How passwords are Hacked:- comprehensive explanation on each type

Now in 21’st century, we all want to be the ethical or black hat or internet activist and most of all, everything in this technocratic world is ruled by computer and thus privacy and passwords.In most hacker movies, YouTube video they use Linux environments and geek codes but a pattern repeats in their work.But all I will be giving you a 1000ft overview of general working.

There is two types internet based attacks and hardware attacks:-

Hacker password attacks are mainly classified into 3 types:-


Dictionary attacks


dictionary-300x187In this type of attacks, we are assuming that the password is made of a word which comes into the dictionary and we are running all possible words through it, so that, we stop until we get a match.This method is actually old and therefore usually used in google account openings or any internet based system you are asked to enter a special character and alphanumeric letters but still dictionary attacks are used



  • Directly password is  known no any intermediate results  are obtained
  • This attack is time-consuming but works sometimes
  • Works only if password is in dictionary you got or word list
  • Being old everyone knows it hence almost never works precaution are taken like after 3 failed attempts wait for few seconds ,enter patch or even block IP at server level of website

Rainbow table attacks


In most of the websites or software’s passwords  are never stored in databases that meaning even if penetration occurs and the database is stolen  they would get only #hashes meaning a series of alphanumeric and special character series.When we type the password in the website or soft-wares it is usually converted into hashes by a defined algorithm with a key and then send to check over database verified and then you get logged in.In this type of attacks; between sending hashes to a database, the connection is intercept which may need penetration of system but in some cases not needed.After you get hashes and do it for few hundred samples you analyse it until you get a pattern, for eg:- ‘An’ in hashes mean e4g7. And then passwords are decrypted.

hashes-300x150After getting hashes from a database you just needed to decode like above way and log in.You may be wondering but how to hack database for that you may use SQL injection method.Means database is made of row and columns of a table  in which  you put info and in such cases even a search box or any input box of the website when proper command are put you are able to hack into the database but I will let you know that later.



  • Even database is stolen during penetration passwords  can be easily hashed by finding out patterns
  • Some algorithms like md5,sha1 etc are irreversible algorithms even any unknown algorithm can be decrypted only time varies although there can be the exception but solution come fast, a hacker is up to date too.
  • Disadvantage you need at least of 1000 more samples with pair of encrypted and decrypted keys to guess for a particular encrypted ones
  • But penetrating a system is the most difficult part of this method hence for counter measuring high defense-grade firewalls are used

Brute force

brute-force-300x169This is by far the most time consuming and most popular method used by a hacker but it is inefficient as, if the system is properly designed then by frequent attacks on application or server, the system just blocks incoming and  outgo

ing info and total lockdown is done regarding databanks.But it actually yields good  results unlike rainbow table No hashes and also covers non-dictionary words and special letters.How it works is basically computer or cluster of computers in series try different permutation and combination until we get  a match.Like trying every possible word and alphanumeric combination.


  • No need for penetrating system
  • Most time consuming but always working method ,but exception some password might take years or decades to this process
  • This is also one of the oldest methods used so the countermeasures for Dictionary attack like capatch, IP locking and time interval for next try are used
  • Disadvantage being time-consuming but over that it takes high server power to decode hence resource heavy system , plus more the servers more the resources less the time it takes to decode


Evil twin method

Grafik-Rouge-Hotspot-300x188this is actually associated with internet based, hacking .fiber optics or communication system.usually used in WiFhacking.So what is done; a user is insisted on putting the password into a website box and the info in it then goes to you and then you use it.Like, for example, you are accessing WiFi through router Intercepting signal is designed in such a way that it clone your WiFi DNS servers(Like names and address ) and de-authenticate or cuts  your connection from your router then connect you to clone meaning the fake one and you still are thinking that you were offline for few moments then again online there must be some minor technical glitches but no.Then if internet is not working what we do is we go to to check connectivity, during web browsing, a web page create by hacker comes up with your company router which hacker guess ( based on rekon  regarding personality, usage of person) then you put password and  the password goes to hacker  and everything is ok back again you are now browsing the internet.Then hacker disconnects you from his network and using that password given by you connect to your original network but for this to work successfully you have to do some reckon like the simple question in elevator regarding Your WIFI has good range, which brand is it? etc and make sure that person is not hacker lol, and simple question regarding which company router he uses and what company of  internet is used by him, so that we can create a fake web page with it to get the password.

But these are all software attacks which are pretty impressive but time-consuming.Instead, try Hardware,

Method: – DO like a 100000 attempts to connect to application or router etc, eventually application fails and restarts as it restarts, firewalls and protection services are very bulky application so naturally they are intended to load last and between these gap before loading firewall you can attacks required device and fail it just, like that and now firewall thinks you are inside user .especially used for routers.

Counter measures

  • Always a good antivirus installed on your computer and server.
  • While browsing site please check it’s legitimacy, it is running https then only give important credentials like credit card details and personal info
  • Never install any software or run any application from unknown source
  • Keep you your antivirus update and scan your devices frequently, see if there are unknown background processes running online
  • Always make your password having 2 special character minimum of 2 changes in capital and small text along with a alphanumeric 5 letters this can take up to 10-20 years to decode and even more to brute force
  • Always have your Operating system firewall online along with your antivirus in case , auto-playing a pen drive or cd any application gets randomly installed
  • If your are not sure if application is genuine or not install Sandboxie and run application in it, it stop full computer infection
  • Use general sense regarding unknown email asking for some info .

You can read more about hacking

Why Linux is used for Hacking??

Never get hack but hack others.Have a nice day

Previous articleHow to make custom tshirts!
Next articleRoot any android phone in one click!
Harsh Nagarkar is a budding blogger, His motto through this blog is to share knowledge about the things you can do through technology and life. His aim to help those who are looking for the answer in this world.


  1. I just couldn’t depart your website before suggesting that I extremely enjoyed the standard information a person provide for your visitors? Is going to be back often to check up on new posts

Leave a Reply