Password Cracking Counter Measures

• An organization can use the following methods to reduce the chances of the passwords been cracked

  • Avoid short and easily predicable passwords
  • Avoid using passwords with predictable patterns such as 11552266.
  • Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
  • Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going to crack Windows account with a simple passwordWindows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

  • Dictionary attack
  • Brute force
  • Cryptanalysis

 

Password cracking steps

 

 

 

 

 

 

 

  • Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
  • If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.
  • Password cracking is the art of recovering stored or transmitted passwords.
  • Password strength is determined by the length, complexity, and unpredictability of a password value.
  • Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
  • Password cracking tools simplify the process of cracking passwords.

Comments

Post a Comment

Hello,

Thank you for reading blogs and your lovely comment. We hope you like this blogs.

Have a nice day!

Again Thanks,
Rk Thakur

Popular posts from this blog

Hacker

•  A hacker may refer to any of the following: Computer hacker1. A hacker is a term that first started being used in the 1960s and described a programmer or someone who hacked computer code. Later the term evolved into an individual who had an advanced understanding of computers, networking, programming, or hardware, but did not have any malicious intents. In 1981, Ian Murphy, also known as "Captain Zap", became the first hacker to be convicted of hacking. He hacked into the AT&T computer network and modified the billing rates system, changing the internal clocks so that cheaper late-night rates were billed to customers during mid-day hours. Today, a malicious hacker is usually referred to as a malicious user, black hat, or criminal hacker, which describes any individual who illegally breaks into computer systems to damage or steal information. Some people who consider themselves leet may refer to themselves as a leet haxors, h4x0rs, or HaXXorZ. However, often these users...
Read more

What constitutes ethical hacking?

  For hacking to be deemed ethical, the hacker must obey the following rules: 1.        Expressed (often written) permission to probe the network and attempt to identify potential security risks. 2.        You respect the individual's or company's privacy. 3.        You close out your work, not leaving anything open for you or someone else to exploit at a later time. 4.        You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company. The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals or cyber criminals. However, the work that ethical hackers do for org...
Read more

Insecure Cryptographic Storage

●  Description Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. (*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm used to form the key should be available) Implication ·          By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. Vulnerable objects ·          Application database. Examples In one of the banking application, password database uses unsal...
Read more