Cracking a Password

Manual password cracking involves attempting to log on with different passwords. The hacker follows these steps:
  1. Find a valid user account (such as Administrator or Guest).
  2. Create a list of possible passwords.
  3. Rank the passwords from high to low probability.
  4. Key in each password.
  5. Try again until a successful password is found.
A hacker can also create a script file that tries each password in a list. This is still considered manual cracking, but it's time consuming and not usually effective.
A more efficient way of cracking a password is to gain access to the password file on a system. Most systems hash (one-way encrypt) a password for storage on a system. During the logon process, the password entered by the user is hashed using the same algorithm and then compared to the hashed passwords stored in the file. A hacker can attempt to gain access to the hashing algorithm stored on the server instead of trying to guess or otherwise identify the password. If the hacker is successful, they can decrypt the passwords stored on the server.
Passwords are stored in the Security Accounts Manager (SAM) file on a Windows system and in a password shadow file on a Linux system.

No comments:

Post a Comment

Popular Posts