Professional Documents
Culture Documents
INSPECTION
CRACKING THE CODE: THE ART OF PASSWORD CRACKING
• Introduction
• Alternate Deployment Schemes
• Password OpSec
• John the Ripper
• Implementation
• Cracking Passwords: Incremental mode Cracking, Markov mode Cracking
INTRODUCTION
• In today's digital age, passwords are a critical
component of cyber security. Passwords protect our
personal and sensitive information from falling into the
wrong hands. However, despite their importance,
passwords can be easily cracked by hackers who use
various techniques to gain unauthorized access to our
accounts.
• This is why understanding password cracking is crucial
for anyone who wants to stay safe online. By learning
about the methods used by hackers to crack passwords,
we can take steps to create stronger passwords and
better protect ourselves from cyber attacks.
ALTERNATE DEPLOYMENT SCHEMES
• We can follow some basic operations Security(OpSec) in choosing, managing and using passwords. The
principals are:
• 1.keep your system up to date
• 2.Do not use unique password of your primary e-mail account.Because Email accounts are a prime target for
theft.
• 3.Enable multifactor authentication whenever a web app offers support for it..
• 4.Avoid entering your credentials on public or shared computers.
• 5.Avoid authenticating to web apps when using public wifi.
• 6. Avoid any web site whose whose password recovery mechanism e-mails .
• 7.Choose a password that isn’t based on easily discoverable such as school names ,demographic details.
• 8.If use social media as the ID for other apps, follow same advice for your email password.
JOHN THE RIPPER
• John the ripper is one of the most versatile, fastest and popular password crackers
available.
• It supports password hashing schemes by many systems including unix, windows etc
• John cracking modes include specialized wordlists,the ability to customize the generation
of guesses based on character type and placement ,raw bruteforce(bruteforce is used to
crack passwords successfully)
• It runs on any operating system
IMPLEMENTATION
CRACKING PASSWORDS
• John is compiled and awaits for cracking a password. It recognized from os files like /etc/shadow
or dumped by tools like pwdump.
• john supports 150 hashing algorithms. Find by using –test option.
• Ex: john’s ability to guess the correct format for password entries.
1.Create a text file with windows.txt contain an entry “Ged” and “Arha”. They represent passwords
taken from windows system.
2.Run windows.txt $./john windows.txt….In which, the bruteforce attack is very quickly identify
password for Arha account is “Tenar”.
3. $./john --list=formats
4. $./john --list=format-all-details
• Ex: Take a look at unix.txt with ged and arha
• $ ./john unix.txt
• John’s incremental mode uses “charset” files and john.cof directives to control what kind of
guesses it performs(how many guesses and how long guesses will take to complete).
• John comes will several predefined incremental modes.
• Ex: we rename john.pot file with unix.txt and run a brute-force attack for passwords that have
only lowercase alphabetical characters. By default, the mode tries all combinations b/w one and
eight characters long.
• $mv john.pot john.pot.old
• $./john --incremental=Alpha unix.txt
For created custom file contains nine plaintexts and 50 unique characters.
• $./john --make-charset=custom.chr --pot=test.pot
MARKOV MODE CRACKING