Software Development Exam > Software Development Videos > Ethical Hacking using Kali Linux (in English) > Lesson 86 : Introduction To Password Cracking
Lesson 86 : Introduction To Password Cracking Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development
FAQs on Lesson 86 : Introduction To Password Cracking Video Lecture - Ethical Hacking using Kali Linux (in English) - Software Development
| 1. What is password cracking? |  |
Ans. Password cracking is the process of attempting to gain unauthorized access to a system or account by systematically guessing the correct password or by using various techniques to uncover the password. It is typically done by hackers or cybersecurity professionals to test the strength of passwords and identify vulnerabilities in systems.
| 2. How does password cracking work? | |
Ans. Password cracking involves various methods such as brute force attacks, dictionary attacks, and rainbow table attacks. Brute force attacks systematically try all possible combinations of characters until the correct password is found. Dictionary attacks use a pre-generated list of common passwords and try them one by one. Rainbow table attacks use precomputed tables to quickly match encrypted passwords with their plaintext equivalents.
| 3. Is password cracking legal? | |
Ans. In most cases, password cracking is illegal if done without proper authorization. It is considered a form of hacking and unauthorized access to systems or accounts is a violation of computer crime laws. However, password cracking can be legal and ethical when done by authorized individuals or organizations for security testing purposes or in the process of recovering forgotten passwords.
| 4. How can I protect my passwords from being cracked? | |
Ans. To protect your passwords from being cracked, it is important to follow best practices such as using strong passwords that are long, complex, and unique for each account. Additionally, enabling two-factor authentication (2FA) adds an extra layer of security. Regularly updating passwords and using password managers can also help in safeguarding your accounts.
| 5. What are the consequences of a successful password cracking attack? | |
Ans. A successful password cracking attack can have severe consequences, including unauthorized access to sensitive information, financial loss, identity theft, and privacy breaches. Hackers can exploit compromised accounts to carry out fraudulent activities, steal personal data, or gain control over systems. It is crucial to take password security seriously to prevent such incidents.
Text Transcript from Video
hey guys welcome to the next tutorial of
ethical hacking and penetration testing
we are Kali Linux and this is for the
advanced tutorial so I have already done
few tutorials related to ethical hacking
in penetration testing in my previous
version that the basics for Kali Linux
if you have not gone through that then I
would probably recommend going through
that reason being that if you don't want
to proceed with this course properly
then you need to know the basics for
that and you will only get that when you
go ahead and do the basics for
penetration testing that I have taught
you before so speaking about password
cracking including ones for will Linux
windows WEP WPA - that's for wireless
and even online passwords using THC
Hydra we can now void and crack any type
of passwords using Kali Linux now I
thought it might be worthwhile to begin
a series on password cracking in general
and password cracking is both an art and
a science and I hope to show you the
many ways and the subs' abilities
involved in this so we will start with
the basic principles of password
cracking that are essential to all
password cracking techniques followed by
some of the tools and technologies used
then one level I'll show you how to use
those principles and techniques
effectively to crack or capture will
types of passwords out there so the
first thing would be the importance or
and methods of password cracking
so a passwords are most widely okay just
let me go ahead and start up my vmware
okay so part of passwords are like most
widely used form of authentication
throughout the world let me just start
it okay a username and a password are
used on computer systems bank's accounts
ATMs and many more the ability to crack
password is an essential skill to both a
hacker as well as the faulty
investigator and whereas the false thing
investigator needs to hack the passwords
for accessing the suspects system hard
drive email account etc although some
passwords are extremely easy to crack
some may be extremely difficult as well
and in those cases the hacker or the
forensic investigator can either employ
greater computing
resources such as a botnet supercomputer
using the GPU or a si si etc or they can
look to obtain the passwords in other
ways and these ways might include in
secure storage in addition sometimes you
don't need a password to access the
password protected resources for
instance let's say for example if you go
ahead and replay a cookie session ID
care browse ticket and authenticated
session or other resources that
authenticates the user after the
password authentication you can access
the password protected resource without
ever knowing the password so if you want
me to make this more clear let me give
an example for that I'll just go ahead
and open the Facebook web page thank you
I believe this it's denied okay so I
still have other ways to access that let
me go ahead and just open this up let me
check if I will go ahead and access that
okay let's check okay
I cannot believe he warned me I won't be
able to he let me take to you to a gmail
account on Gmail probably I will be able
to allow login I believe are you perfect
so I'll go ahead and show you a few
different ways the first thing would be
actually going ahead and hacking the
password and it would can me through
like using the key logger or keystroke
login or the second thing would be to
actually go ahead and I get the hash
keys and convert that the md5 or sha-1
whichever it is the for the format ease
all we could actually go ahead and pick
the user by using social engineering or
this another way of cookie hijacking or
cookie stealing and okay hijacking means
stealing means that let's say for
example if I go ahead and access my
gmail account for once after that I
don't actually log out or let's say for
example I log out but over here when I
am logging in it will ask me to save the
password and I will say the password
so whenever next time I am playing
blogging it will automatically go ahead
and show me the passwords so getting
those cookies over the internet without
me accessing this computer is called as
cookie hijacking or cookie stealing so
as a tool there are different ways to
actually go ahead and do that so
sometimes these attacks can be much
easier than cracking a complex and a
long password I will do it as few
tutorials on actually how we can go
ahead and crack these passwords on
various replay attacks in the near
future and look look what specifically
for my upcoming tutorial on stealing the
Facebook cookie
so access someone's Facebook account you
can do that as well not only Facebook
but also Gmail and Yahoo or any kind of
other accounts it doesn't matter which
exactly until unless they are let's say
they're actually accessing their account
over the Internet
so let's start with the basics the first
thing would be the password storage in
general passwords are not stored in
clear text as rule passwords are stored
as hashes hashes are one-way encryption
that are unique for a given input and
these systems often use md5 or sha-1 to
the to hash the passwords so I'll just
go ahead and show you as to how
it exactly looks like mmm let me see
okay so I'll just go ahead and open this
just show you the image so this is how a
hash password looks like so this is the
actual stuff that's ABCD it's converted
into the hash one we have 1 2 0 and
that's again converted and this how it
looks like in total so it's just a
one-way encryption it cannot be
decrypted back but there are still ways
that we can go ahead and try to do
something else
so in Windows operating system passwords
on the local system are stored in this
Sam file while Linux towards them in /et
see slash shadow file so these files are
accessible only by someone with the root
or the system admin privileges in both
cases you can use a service or file that
has root our system admin privileges to
grab the password file X for example DLL
injection with Sam damned or DLL in
Windows and actually if you go to look
over my previous tutorials I have shown
you different ways as to how we can go
ahead and gather access to victims PC
and then go ahead and manipulate that
and by doing that you can also go ahead
and gather this and mTOR dll in Windows
and s of Linux I'll just go ahead and
show you exactly where the password is
file system EDC and this shadow this is
the one so this is exactly how it looks
like and the passwords are stored over
here and I believe these are the hash
keys for my password so I wouldn't be
actually going around doing some thing
to that because if I did I won't be able
to log in myself so the different types
of attacks to proceed with first reform
so the first type of attack is a
dictionary attack a dictionary attack is
the simplest and the fastest password
cracking attack to put it simply it just
runs through dictionary of words trying
each one of them to see if they work
also such an approach would seem impact
achill to do manually but computers can
do this very fast and run through
millions of words in just a few hours
and millions is more than enough
this should usually be your first
approach to attacking any password and
in some cases it can prove you
successful in just a few minutes because
normally people always keep the
passwords very easy let's say for
example route at 3 1 2 3 or admitted
thread 1 2 3 admin + 1 2 3 admin pound 1
2 3 or these are the different types of
attack or password at thread 1 2 3 and
when I say password the a will be
replaced by a trait and s will be
replaced by the dollar sign and a will
be replaced by zeros something like that
and these passwords are very easy to
crack even if you think that they are
not and that saw dictionary attack works
like and after that we have the rainbow
table most modern systems now store
passwords in hash this means that even
if you can get to the area or the file
that stores the password what you get is
an encrypted password as I showed you
just now over there in the ATC shadow
file one approach to cracking this
encryption is to take the dictionary
file and hash each word and compared to
the hashed password this is very time
and CPU consuming or intensive a faster
approach is to take a table with all the
words in the dictionary already hashed
and compare the hash from the password
file to your list of hashes if there is
a match you know yeah you know the
password then and after that we have the
brute force method brute force method is
the most time consuming approach to
password cracking it should always be a
last resort
brute force pass brute force password
cracking attempts it attempts all
possibilities of all the letters numbers
special characters this might be
combined for a password and attempts it
will attempt them as you might expect
the more computing horse power you have
the more successful you will be with
this approach so normally people don't
use this or they rarely use this that's
what I can say after we have the hybrid
a hybrid password attack is one that
uses a combination of dictionary words
with special characters numbers etc
often these hybrid attacks use
combination of dictionary words with
numbers appending and prepending them
and replacing letters with numbers and
special characters as I told you before
about the password P at the right dollar
dollar table use 0 rd 1 2 3
something like that and that's what a
hybrid attack is and there are also
commonly used passwords so as much as we
think each of us is unique and we do
show some common patterns of behavior
within our species that humans one of
these patterns is the words we choose
for passwords they are a number of word
lists that have been compiled a foreign
password in recent years many systems
have been cracked and passwords captured
from millions of users have been
destroyed and displayed to the whole
public by using these already captured
passwords you are likely to find at
least a few of the few on the network
that you're trying to hack so and that
would be it for this tutorial guys
because that's how exactly these are the
different ways as to how we can go ahead
and crack these passwords in the next
tutorial I'll continuing with the
password cracking strategy and the
software that we would be using to
actually go ahead and hack into some
specific systems
ethical hacking and penetration testing
we are Kali Linux and this is for the
advanced tutorial so I have already done
few tutorials related to ethical hacking
in penetration testing in my previous
version that the basics for Kali Linux
if you have not gone through that then I
would probably recommend going through
that reason being that if you don't want
to proceed with this course properly
then you need to know the basics for
that and you will only get that when you
go ahead and do the basics for
penetration testing that I have taught
you before so speaking about password
cracking including ones for will Linux
windows WEP WPA - that's for wireless
and even online passwords using THC
Hydra we can now void and crack any type
of passwords using Kali Linux now I
thought it might be worthwhile to begin
a series on password cracking in general
and password cracking is both an art and
a science and I hope to show you the
many ways and the subs' abilities
involved in this so we will start with
the basic principles of password
cracking that are essential to all
password cracking techniques followed by
some of the tools and technologies used
then one level I'll show you how to use
those principles and techniques
effectively to crack or capture will
types of passwords out there so the
first thing would be the importance or
and methods of password cracking
so a passwords are most widely okay just
let me go ahead and start up my vmware
okay so part of passwords are like most
widely used form of authentication
throughout the world let me just start
it okay a username and a password are
used on computer systems bank's accounts
ATMs and many more the ability to crack
password is an essential skill to both a
hacker as well as the faulty
investigator and whereas the false thing
investigator needs to hack the passwords
for accessing the suspects system hard
drive email account etc although some
passwords are extremely easy to crack
some may be extremely difficult as well
and in those cases the hacker or the
forensic investigator can either employ
greater computing
resources such as a botnet supercomputer
using the GPU or a si si etc or they can
look to obtain the passwords in other
ways and these ways might include in
secure storage in addition sometimes you
don't need a password to access the
password protected resources for
instance let's say for example if you go
ahead and replay a cookie session ID
care browse ticket and authenticated
session or other resources that
authenticates the user after the
password authentication you can access
the password protected resource without
ever knowing the password so if you want
me to make this more clear let me give
an example for that I'll just go ahead
and open the Facebook web page thank you
I believe this it's denied okay so I
still have other ways to access that let
me go ahead and just open this up let me
check if I will go ahead and access that
okay let's check okay
I cannot believe he warned me I won't be
able to he let me take to you to a gmail
account on Gmail probably I will be able
to allow login I believe are you perfect
so I'll go ahead and show you a few
different ways the first thing would be
actually going ahead and hacking the
password and it would can me through
like using the key logger or keystroke
login or the second thing would be to
actually go ahead and I get the hash
keys and convert that the md5 or sha-1
whichever it is the for the format ease
all we could actually go ahead and pick
the user by using social engineering or
this another way of cookie hijacking or
cookie stealing and okay hijacking means
stealing means that let's say for
example if I go ahead and access my
gmail account for once after that I
don't actually log out or let's say for
example I log out but over here when I
am logging in it will ask me to save the
password and I will say the password
so whenever next time I am playing
blogging it will automatically go ahead
and show me the passwords so getting
those cookies over the internet without
me accessing this computer is called as
cookie hijacking or cookie stealing so
as a tool there are different ways to
actually go ahead and do that so
sometimes these attacks can be much
easier than cracking a complex and a
long password I will do it as few
tutorials on actually how we can go
ahead and crack these passwords on
various replay attacks in the near
future and look look what specifically
for my upcoming tutorial on stealing the
Facebook cookie
so access someone's Facebook account you
can do that as well not only Facebook
but also Gmail and Yahoo or any kind of
other accounts it doesn't matter which
exactly until unless they are let's say
they're actually accessing their account
over the Internet
so let's start with the basics the first
thing would be the password storage in
general passwords are not stored in
clear text as rule passwords are stored
as hashes hashes are one-way encryption
that are unique for a given input and
these systems often use md5 or sha-1 to
the to hash the passwords so I'll just
go ahead and show you as to how
it exactly looks like mmm let me see
okay so I'll just go ahead and open this
just show you the image so this is how a
hash password looks like so this is the
actual stuff that's ABCD it's converted
into the hash one we have 1 2 0 and
that's again converted and this how it
looks like in total so it's just a
one-way encryption it cannot be
decrypted back but there are still ways
that we can go ahead and try to do
something else
so in Windows operating system passwords
on the local system are stored in this
Sam file while Linux towards them in /et
see slash shadow file so these files are
accessible only by someone with the root
or the system admin privileges in both
cases you can use a service or file that
has root our system admin privileges to
grab the password file X for example DLL
injection with Sam damned or DLL in
Windows and actually if you go to look
over my previous tutorials I have shown
you different ways as to how we can go
ahead and gather access to victims PC
and then go ahead and manipulate that
and by doing that you can also go ahead
and gather this and mTOR dll in Windows
and s of Linux I'll just go ahead and
show you exactly where the password is
file system EDC and this shadow this is
the one so this is exactly how it looks
like and the passwords are stored over
here and I believe these are the hash
keys for my password so I wouldn't be
actually going around doing some thing
to that because if I did I won't be able
to log in myself so the different types
of attacks to proceed with first reform
so the first type of attack is a
dictionary attack a dictionary attack is
the simplest and the fastest password
cracking attack to put it simply it just
runs through dictionary of words trying
each one of them to see if they work
also such an approach would seem impact
achill to do manually but computers can
do this very fast and run through
millions of words in just a few hours
and millions is more than enough
this should usually be your first
approach to attacking any password and
in some cases it can prove you
successful in just a few minutes because
normally people always keep the
passwords very easy let's say for
example route at 3 1 2 3 or admitted
thread 1 2 3 admin + 1 2 3 admin pound 1
2 3 or these are the different types of
attack or password at thread 1 2 3 and
when I say password the a will be
replaced by a trait and s will be
replaced by the dollar sign and a will
be replaced by zeros something like that
and these passwords are very easy to
crack even if you think that they are
not and that saw dictionary attack works
like and after that we have the rainbow
table most modern systems now store
passwords in hash this means that even
if you can get to the area or the file
that stores the password what you get is
an encrypted password as I showed you
just now over there in the ATC shadow
file one approach to cracking this
encryption is to take the dictionary
file and hash each word and compared to
the hashed password this is very time
and CPU consuming or intensive a faster
approach is to take a table with all the
words in the dictionary already hashed
and compare the hash from the password
file to your list of hashes if there is
a match you know yeah you know the
password then and after that we have the
brute force method brute force method is
the most time consuming approach to
password cracking it should always be a
last resort
brute force pass brute force password
cracking attempts it attempts all
possibilities of all the letters numbers
special characters this might be
combined for a password and attempts it
will attempt them as you might expect
the more computing horse power you have
the more successful you will be with
this approach so normally people don't
use this or they rarely use this that's
what I can say after we have the hybrid
a hybrid password attack is one that
uses a combination of dictionary words
with special characters numbers etc
often these hybrid attacks use
combination of dictionary words with
numbers appending and prepending them
and replacing letters with numbers and
special characters as I told you before
about the password P at the right dollar
dollar table use 0 rd 1 2 3
something like that and that's what a
hybrid attack is and there are also
commonly used passwords so as much as we
think each of us is unique and we do
show some common patterns of behavior
within our species that humans one of
these patterns is the words we choose
for passwords they are a number of word
lists that have been compiled a foreign
password in recent years many systems
have been cracked and passwords captured
from millions of users have been
destroyed and displayed to the whole
public by using these already captured
passwords you are likely to find at
least a few of the few on the network
that you're trying to hack so and that
would be it for this tutorial guys
because that's how exactly these are the
different ways as to how we can go ahead
and crack these passwords in the next
tutorial I'll continuing with the
password cracking strategy and the
software that we would be using to
actually go ahead and hack into some
specific systems
Related Exams
About this Video
|
4.68/5 Rating |
|
Nov 22, 2024 Last updated |
Video Description: Lesson 86 : Introduction To Password Cracking for Software Development 2024 is part of Ethical Hacking using Kali Linux (in English) preparation.
The notes and questions for Lesson 86 : Introduction To Password Cracking have been prepared according to the Software Development exam syllabus.
Information about Lesson 86 : Introduction To Password Cracking covers all important topics for Software Development 2024 Exam.
Find important definitions, questions, notes, meanings, examples, exercises and tests below for Lesson 86 : Introduction To Password Cracking.
Introduction of Lesson 86 : Introduction To Password Cracking in English is available as part of our Ethical Hacking using Kali Linux (in English) for Software Development & Lesson 86 : Introduction To Password Cracking in
Hindi for Ethical Hacking using Kali Linux (in English) course. Download more important topics related with notes, lectures and mock test series for
Software Development Exam by signing up for free.
Description
Video Lecture & Questions for Lesson 86 : Introduction To Password Cracking Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development - Software Development full syllabus preparation | Free video for Software Development exam to prepare for Ethical Hacking using Kali Linux (in English).
Information about Lesson 86 : Introduction To Password Cracking
Here you can find the meaning of Lesson 86 : Introduction To Password Cracking defined & explained in the simplest way possible.
Besides explaining types of Lesson 86 : Introduction To Password Cracking theory, EduRev gives you an ample number of questions to practice Lesson 86 : Introduction To Password Cracking tests,
examples and also practice Software Development tests.
|
Explore Courses for Software Development exam
|
|
Signup for Free!
Signup to see your scores go up within 7 days! Learn & Practice with 1000+ FREE Notes, Videos & Tests.
Related Searches
Free
,Semester Notes
,Extra Questions
,Sample Paper
,shortcuts and tricks
,Previous Year Questions with Solutions
,Summary
,study material
,practice quizzes
,Lesson 86 : Introduction To Password Cracking Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development
,Exam
,Objective type Questions
,Lesson 86 : Introduction To Password Cracking Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development
,Important questions
,past year papers
,mock tests for examination
,MCQs
,ppt
,video lectures
,Lesson 86 : Introduction To Password Cracking Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development
,Viva Questions
;
Study Lesson 86 : Introduction To Password Cracking on the App
Students of Software Development can study Lesson 86 : Introduction To Password Cracking alongwith tests & analysis from the EduRev app,
which will help them while preparing for their exam. Apart from the Lesson 86 : Introduction To Password Cracking,
students can also utilize the EduRev App for other study materials such as previous year question papers, syllabus, important questions, etc.
The EduRev App will make your learning easier as you can access it from anywhere you want.
The content of Lesson 86 : Introduction To Password Cracking is prepared as per the latest Software Development syllabus.
|
© EduRev
|
Education Revolution
|
Follow Us
|
Signup to see your scores
go up within 7 days!
Access 1000+ FREE Docs, Videos and Tests
Takes less than 10 seconds to signup