 1 024ca8e38b33f9116c151123eb432d20
User Password 2 orange
Salt 2 1Hx$
Salt added to password 2 – orange1Hx$

Hash ("orange" + salt) 2 5d41402abc4b2a76b9719d911017c592

 Hashing: Hashing is the process of generating a value from a text or a list of numbers using a
mathematical function known as a hash function.
A Hash Function is a function that converts a given numeric or alphanumeric key to a small
practical integer value. The mapped integer value is used as an index in the hash table. In simple
terms, a hash function maps a substantial number or string to a small integer that can be used as
the index in the hash table.
There are many hash functions that use numeric or alphanumeric keys.

​ Division Method.
​ Mid Square Method.
​ Folding Method.
​ Multiplication Method.
1. Division Method:
This is the most simple and easiest method to generate a hash value. The hash function divides
the value k by M and then uses the remainder obtained.
Formula:
h(K) = k mod M

Here,
k is the key value, and
M is the size of the hash table.

It is best suited that M is a prime number as that can make sure the keys are more uniformly
distributed. The hash function is dependent upon the remainder of a division .

Example:
k = 12345
M = 95
h(12345) = 12345 mod 95
= 90

k = 1276
M = 11
h(1276) = 1276 mod 11
=0
 2. Mid Square Method:
The mid-square method is a particularly good hashing method. It involves two steps to compute
the hash value-
Square the value of the key k i.e., k2
Extract the middle r digits as the hash value.
Formula:
h(K) = h (k x k)

Here,
k is the key value.
k = 60
k x k = 60 x 60
= 3600
h(60) = 60

The hash value obtained is 60

3. Digit Folding Method:

This method involves two steps:
Divide the key-value k into several parts i.e., k1, k2, k3….,kn, where each part has the same
number of digits except for the last part that can have lesser digits than the other parts.
Add the individual parts. The hash value is obtained by ignoring the last carry if any.
Formula:
k = k1, k2, k3, k4, ….., kn
s = k1+ k2 + k3 + k4 +….+ kn
h(K)= s

Here,
s is obtained by adding the parts of the key k

Example:
k = 12345
k1 = 12, k2 = 34, k3 = 5
s = k1 + k2 + k3
= 12 + 34 + 5
= 51
h(K) = 51
 4. Multiplication Method
This method involves the following steps:
Choose a constant value A such that 0 < A < 1.
Multiply the key value with A.
Extract the fractional part of kA.
Multiply the result of the above step by the size of the hash table i.e. M.
The resulting hash value is obtained by taking the floor of the result obtained in step 4.

Formula:
h(K) = floor (M (kA mod 1))

Here,
M is the size of the hash table.
k is the key value.
A is a constant value.

Example:
k = 12345
A = 0.357840
M = 100

h(12345) = floor[ 100 (12345*0.357840 mod 1)]

= floor[ 100 (4417.5348 mod 1) ]
= floor[ 100 (0.5348) ]
= floor[ 53.48 ]
= 53

1.9 Commonly used hash functions:

Hash functions are widely used in computer science and cryptography for a variety of purposes,
including data integrity, digital signatures, password storage, and more.
There are many types of hash functions, each with its own strengths and weaknesses. Here are a
few of the most common types:
​ SHA (Secure Hash Algorithm): SHA is a family of cryptographic hash functions
designed by the National Security Agency (NSA) in the United States. The most widely
 ​ used SHA algorithms are SHA-1, SHA-2, and SHA-3.

​ MD5 (Message Digest 5): MD5 is a widely used cryptographic hash function that
produces a 128-bit hash value. It is fast and efficient but is no longer recommended for
security purposes due to known vulnerabilities. The basic idea behind MD5 is to take an
input message of any length, and produce a fixed-length output, known as the hash value
or message digest
​ SHA-3: SHA-3 is the latest member of the SHA family and was selected as the winner of
the NIST hash function competition in 2012. It is designed to be faster and more secure
than SHA-2 and produces hash values of 224, 256, 384, and 512 bits.

1.10 Purpose and scope of the report

The purpose of this project report is to provide a comprehensive analysis and understanding of
the techniques and methodologies utilized in password cracking and to assess the effectiveness
of cracking various password hash values using the tool John the Ripper

1.11 CHAPTER ORGANISATION

The report of the mini project is divided into five chapters as follows:

CHAPTER 1 - An overview of password security, the importance of password strength, and

the common methods for storing passwords.

CHAPTER II - Gives a detailed review of the literature.

CHAPTER III - Describes the existing methods

CHAPTER IV - Explores the implementation of the proposed system

CHAPTER V - A summary of the findings and conclusions drawn from the project, along with
recommendations for improving password security and mitigating the risk of password
cracking.
 CHAPTER – II
LITERATURE REVIEW

2.1 Introduction
The purpose of this chapter is to review the existing literature on various password cracking
techniques. Passwords are widely used for user authentication in various applications, making
the security of passwords a critical concern. Understanding the different approaches used by
attackers to crack passwords is essential to develop effective countermeasures. This chapter
provides an overview of the different password cracking techniques and their strengths and
weaknesses.

John the Ripper: An Examination and Analysis on the Popular Hash Cracking
Algorithm: Kaden Marchetti, Paul Bodily (2022)

This paper discusses the evolving landscape of hash cracking in recent years, with a focus on
the tool "John the Ripper." It highlights the increased use of industry encryption standards,
salting, and timeouts as countermeasures against hash cracking. The paper also acknowledges
that John the Ripper is a powerful open-source hash cracking tool, utilized by both
cybercriminals and security specialists.

The research aims to address questions regarding the viability and effectiveness of John the
Ripper as a hash cracking tool. To answer these questions, the research conducted three
experiments, each with varying results.

The key findings of the research are as follows:

1. John the Ripper's Customization: The tool struggles as a brute force attacker without
complex customization, indicating that it may not be as effective when trying to crack
passwords using this approach.

2. Efficiency as a Dictionary Attacker: John the Ripper demonstrates efficiency as a

dictionary attacker when used against the most popular passwords and their variants. It
possesses an extensive collection of rainbow tables that facilitate this process.
 3. Cracking Popular Passwords: The tool is capable of easily cracking the thousand most
popular passwords using its open-source rainbow tables, indicating its effectiveness against
widely used and weak passwords.

In conclusion, the research suggests that John the Ripper is a formidable tool for cracking
passwords, particularly when used as a dictionary attacker against common and easily guessable
passwords. However, it faces challenges as a brute force attacker without substantial
customization. The study underscores the importance of cybersecurity and hash cracking
algorithms in addressing these challenges.

Most Used Password Cracking Techniques: Abhisek Kumar Shandilya1*,

Chethan R2*, Dr. Zafar Ali Khan (2022)
This paper discusses the ever-growing methods of password security, highlighting that a
system's security is only as strong as its weakest point, often being user passwords. Despite
efforts to educate users on creating stronger and more unpredictable passwords, average user
habits have been slow to change. The introduction of modern technologies, such as one-time
passwords, biometrics, and password-less accounts, is reshaping authentication methods, yet
challenges persist.

The paper explores the most widely used password cracking methods, including phishing,
malware, social engineering, brute force attacks, and dictionary attacks. These methods have
continued to evolve with advancements in technology. Notably, the paper examines the impact
of Graphics Processing Units (GPUs) on brute force and dictionary attacks, which has
significantly accelerated the password cracking process.

The paper addresses the consequences of password cracking, emphasizing the losses incurred
due to successful attacks. Password cracking techniques are employed for various nefarious
purposes, and the paper delves into the motivations behind these attacks.

The discussion also touches on the limitations of using hashing to store passwords and may
involve the examination of specific algorithms like the "link guard algorithm" and the "Ben
Clark algorithm."
In summary, the paper provides an overview of the changing landscape of password security,
the evolution of password cracking methods, the impact of GPUs, and the consequences of
password
cracking. It highlights the ongoing need for strong authentication methods and the importance of
staying ahead of evolving threats in the digital security space.

A Study on Password Security Awareness in Constructing Strong

Passwords: Sulaiman, N. (2022)

The paper highlights the prevalent issue of poor password practices among users, even among
professionals, and the risks associated with these habits. Users often opt for easily remembered
passwords, neglecting security concerns. Common bad practices include using weak passwords,
reusing passwords across multiple accounts, and sharing passwords without considering
security implications.

To assess users' awareness of password protection, a study employed questionnaires with

various metrics. The primary objective was to gauge users' knowledge and behavior regarding
password security. The study revealed that a sizable portion of users prioritize ease of
remembering passwords over the strength of their passwords, compromising their account
security.

The paper underscores the need for comprehensive user education regarding password security.
Changing users' behaviors and instilling a better understanding of the importance of strong,
unique passwords is crucial. By addressing these issues, organizations and individuals can
significantly enhance their overall cybersecurity posture and protect against potential breaches.

The Revenge of Password Crackers: Automated Training of Password

Cracking Tools: Di Campi, Alessia & Focardi, Riccardo & Luccio, Flaminia.
(2022)

This paper addresses the challenge of password security, where users often choose easily
remembered but weak passwords. In response, attackers use password cracking tools like
hashcat and John the Ripper to efficiently guess and match these weak passwords through
various techniques. However, recent research has shown that machine learning models can
potentially outperform traditional cracking tools in terms of success rate by creating more
sophisticated password models.

To enhance the performance of password cracking tools, this paper proposes a new approach.
The research involves a systematic and thorough analysis of different cracking strategies and
 suggests a combination of techniques that can be trained and tested using a dataset comprising
over 700 million real passwords.

Key findings and contributions of this research include:

Improved Success Rate:
By employing the proposed approach, the success rate of password cracking tools can be nearly
doubled, making them more effective in recovering passwords.

Ethical Considerations: The techniques and methods developed in this study are general and
repeatable, providing a benchmark for future research on password guessing. However, ethical
constraints are acknowledged and adhered to in the research.

In summary, this paper highlights the ongoing challenge of weak passwords chosen by users
and the efficiency of password cracking tools. It presents a novel approach that significantly
improves the success rate of these tools, thereby emphasizing their continued relevance in the
field of password security and providing a valuable benchmark for future research.

A Novel Dictionary Generation Methodology for Contextual-Based Password

Cracking: A. Kanta, I. Coisel and M. Scanlon (2022)

This paper addresses the enduring relevance of passwords as a digital authentication method,
despite the emergence of alternative authentication methods over the past 50 years. Passwords
remain intricately connected to their creators, making them a valuable target for advanced
techniques used in password cracking. These techniques often rely on large datasets of human-
created passwords.

Recent research has highlighted the significance of the context in which users select their
passwords. This context can play a crucial role in the password selection process, especially for
specific users or groups. However, there is a lack of automated approaches that can extract and
utilize contextual information during the password cracking process.

The paper introduces a methodology and framework designed to create custom dictionary word
lists for dictionary-based password cracking attacks. The primary focus is on leveraging
contextual information encountered during a criminal investigation. The framework's
implementation is detailed, and the paper demonstrates the benefits of this approach using test
cases.
Key contributions and findings of this research include:

1. Password Relevance: Despite the evolution of authentication methods, passwords remain

a relevant and widely used form of authentication.

2. User-Centered Approach: Recognizing the strong connection between users and their
passwords, this research emphasizes the influence of context on password selection.

3. Contextual Password Cracking: The paper introduces a framework that enables the
extraction and utilization of contextual information during the password cracking process.

4. Implementation Details: The framework's implementation is thoroughly explained,

providing insights into how it can be applied in practice.

5. Demonstrated Benefits: Test cases are used to illustrate the advantages and benefits of the
proposed approach.

In summary, the paper contributes to the ongoing discussion about the significance of
passwords in authentication. It highlights the potential of leveraging contextual information in
password cracking and offers a methodology and framework to achieve this goal. This research
is especially relevant in the context of criminal investigations where targeting specific users or
groups may require a deeper understanding of their password selection habits.

Cryptographic Hashing Function for Password Security: Yashashmi, Pamudi

& Wickramarathne, K & Wanigathunga, Vimukthi. (2022).

This paper underscores the vital role of passwords in safeguarding the privacy and security of
users and organizations. Passwords serve as the primary means of protecting several types of
critical data, making their security a paramount concern in today's digital landscape. To enhance
password security, cryptographic hashing functions are widely employed.

Key points and objectives of this study include:

1. Password Security Significance: Recognizing that passwords play a pivotal role in

securing sensitive data and information for both individual users and organizations.
2. Cryptographic Hash Functions: Focusing on the analysis and understanding of
cryptographic hash functions as a key mechanism for password security.

This study delves into the importance of cryptographic hash functions in the context of
password security and explores the various techniques and best practices associated with
password protection, including the use of salts, peppers, and different hashing algorithms.
Cryptography plays a vital role in enhancing password security and data protection, making it a
crucial field for understanding and research.

Evaluation of the security of password protected encrypted RAR3 and RAR5

archives: E. Krupalija, S. Mrdovic, E. Cogo, I. Prazina and S. Becirovic (2022)

This study delves into the security of encrypted RAR (Roshal Archive) archives, and the
various methods employed for their decryption. RAR archives are widely used for compressing
data and securing it with a password before transferring it over networks. The research focused
on testing the effectiveness of brute force and dictionary attacks on password protected RAR3
and RAR5 archives, using datasets containing randomly generated and real-world user
passwords.

Key findings and contributions of this work include:

1. Brute Force and Dictionary Attacks: The study attempted to decrypt password protected
RAR archives using both brute force and dictionary attacks, which are common techniques used
by attackers.

2. Resistance of Randomly Generated Passwords: RAR archives protected with randomly

generated passwords, even of small length, proved highly resistant to both brute force and
dictionary attacks.

3. Partial Success with Real-World Passwords: Brute force attacks partially succeeded in
cracking RAR archives protected with real-world user passwords, while dictionary attacks were
notably more successful.
4. Comparison of RAR3 and RAR5: The success rates and processing times for RAR3 and
RAR5 archives were found to be similar. This indicates that the newer RAR5 format does not
significantly enhance data security.

5. Recommendation for Improved Security: The study suggests that increasing the security
of RAR archives is achievable by using longer passwords that resemble randomly generated
data and are not commonly found in dictionaries.

In summary, the research underscores the importance of strong and unique passwords for
securing RAR archives effectively. While RAR archives with randomly generated passwords
were highly resistant to attacks, those protected with real-world passwords were more
vulnerable. This highlights the significance of user behavior and password choice in data
security. Additionally, the findings suggest that the newer RAR5 format does not enhance data
security compared to RAR3.

PCWQ: A Framework for Evaluating Password Cracking Wordlist Quality:

Kanta, Aikaterini & Coisel, Iwen & Scanlon, Mark. (2022)

This paper addresses the persistent use of single passwords as a means of authentication,
leading to increased efforts by system administrators to encourage users to select stronger and
safer passwords. Simultaneously, adversaries have adopted more sophist icated password
cracking methods. The paper emphasizes the need to assess and measure the quality of input
wordlists used in password cracking.

Key points and contributions of this paper include:

1. Password Security Landscape: The paper highlights the enduring reliance on single
passwords for authentication and the resulting challenges for administrators and attackers.

2. Wordlist Quality Assessment: The research introduces a novel modular framework

designed to evaluate the quality of input wordlists. These wordlists are a critical component in
password cracking.

3. Interconnecting Metrics: The framework incorporates several interconnecting metrics to

assess the quality of wordlists comprehensively.
4. Preliminary Analysis: The paper conducts a preliminary analysis, where different input
wordlists are evaluated to demonstrate the framework's assessment process.

5. Keywords: The study is centered around keywords related to password cracking,

wordlists, dictionaries, and the importance of contextual information.

This paper contributes to the ongoing discussion of password security by introducing a

framework to evaluate the quality of wordlists, an essential aspect of password cracking. By
assessing wordlists using various metrics, the research aims to provide a va luable tool for
administrators, security professionals, and researchers in enhancing password security practice
 CHAPTER - III
EXISTING METHOD

3.1 EXISTING METHODOLOGIES

Password cracking involves various techniques and tools that are employed to reveal or guess
the password of a system or account. These methodologies can be broadly classified into three
categories: offline attacks, online attacks, and social engineering.

Offline attacks involve the analysis of password hashes obtained from a system or database.
Techniques like brute-force attacks, dictionary attacks, and rainbow table attacks are commonly
employed in this method. Brute-force attacks involve systematically trying every possible
combination of characters until the correct password is found. Dictionary attacks leverage pre-
existing lists of commonly used passwords or words and attempt to match them with the
password hash. Rainbow table attacks use precomputed tables that map password hashes to
their plaintext values, thus allowing for faster password retrieval.

Online attacks involve directly accessing the target system or account and trying various
passwords until the correct one is found. This approach is typically used when the system
allows multiple login attempts without locking out the user. Online attacks include methods
such as login guessing, shoulder surfing (observing the target user's password entry), and
keystroke logging.

Social engineering attacks exploit human vulnerabilities to gather information or manipulate

individuals into revealing their passwords. Techniques like phishing, impersonation, and baiting
are commonly used in social engineering attacks. Phishing involves creating deceptive websites
or emails that mimic legitimate ones to trick users into entering their credentials. Impersonation
involves posing as a trusted individual or authority to deceive the target user into divulging their
password. Baiting involves leaving physical or digital "bait" such as USB drives infected with
password-stealing malware, hoping that the target user will use it and unknowingly compromise
their password.
3.2 Password Cracking Techniques

There are five main types of password cracking techniques: Dictionary attack, Brute Force
attack, Hybrid attack, Rainbow tables attack and social engineering attack.

1. Dictionary Attack:
- In a dictionary attack, hackers use a wordlist, often containing commonly used
passwords, to attempt to gain access to a system.
- The wordlist typically includes passwords sourced from various public lists and is easily
accessible online.
- "rockyou.txt" is a common example of a widely used wordlist.

Fig 1.1 Working of Dictionary Attacks

2. Brute Force Attack:

- In a brute force attack, attackers systematically try every possible combination of
characters, such as letters, numbers, and symbols, to guess the correct password.
- This method is faster for shorter passwords but becomes increasingly time-consuming and
resource-intensive for longer password
 Fig1.2 Working of Brute Force Attack

3. Hybrid Attack:
- A hybrid attack combines elements of both dictionary and brute force attacks.
- It involves using a list of possible passwords, similar to a dictionary attack, and then
attempting all possible combinations using the passwords from the list, resembling a brute force
attack.
- Hybrid attacks can be computationally intensive, particularly if the list of possible
passwords is extensive.

4. Rainbow Tables Attack:

- Rainbow tables are precomputed tables used to reverse cryptographic hash functions.
- Attackers can benefit from rainbow tables because they allow for efficient cracking of
password hashes.
- The number of links in each chain in the table determines the number of passwords covered.
- One limitation is that rainbow tables are not optimized for general passwords, as they do
not allow for the selection of captured passwords.

5. Social Engineering Attack:

- Social engineering attacks exploit human interactions and trust to gain unauthorized access
to sensitive information or critical resources.
- Attackers follow multiple steps, including getting to know the victim, identifying points of
entry, gaining the victim's trust, and obtaining knowledge of sensitive information.
- Once trust is established, attackers leverage this knowledge to access critical resources or
systems.
 Some other password attacks include:
​ Phishing:
Phishing stands out as one of the prevailing techniques for stealing passwords in use today, and it
is frequently employed in various forms of cyberattacks. Grounded in social engineering strategies,
its effectiveness relies on the ability to trick a target with information that appear legitimate while
carrying out malicious intentions. Phishing usually involves the sending of an email to a recipient
with the intent of tricking that person into clicking on a malicious link or downloading malware.

​ Network Analyzer:
Network analyzers are instruments that enable hackers to observe and intercept data packets
transmitted across a network and extract plaintext passwords contained within them.

This kind of attack necessitates the deployment of malware or physical access to a network
switch, but it can yield significant results. It does not hinge on exploiting system vulnerabilities
or network flaws, making it applicable to a wide range of internal networks. It is also typical to
employ network analyzers as an initial step in an attack, often followed by brute force attacks.

​ Mask attack:
A mask attack reduces the workload of a brute force attack by including part of the password a
hacker already knows in the attack. If a hacker knows your password has 10 characters, for
example, they can filter the attack for passwords of only that length.
Mask attacks can filter by specific words, numbers within a certain range, special characters the
user prefers, or any other password characteristics the hacker is confident about. If any of your
data is leaked, it makes you more vulnerable to a full-on breach

​ Spidering:
Spidering is when hackers crawl a company's social media accounts, marketing campaigns, or
other corporate material to gather a word list for a brute force or dictionary attack. Spidering can
become social engineering when hackers infiltrate businesses for physical handbooks and
training manuals full of keywords.

​ Shoulder surfing
Shoulder surfing is a social engineering technique of spying over someone's shoulder as they
enter login details. Shoulder surfing is a common way to discover ATM PINs, which is why
most people are wary of their surroundings while taking out money.
But hackers can also shoulder surf your email for password cracking intel or watch your
keystrokes as you tap away at an internet cafe.
 Password guessing

When all else fails, cybercriminals can collaborate as an effective password-guessing collective.
A hacker hivemind is far superior to a single human’s powers of memory. In today’s global
network, it takes only a few clicks and a little know-how to get details on any internet user. And
with modern password cracking tools and tech at their fingertips, it’s only a matter of time
before a patient password guesser cracks an unsecure password.

These password cracking techniques are part of the arsenal used by malicious actors to
compromise security and gain unauthorized access to systems and data. Security measures and
user awareness are essential in mitigating the risks associated with these techniques.

3.3 Password Cracking Tools

A well-structured password-based authentication system doesn't retain the user's actual

password to enhance security. Storing the actual password would create a significant
vulnerability, as it could be exploited by hackers or malicious insiders to access all user
accounts on the system.

Instead, authentication systems store a password hash, which is generated by subjecting the
password and a randomly generated value known as a salt to a hash function. Hash functions are
engineered to be one-way, making it extremely challenging to deduce the original input from a
given output. Furthermore, hash functions are deterministic, meaning that the same input always
yields the same output. Therefore, comparing the stored password hash with the hash of the
password provided by a user is nearly as effective as comparing the actual passwords
themselves.

Password cracking involves the process of recovering passwords from their corresponding
password hashes.

Some of the most commonly used password-cracking tools are:

i. John the Ripper

John the Ripper is a slow password cracker - initially, it was meant for UNIX. However, with
time, it became more versatile, and now it is implementable on windows, OpenVMS and MAC
OS. Its primary purpose is to detect weak Unix passwords. This tool is available for free and
supports both Brute Force and dictionary attacks. It is a time-consuming password cracking
tool.
ii. THC Hydra

THC Hydra is a password cracking tool that can perform extremely fast dictionary attacks
against more than fifty protocols like HTTP, HTTPS, FTP, etc. It is a fast and stable Network
Login Hacking Tool which uses a dictionary or brute-force attacks to try various password and
login combinations on a login page. This tool was developed by Van Hauser and is easily
available online at GitHub where all its newest releases are frequently updated. It is a fast and
flexible password cracker.

iii. Rainbow Crack

Rainbow Crack is a hash cracker tool that makes use of a large-scale time-memory trade-off. A
common Brute Force attack tries every possible plaintext one by one, which is time consuming
for complex passwords, but this tool uses a time memory trade-off to do an advance cracking
time computation and store results in “rainbow tables.” Password crackers take a long time to
precompute tables, but this tool is hundreds of times faster than a Brute Force once it finishes
the precomputation. This attack generates all possible plaintexts and calculates the
corresponding hashes. Then it compares the calculates hashes with the hash to be decrypted.
when the hashes match each other, the plaintext is found. It is available for Windows, Linux
operating systems and runs on both command line and user interfaces. It also supports
computing on a multicore processor.

iv. Cain and Abel

Cain and Abel is a password recovery tool exclusive to windows. It allows easy recovery of
various kinds of passwords by sniffing the network; cracking encrypted passwords using
Dictionary, Brute-Force, Cryptanalysis attacks and network packet sniffing. It relies on an IP to
MAC address resolver, ARP spoofing, and LSA secret dumper. It is used for WEP cracking,
and it provides us with a facility to record VoIP. It speeds up the packet capture speed by
wireless packet injection.

v. Medusa

Medusa is a password cracking tool which can be used in Linux and MAC OS X operating
systems. This tool focuses on cracking passwords by Brute Force attack. It can perform rapid
attacks against a large number of protocols, for example, TELNET, HTTP, HTTPS, databases,
and SMB. It uses a thread based parallel testing, which can be used on multiple hosts at once.
This tool has different modules, and each is available as an independent file.
vi. Hashcat:

An immensely powerful free cracking tool for Windows, OSX, and Linux. It features a rule
based attack system and multi-threading for very fast performance. Hashcat supports a long
range of hashes and can perform the attack in numerous ways such as dictionary and brute-
force.

vii. Ophcrack

It is a free open-source program that cracks Windows log-in passwords by using LM hashes
through rainbow tables. The program includes the ability to import the hashes from a variety of
formats, including dumping directly from the SAM files of Windows. On most computers,
ophcrack can crack most passwords within a few minutes.
 CHAPTER - IV
PROPOSED SYSTEM

4.1 Proposed System

The purpose of this project is to implement a Dictionary Attack using John the Ripper to
crack password hashes obtained from a website’s database using sqlmap. The open-source
password security assessment and password recovery tool known as "John the Ripper" is an offline
password cracking tool. It is compatible with a wide range of operating systems. It can be used to
work with user passwords on Unix-based systems like Linux, Solaris, AIX, QNX, as well as
macOS, Windows, web applications such as WordPress, groupware systems like Notes/Domino,
and various database servers including SQL and LDAP. Additionally, John the Ripper jumbo
version extends its support to capture network traffic data (e.g., Windows network authentication
and WiFi WPA-PSK), decrypt encrypted private keys (such as SSH, GnuPG, and cryptocurrency
wallets), handle various file systems and disk encryption methods (e.g., macOS.dmg files,
Windows BitLocker), unpack archives (ZIP, RAR, 7z), and even crack passwords for document
files like PDFs and Microsoft Office documents, among many other supported applications and
formats. This is just a glimpse of its extensive capabilities, as it supports numerous more scenarios
and formats.

To compromise a password, an attacker must attempt numerous combinations to discover the

correct one. They employ thousands or even millions of potential words or character strings in
their attempts. However, there's no guarantee that any of these countless permutations will yield
success. A wordlist is a compilation of various character combinations, and a potent wordlist is
essential for attempting to crack a password or its hashed representation.

4.2 Dictionary Attack

A dictionary attack is a method used to gain unauthorized access to a password-protected
computer, network, or other IT resource by systematically trying every word in a dictionary as a
potential password. It can also be employed to attempt to discover the decryption key needed to
unlock an encrypted message or document.

Dictionary attacks are effective because many computer users and organizations often opt for
easily guessable passwords composed of common words. They are less likely to succeed against
systems that use multi-word passwords or passwords with a combination of uppercase and
lowercase letters and numbers in random sequences.

In cases where systems enforce robust password requirements, a brute-force attack, which tests
every possible character combination and space up to a maximum length, may occasionally work.
However, brute-force attacks can be time-consuming and may not yield results quickly.
4.2.1 Significance of Dictionary Attacks:

Efficiency: Dictionary attacks are efficient because they don't involve generating every possible
combination of characters, which would be extremely time-consuming and resource-intensive

Real-World Relevance: Passwords chosen by many users are often weak and predictable, such as
common words, phrases, or easily guessable patterns.

Speed: Since dictionary attacks only involve testing a finite list of possibilities, they are relatively
fast compared to other methods like brute force attacks, which systematically generate every
possible combination of characters.

Customization: Attackers can customize their wordlists to target specific users, industries, or
applications.

Dictionary attack process:

1. Acquire a Wordlist: The first step is to obtain a wordlist. This wordlist typically contains
common words, phrases, and character combinations. It may include words from dictionaries,
previously leaked passwords, common phrases, and variations of words with character
substitutions (e.g., "password" as "p@ssw0rd").

2. Select the Target: The attacker identifies the target system, network, or account they want to
access. They may gather information about the target, such as usernames and any clues that could
help guess the password.

3. Attempt Passwords: The attacker then starts the attack by systematically trying each word or
phrase from the wordlist as the password for the target account. They may also apply rules or
modifications to the words, such as adding numbers, symbols, or changing the letter case.

4. Check for Success: After each attempt, the attacker checks whether the attempted password is
correct by comparing it to the stored or hashed password on the target system. If a match is found,
the attacker gains access to the account or system.

5. Repeat: The process continues until the attacker successfully guesses the password or exhausts
the entire wordlist without success. If the attack is unsuccessful, the attacker may try different
wordlists or employ additional techniques, such as hybrid attacks or brute force, to increase their
chances of success.

6. Maintain Anonymity: To avoid detection, attackers often use techniques to hide their identity
and location, such as routing their attacks through proxy servers or using anonymous networks like
Tor.
7. Log and Analyze: Successful attacks may yield valuable data, such as sensitive information or
access to the target system. Attackers may log this information for further exploitation or analyze
the results for weaknesses in the system's password security.

It's important to note that dictionary attacks are most effective when users have weak, easily
guessable passwords. To defend against dictionary attacks, users and organizations are advised to
use strong, unique passwords that include a combination of letters, numbers, and special
characters, and to implement other security measures like account lockout policies and multi-factor
authentication (MFA) to protect against unauthorized access.

Fig 1.3 Dictionary Attack Process

4.3 John the Ripper

John the Ripper, often simply referred to as "John," is a widely used and highly effective password
cracking tool. It is designed to help security professionals, penetration testers, and system
administrators assess the strength of passwords and improve overall security by identifying weak
or easily guessable passwords. John the Ripper is known for its versatility and speed in cracking
password hashes.

Here are some key features and aspects of John the Ripper:

1. Password Hash Cracking: John the Ripper primarily focuses on cracking password hashes. It
supports a variety of hash algorithms commonly used in password storage, including MD5,
SHA-1, SHA-256, bcrypt, and more. This allows it to work with password databases from a wide
range of applications and operating systems.

2. Wordlist and Rule-Based Attacks: John the Ripper utilizes various attack modes to crack
passwords. It can perform dictionary attacks, where it tries each word in a wordlist against the
hashes, and it also supports rule-based attacks that modify words and try different combinations to
improve the chances of success.

3. Dynamic and Custom Rules: Users can define their own custom rules to generate password
candidates. This flexibility allows for fine-tuning attacks based on specific knowledge about the
target audience and their password-creation habits.

4. GPU Acceleration: John the Ripper can take advantage of GPU (Graphics Processing Unit)
acceleration, which significantly increases the speed of password cracking, especially when
dealing with a large number of hashes.

5. Community-Developed Versions: There are multiple versions of John the Ripper developed by
the community, such as "John the Ripper Jumbo" and "community-enhanced John the Ripper."
These versions include additional features and support for more hash types.

6. Support for Multiple Platforms: John the Ripper is available for various platforms, including
Linux, Windows, macOS, and more. It can be run on a wide range of systems.

7. Password Policy Assessment: John the Ripper can help assess password policies by revealing
common patterns and weaknesses in password choices. This information can be valuable for
improving security practices.

8. Salts and Unsalted Hashes: John the Ripper supports cracking both salted and unsalted password
hashes. Salting is a common practice to enhance security, and John can handle various salted hash
types.

John the Ripper has a long history and continues to be actively maintained by the security
community. It remains a valuable tool for testing and enhancing password security in various
environments.
4.3.1 John the Ripper Process Flow

John the Ripper is a powerful open-source password cracking tool used to crack various types of
password hashes. Its workflow involves several key steps, and here's a high-level overview of the
process flow when using John the Ripper:

1. Data Gathering:
- Gather the hashed passwords: Obtain the hashed password files from the target system or
database. These files contain hashed representations of user passwords.

2. Wordlist Creation or Selection:

- Create or select a wordlist: You can either create a custom wordlist containing potential
passwords or use existing wordlists that come with John the Ripper or from other sources. The
quality and diversity of the wordlist play a crucial role in the success of the attack.

3. Configuration:
- Configure John the Ripper: Specify the target hashing algorithm, hash type, and any additional
options based on the characteristics of the hashed passwords and your objectives.

4. Password Cracking:
- Execute the password cracking process: Run John the Ripper with the configured settings,
providing the hashed password file and the wordlist. John the Ripper will systematically test each
word or phrase from the wordlist against the hashed passwords using the selected algorithm.

5. Rule-Based and Hybrid Attacks:

- Optionally, you can enhance the attack using rule-based or hybrid attacks. These methods allow
you to apply various rules to the words in the wordlist, such as adding numbers, symbols, or
changing letter cases. This increases the chances of cracking passwords that have been slightly
modified.

6. Cracking Success:
- When John the Ripper successfully matches a hashed password with a word from the wordlist,
it will display the cracked password. The time it takes to crack passwords depends on various
factors, including the complexity of the passwords and the computing power available.

7. Logging and Analysis:

- You can log the results of the cracking process, which can provide valuable insights into the
security of the target system. Analyzing the results may reveal weak or commonly used passwords
and help improve password security practices.

8. Password Recovery:
- Once the passwords are cracked, the attacker can use the recovered passwords to gain
unauthorized access to user accounts, systems, or encrypted data.
9. Post-Processing and Persistence:
- Attackers may use additional tools or techniques to maintain access to the compromised
systems or perform further actions, such as privilege escalation or data exfiltration.

Fig 1.4 John the Ripper Process Flow

4.4 SQLMAP

sqlmap is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers.

Features of sqlmap are:

● Support to directly connect to the database without passing via a SQL injection, by
providing DBMS credentials, IP address, port and database name.
● Support to enumerate users, password hashes, privileges, roles, databases, tables and
columns.
● Automatic recognition of password hash formats and support for cracking them using a
dictionary-based attack.
● Support to dump database tables entirely, a range of entries or specific columns as per user's
choice. The user can also choose to dump only a range of characters from each column's
entry.
● Support to search for specific database names, specific tables across all databases or specific
columns across all databases' tables. This is useful, for instance, to identify tables containing
custom application credentials where relevant columns' names contain string like name and
pass.
4.5 IMPLEMENTATION

1) Wordlist Generation
To get started, open up a terminal. Crunch is already installed and ready to go on Kali, so
you can just run it.

Fig 1.5 Generating wordlist using crunch

Crunch <min> <max> [options] -o (filename)

● Where min and max are numbers.
● Options denote the character set, output, etc.
● -o signifies a fixed pattern and length of words to generate
● Filename is the file where the wordlist will be saved after creating.

2) Custom Rules Generation

Open root terminal and navigate through etc/john/john.conf
 Fig 1.6 Navigating through the john configuration

Vim /etc/john/john.conf
● Vim is the text editor through which we will be adding rules
● etc/john/john.conf is the location of the file that contains settings and options that can be
customized

Fig 1.7 Creating Custom rules to crack password hashes

[List.Rules: Customrule]
● List.Rules is a section header in the configuration file, defining a specific rule set. It's a way
to organize and manage different rule sets.
● Customrule is the name or identifier for the specific rule that was created
● cAz “[0-9]” means capitalize the first letter and add a number suffix.
 ● cAz “[£!$@#]” means to capitalize the first letter and add a character.
● Az is to take the root word and affix something to the end

4.5.1 SQLMAP Implementation

1) Starting mysql
docker run --rm -it -p 80:80 vulnerables/web

Fig 1.8 Starting the sql and apache server

2) Go to the web browser and open the website

Fig 1.9 Login page

3) Search for a user

Fig1.10 Searching for a user

4) User not found.

Fig 1.11 User not found

5) Right click and select inspect
It is a Get request with parameters in the URL and a cookie.

Fig 1.12 Inspecting the network requests

6) Open terminal and enter the following command

Fig 1.13 command line to retrieve database

sqlmap -u “URL” --cookie=“cookies” --tables

● sqlmap is the command to invoke sqlmap
● -u “URL” is the target url. Copy and paste the url.
● --cookie= “cookies” is used to provide the cookie data that is associated with the
target URL.
● --tables option instructs SQLMap to enumerate and retrieve the database tables once it
has found a SQL injection vulnerability
 Fig 1.14 Retrieved database

Found a database with 2 tables: guestbook and user

7) Now, we will take a look at the columns

Fig 1.15 command line to retrieve table user

 sqlmap -u “URL” --cookie=“cookies” --columns -T users --batch
● --columns option is used to instruct SQLMap to enumerate and retrieve the columns
of a specific database table.

● -T users specifies the target database table for which you want to enumerate the
columns. In this case, it is looking for columns in a table named "users."

● --batch option tells SQLMap to run in batch mode, which means it will automatically
choose default options for the scan without prompting you for further input. This can
be useful for automating scans.

Fig 1.16 Retrieved columns from table users

8) Next, enter the command line to get the dump

Fig
1.17 Command line to get the dump
 Ssqlmap -u “URL” --cookie=“cookies” -D dvwa -T users -C user, password, first_name,
last_name
● -D dvwa specifies the name of the database you want to target. In this case, it's
targeting a database named "dvwa."

● -T users specifies the name of the database table you want to target. It's looking for a
table named "users."

● -C user,password,first_name,last_name specifies the columns you want to retrieve

from the "users" table. It's asking SQLMap to retrieve data from the "user,"
"password," "first_name," and "last_name" columns.

Fig 1.18 Obtained user table

As shown above we have obtained the data of the user, password, first name and last name from
the table “users”
 9) Store the hash values in a text file

Fig 1.19 Storing the obtained hash values in a txt file

4.5.2 John the Ripper Implementation

1) Hash Identifier

Fig 1.20 Command to identify the format of the obtained hash value
hash-identifier
This command will help us identify the format of the hash value that was just obtained from
sqlmap dump. Different hash formats may require different amounts of computing resources and
time to crack. By knowing the format, you can allocate your computing resources more efficiently.
Above, we have a simple MD5 hash will be much faster to crack than a bcrypt hash, so we can
prioritize our cracking efforts accordingly.

2) Navigate to Desktop in the terminal and start password cracking using John the ripper

Fig 1.21 Navigating through the desktop and starting password cracking

cd Destop
It is short for "change directory." It's a command used in various operating systems and
command-line interfaces (like Windows Command Prompt, Linux shell) to navigate and change
the current directory.

john obtainedhashes.txt --format=Raw-MD5 –wordlist=rockyou.txt --rules=Customrule

● john is the command to invoke John the Ripper

● obtainedhashes.txt is the name of the file containing the password hashes.

● --format=Raw-MD5 refers to the format of the password that is about to be cracked

● --wordlist=rockyou.txt is specifying the wordlist or dictionary file being used for the
dictionary attack. "rockyou.txt" is a common wordlist that contains a large number of
passwords and is often used in password cracking.
● --rules=Customrule suggests that we want to apply custom rules during the password
cracking process. Custom rules can be used to manipulate the words in the wordlist to
generate additional password variations.

3) Show the cracked passwords

Fig 1.22 Results of the cracked passwords

John --show --format=Raw-MD5 obtainedhashes.txt

● --show option is used to instruct John the Ripper to show the cracked passwords once
it successfully cracks them. It's a way to display the results of the password cracking
process.

● --format=Raw-MD5 specifies the format of the hashes you're trying to crack.

● obtainedhashes.txt is the name of the file containing the password hashes you want to
crack
4) Logging in to dvwa using the obtained username and cracked password

Fig 1.23 Logging in using the obtained username and cracked password

Fig 1.24 Obtained Username and Passwords

5) Successfully logged in as the user “gordonb”

Fig 1.25 Successful Login using the obtained username and password
 CHAPTER - V
RESULTS AND DISCUSSION
5.1 Result

As a result, employing these two techniques, it becomes evident that password hashes can be
readily uncovered using these tools. Thus, there's a compelling need to employ them for enhancing
the security of different file passwords as well as with a high level of confidentiality.

5.2 Analysis of Findings from the Dictionary Attack:

1. Successful Password Recoveries: The dictionary attack using John the Ripper was able to
recover a significant number of passwords from the target password file. These passwords were
obtained by matching entries in the dictionary (wordlist) with the hashed passwords in the file.

2. Password Complexity: The effectiveness of the attack varied depending on the complexity of the
passwords in the target file. Simple and commonly used passwords were more likely to be
recovered, while complex and unique passwords were less susceptible to dictionary attacks.

3. Time and Resources: The time taken to execute the dictionary attack depended on the size of the
wordlist, the computational resources available, and the number of hashes to crack. Longer and
more complex passwords required significantly more time to recover.

5.3 Effectiveness of the Attack in Terms of Password Recovery:

1. Success Rate: The success rate of the dictionary attack was notable, particularly for passwords
that were weak, short, and commonly used. Many users tend to choose easily guessable passwords,
making them vulnerable to such attacks.

2. Limitations: The attack had limitations in recovering passwords with high complexity, including
a mix of upper and lower case letters, numbers, and special characters. These complex passwords
are less likely to be found in standard dictionary wordlists.

3. Rule-Based Attacks: To enhance the effectiveness of dictionary attacks, rule-based attacks can
be applied. These rules modify words from the wordlist to generate variations, potentially
improving the success rate for more complex passwords.
5.4 Implications for Password Security:

1. Weak Passwords are Vulnerable: The results of the dictionary attack highlight the vulnerability
of weak passwords. Users who choose easily guessable passwords, such as "password" or
"123456," are at a high risk of having their accounts compromised.

2. Password Policies are Vital: Organizations and online services must implement and enforce
robust password policies. These policies should encourage users to create strong, unique passwords
with a mix of character types and regular password changes.

3. Password Length Matters: Password length is a significant factor in password security. Longer
passwords are more resilient to dictionary attacks, as they are less likely to be found in wordlists.

4. Multi-Factor Authentication (MFA): To mitigate the risks associated with password cracking,
the implementation of multi-factor authentication is crucial. MFA adds an extra layer of security by
requiring users to provide additional forms of verification beyond a password.

5. User Education: User awareness and education play a vital role in improving password security.
Users should be informed about the risks of weak passwords and guided on creating and managing
strong, unique passwords.

6. Regular Password Changes: While regular password changes are important, organizations
should balance this requirement with other security measures, as frequent password changes can
lead to weaker passwords.

The findings of the dictionary attack underscore the importance of robust password security
measures. Weak passwords are highly susceptible to attacks, and organizations and users must take
steps to strengthen password security, including the use of strong, complex passwords, regular
password changes, and the adoption of multi-factor authentication to protect against
password-based attacks.
PREVENTIONS

● Avoid using short or easily guessable passwords.

● Refrain from using passwords that consist solely of letters.

● Do not share your password with anyone while accessing your files.

● Exercise caution when downloading applications from cloud-based websites.

● Avoid installing apps that have the "unknown resources enabled" option.

● Employ antivirus software on your mobile device to monitor its activity.

● Be vigilant and refrain from clicking on random links. Never download unwanted APK files
from unknown sources.

● Always verify the source of a file to ensure its legitimacy.

● Create passwords that include a combination of numbers, letters, and symbols for enhanced
security.
 CHAPTER - VI
CONCLUSION
In conclusion, the John the Ripper framework is a powerful tool for assessing password security
and can be valuable in evaluating the vulnerabilities of password-protected files and remote
workstations. In light of the growing need for addressing system and file vulnerabilities, it offers
significant insights into these vulnerabilities and the associated risks. The framework encompasses
a wide array of tools and techniques, which can be combined in various ways to perform over 900
distinct attacks, thereby enhancing the overall understanding of the security landscape. According
to the project that was done, it is surprisingly easy to crack passwords that do not follow password
policies.