How passwords are cracked

Well, here are the possibilities

Social Engineering by knowing about person and answer to questions when resetting password of any account
Breached Data: Websites get hacked every single day & if there is an account in one of the hacked website database, its easy to get your password. But obviously there is an issue here, now a days websites are using encrypted password hashes means when you enter a password to register in website, that password goes through an algorithem and converts into long hash (set of random numerics & alphabets) and this encrypted password cannot be reversed. And whenever you login next time, that password which you enter gets encrypted with same algorithem and check whether saved hash is same as logging in password. So, there is one possibility to decrypt password which is called brute force. If password is retrieved after brute forcing, and same password is used elsewhere, then you can understand that your password is hacked.
Phishing: This is a method to make you victim by making you feel like you are logging in to real website and stealing your login details. Assume that you received some threatening mail from your bank about your amount getting withdrawn, most of you are going to click whatever button you find there to check what went wrong which could be a phishing page (looks so similar to real banking page), you are probably going to enter your real username & password & those details will be sent to attacker. So here is the way most criminals practice.
Bruteforce: As said in previous method, bruteforce is always final option which also consumes a lot of time & storage space. I will be explaining about it in simple way below because your password could be at risk.

Suppose I used a password as abcde & as many websites use different type of password encryption algorithems, these below are its converted encrypted hashes

Encryption Type Encrypted Password

DES: $1$/NEhPgP7$KktqPXE5tiBeE6/Z5xuyH.

MD5: ab56b4d92b40713acc5af89985d4b786

sha1: 03de6c570bfe24bfc328ccd7ca46b76eadaf4334

sha224: bdd03d560993e675516ba5a50638b6531ac2ac3d5847c61916cfced6

sha256: 36bbe50ed96841d10443bcb670d6554f0a34b761be67ec9c4a8ad2c0c44ca42c

sha384: 4c525cbeac729eaf4b4665815bc5db0c84fe6300068a727cf74e2813521565abc0ec57a37ee4d8be89d097c0d2ad52f0

sha512: 878ae65a92e86cac011a570d4c30a7eaec442b85ce8eca0c2952b5e3cc0628c2e79d889ad4d5c7c626986d452dd86374b6ffaa7cd8b67665bef2289a5c70b0a1

ripemd128: a0a954be2a779bfb2129b72110c5782d

ripemd160: 973398b6e6c6cfa6b5e6a5173f195ce3274bf828

ripemd256: 81d8b58a3110a9139b4ddeccb031409e8af023067cf4c6f0b701dab9ecc0eb4e

ripemd320: a94dc1bc825db64e97718305ce36bfef32cc5410a630999678bcd89cc38c424269012ec8c5a95830

whirlpool: 5d745e26ccb20fe655d39c9e7f69455758fbae541cb892b3581e4869244ab35b4fd6078f5d28b1f1a217452a67d9801033d92724a221255a5e377fe9e9e5f0b2

snefru: 8d2891fc6020d7dc93f7561c0cfdde26426192b3e364a1f52b634482009dc8c8

snefru256: 8d2891fc6020d7dc93f7561c0cfdde26426192b3e364a1f52b634482009dc8c8

gost: b18cfd04f92dc1d83325036bc723d36db25ede41ae879d2545fc7f377b700899

crc32: f44d5ba3

crc32b: 8587d865

fnv132: 0e2fc14a

fnv164: 1f6062c561d33a4a

joaat: b98559fc

haval128,3: 51d4032478aa59182916e6c111fa79a6

haval160,3: 8d7c2218bdd8cb0608ba2479751b44bb15f1fc1f

haval192,3: 4a106d88931b60df1ba352782141c473e79019022d65d7a5

haval224,3: 177da8770d5bf50e1b5d82dd60df2635102d490d86f876e70f7a4080

haval256,3: 3913ab70f6219eefe10b202de5991efdbc4a808203bd60bbfbfc043383ae8f90

haval128,4: 61634059d9b8336feb32ca27533ed284

haval160,4: f74b326fe2ce8f5ba151b85b16e67b28fe71f131

haval192,4: 88a58d9011ca363a3f3cd113ffeaa44870c07cc14e94fb1b

haval224,4: 3eef5dc9c3b3de0f142db08b89c21a1fdb1c64d7b169425dba161190

haval256,4: 8f9b46785e52c6c48a0178edc66d3c23c220d15e52c3c8a13e1cd45d21369193

haval128,5: 11c0532f713332d45d6769376dd6eb3b

haval160,5: 53734616dd6761e2a1d2bd520035287972625385

haval192,5: cddf16e273a09e9e2f1d7d4761c2d35e1dd6ee327f1f5afd

haval224,5: d8cbe8d06dc58095ec0e69f1c1a4d4a90893aae80401779ceb6646a9

haval256,5: c464c9a669d5b43e4c34808114dce4ecc732d1b71407e7f05468d0b15bff7e30

tiger128,3: bfd4041233531f1ef1e9a66d7a0cef76

tiger160,3: bfd4041233531f1ef1e9a66d7a0cef76a3e0fe75

tiger192,3: bfd4041233531f1ef1e9a66d7a0cef76a3e0fe756b36a7d7

tiger128,4: 7fd0e2faec50261ef48d3b87c554ee73

tiger160,4: 7fd0e2faec50261ef48d3b87c554ee739e8fbd98

tiger192,4: 7fd0e2faec50261ef48d3b87c554ee739e8fbd98f9a0b332

So, to crack MD5 hash as ab56b4d92b40713acc5af89985d4b786, I need to go through all possible words. Also I need to try all dictionary words. If I don't get through all these, I finally bruteforce by generating wordlist by mixing [a-z][A-Z][0-9][special_characters] while including word length, say as word lenght starting from 6 to 15 and generating that wordlist which needs hard disk space.

What if I say you that there is no need for you to get breach data so you can collect password hashes or no need for you to generate any wordlist at all, because this is 2021 and we got 24,108,940,757 words which are been used till now, this is going to be very easy to crack a password right. If you found that password is not from 24 Billion word list, you need to go back and generate wordlists yourself.

Wanna have access to those 24 Billion wordlists / passlists? Here you go.

Breaking

How passwords are cracked

Post a Comment

Hacking Gmail account using GX Cookie

Latest Posts

Most Popular

Hacking Gmail account using GX Cookie

The Future security mobile botnets take over ipone just with A SMS

Connecting two buildings to one broadband service

Contact Form