Wonder how to hack a password? Here’s a brief overview of the art and science of password cracking. The basic is to use a file or service that owns root/sysadmin privileges to seize the password file (works particularly for Windows). But it is encrypted. You take a dictionary file, hash every word, and match it to a hashed password.
Other more complicated attacks are:
- Dictionary: computers run through a dictionary of words trying each of them as a password;
- Rainbow Table: make it a match explicitly by taking a table with all the words in the dictionary and checking the hash from the file with the list of hashes;
- Hybrid: it combines words with numbers and special characters and “plays” with it until it finds the right password;
- Existing passwords capturing systems: they use already captured passwords and make them match into a password within one network (it is also human behavior-based).
- Password cracking tools that combine all three mentioned above methods and a brute one – attempt to match all the letters, special characters, numbers;
- Apps whose performance is based on those three approaches, and their similar alternatives;
- Online password cracking tools that break HTTP, Telnet, POP3, SMB, FTP, etc.
- Brand-new way is using spyware: their Keylogger feature allows seeing the credentials to emails, account-based apps, and services.