sir i want to know how the password cracker software's get password hashes from the system,,
say i try to log in to a router and it asking a username and password how i bypass this????
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
2 replies to this topic
#3
infiltrator
-
- Sergeant Major
-
- 421 posts
Staff Sergeant
Posted 17 July 2012 - 10:52 PM
sir i want to know how the password cracker software's get password hashes from the system,,
say i try to log in to a router and it asking a username and password how i bypass this????
First of all, password crackers DO NOT in anyway or form get the password hashes from the system. When you input a clear-text password into a system, the system uses a password hashing algorithm such as an MD5 or SHA1 to encrypt that given clear-text password into a hash.
For example: If you use an MD5 algorithm to generate a hash for the word "password", your hash will look like the hash below.
"5f4dcc3b5aa765d61d8327deb882cf99"
Now, once your system has encrypted your clear-text password, into a hash, the hash is stored on the system's back-end (database).
To recover that hash, there are two methods that a password cracker can use:
The first method is called, a "dictionary attack" it use a file containing dictionary words or common used passwords to try to guess what the hash is.
The second method is a little exhaustive, it tries every possible password combination, lower, upper, numeric, special characters (!@#$%^&*()). This method could take years, if the password is complex.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
