How passwords are Hacked:- comprehensive explanation on each type
Now in 21’st century, we all want to be the ethical or black hat or internet activist and most of all, everything in this technocratic world is ruled by computer and thus privacy and passwords.In most hacker movies, YouTube video they use Linux environments and geek codes but a pattern repeats in their work.But all I will be giving you a 1000ft overview of general working.
There is two types internet based attacks and hardware attacks:-
Hacker password attacks are mainly classified into 3 types:-
In this type of attacks, we are assuming that the password is made of a word which comes into the dictionary and we are running all possible words through it, so that, we stop until we get a match.This method is actually old and therefore usually used in google account openings or any internet based system you are asked to enter a special character and alphanumeric letters but still dictionary attacks are used
- Directly password is known no any intermediate results are obtained
- This attack is time-consuming but works sometimes
- Works only if password is in dictionary you got or word list
- Being old everyone knows it hence almost never works precaution are taken like after 3 failed attempts wait for few seconds ,enter patch or even block IP at server level of website
In most of the websites or software’s passwords are never stored in databases that meaning even if penetration occurs and the database is stolen they would get only #hashes meaning a series of alphanumeric and special character series.When we type the password in the website or soft-wares it is usually converted into hashes by a defined algorithm with a key and then send to check over database verified and then you get logged in.In this type of attacks; between sending hashes to a database, the connection is intercept which may need penetration of system but in some cases not needed.After you get hashes and do it for few hundred samples you analyse it until you get a pattern, for eg:- ‘An’ in hashes mean e4g7. And then passwords are decrypted.
After getting hashes from a database you just needed to decode like above way and log in.You may be wondering but how to hack database for that you may use SQL injection method.Means database is made of row and columns of a table in which you put info and in such cases even a search box or any input box of the website when proper command are put you are able to hack into the database but I will let you know that later.
- Even database is stolen during penetration passwords can be easily hashed by finding out patterns
- Some algorithms like md5,sha1 etc are irreversible algorithms even any unknown algorithm can be decrypted only time varies although there can be the exception but solution come fast, a hacker is up to date too.
- Disadvantage you need at least of 1000 more samples with pair of encrypted and decrypted keys to guess for a particular encrypted ones
- But penetrating a system is the most difficult part of this method hence for counter measuring high defense-grade firewalls are used
This is by far the most time consuming and most popular method used by a hacker but it is inefficient as, if the system is properly designed then by frequent attacks on application or server, the system just blocks incoming and outgo
ing info and total lockdown is done regarding databanks.But it actually yields good results unlike rainbow table No hashes and also covers non-dictionary words and special letters.How it works is basically computer or cluster of computers in series try different permutation and combination until we get a match.Like trying every possible word and alphanumeric combination.
- No need for penetrating system
- Most time consuming but always working method ,but exception some password might take years or decades to this process
- This is also one of the oldest methods used so the countermeasures for Dictionary attack like capatch, IP locking and time interval for next try are used
- Disadvantage being time-consuming but over that it takes high server power to decode hence resource heavy system , plus more the servers more the resources less the time it takes to decode
this is actually associated with internet based, hacking .fiber optics or communication system.usually used in WiFhacking.So what is done; a user is insisted on putting the password into a website box and the info in it then goes to you and then you use it.Like, for example, you are accessing WiFi through router Intercepting signal is designed in such a way that it clone your WiFi DNS servers(Like names and address ) and de-authenticate or cuts your connection from your router then connect you to clone meaning the fake one and you still are thinking that you were offline for few moments then again online there must be some minor technical glitches but no.Then if internet is not working what we do is we go to google.com to check connectivity, during web browsing, a web page create by hacker comes up with your company router which hacker guess ( based on rekon regarding personality, usage of person) then you put password and the password goes to hacker and everything is ok back again you are now browsing the internet.Then hacker disconnects you from his network and using that password given by you connect to your original network but for this to work successfully you have to do some reckon like the simple question in elevator regarding Your WIFI has good range, which brand is it? etc and make sure that person is not hacker lol, and simple question regarding which company router he uses and what company of internet is used by him, so that we can create a fake web page with it to get the password.
But these are all software attacks which are pretty impressive but time-consuming.Instead, try Hardware,
Method: – DO like a 100000 attempts to connect to application or router etc, eventually application fails and restarts as it restarts, firewalls and protection services are very bulky application so naturally they are intended to load last and between these gap before loading firewall you can attacks required device and fail it just, like that and now firewall thinks you are inside user .especially used for routers.
- Always a good antivirus installed on your computer and server.
- While browsing site please check it’s legitimacy, it is running https then only give important credentials like credit card details and personal info
- Never install any software or run any application from unknown source
- Keep you your antivirus update and scan your devices frequently, see if there are unknown background processes running online
- Always make your password having 2 special character minimum of 2 changes in capital and small text along with a alphanumeric 5 letters this can take up to 10-20 years to decode and even more to brute force
- Always have your Operating system firewall online along with your antivirus in case , auto-playing a pen drive or cd any application gets randomly installed
- If your are not sure if application is genuine or not install Sandboxie and run application in it, it stop full computer infection
- Use general sense regarding unknown email asking for some info .
You can read more about hacking
Never get hack but hack others.Have a nice day