TECH TIPS & TRICKS: Password Cracking

Thursday, September 30, 2010

Password Cracking

Password Cracking:

Passwords are the most common mode of security on almost all the websites and computer networks.Password cracking is way gaining unauthorized access to ftp servers, websites and networks.


Dictionary Attack:
In a dictionary attack, a list of most common passwords is used to crack the security password of the ftp servers and websites.Strong passwords are not vulnerable to such attacks.You can implement this attack using a Password Cracker called Brutus AET2.

FTP stands for File Transfer Protocol, a simple way to transfer files over the network.If a hacker gains access to one's ftp server, he can upload/delete,modify all files on the server or website.

Steps:
1) Download and Install Brutus from the link above, before installing disable your antivirus or antispyware.
2)Choose a target i.e website address or the ftp server address, say 127.0.0.1
3)When you type ftp://127.0.0.1 on the address bar of your browser , a window pops out asking for the username and the password.

4)Now Open Brutus,in the target field type the ftp server address or IP address of the website, in this case it's 127.0.0.1.From the Drop down menu "Type", choose the appropriate option, in this case it is FTP.

5)The default port is 21 but sometimes websites change it, to make it more secure.In such cases you can find the right port or any open port by performing a port scan using Nmap or Angry IP Scanner.

.
6)You will have to get a list of most common usernames and passwords.You can find some good lists here.
7)Choose the "Pass Mode" as Word list, browse and select the user list & password list you have downloaded.
8)Click on start and the Brutus will carry out all password combinations to gain access to the ftp server and website.

9)But the drawback is that ,in this mode of attack-Brutus will leave many footprints, i.e a huge log of your presence on the server(see below).Hence you can get into problems with law.To Avoid this one can use a proxy, an intermediate server which connects to the target computer on behalf of your request, thereby allowing you to connect anonymously, making you more secure.
The dictionary attack has a very low success rate because most of the passwords are a mixed combination of letters,numbers & special characters etc.The dictionary attack will work only if the password consists of only letters.

To overcome this drawback one can employ Brute-Force method of cracking, which will try every possible combination including letters,numbers, special characters etc. The only limitation is that it will take a long time.
The speed depends upon the computer running the software as well as the complexity of the password which you are trying to crack.

1)To employ a brute-force attack, choose "Brute force" from the "Passmode" menu, in Brutus.You can select the range option if you have some idea of the length of the password.

Preventive Measures:

1) Change your FTP port in order to make it more secure.
2)Use SSL(Secure Sockets Layer) for websites and ftp servers.It is the most widely used technology for providing a secure communication between the web client and the web server.

WARNING:THE ABOVE INFORMATION PROVIDED IS FOR EDUCATIONAL PURPOSE ONLY.I DON'T HOLD RESPONSIBLE FOR ANY MISUSE.

No comments: