Hacking by Solis Tech: How to Hack Computers, Basic Security and Penetration Testing (2014)
Chapter 7: Protecting your Passwords
Password hacking is considered as the easiest way to hack into a computer system online. If you know how to hack a password, then you can easily infiltrate another computer’s Wi-Fi access and take control of another person’s internet connection, or even take control of a person’s online accounts and retrieve sensitive information. Passwords are easy to break once you know how they are encrypted, or you have a good guess on what they are.
The weakness of passwords lies on its very nature, which is secrecy. Passwords are normally shared among computer users especially when one person allows other users to use a personal computer, especially when the purpose is to share files among different people and skip sharing files over a network.
Always remember that knowing a password makes one an authorized user of a computer. The tough side of making passwords the sole basis of network security is that passwords can be easily passed from one person to another, and it is hard to track who has that information. Sometimes, password sharing is intentional, but there are many times that it is not.
What Makes a Password Weak?
There are two factors that may cause a password to be easily hacked by any malicious user:
1. User or organizational vulnerabilities
This means that there are no password policies that are employed to make it harder to guess, or that users do not care for the password’s use for security.
2. Technical vulnerabilities
This means that passwords that are being used have weak encryption policies, or that the database that store them is unsecured.
A weak password has the following qualities:
1. Easy to guess
2. Reused over and over again for different security points
3. Stored in unsecured locations
4. Seldom changed
It is the nature of many computer users to make passwords convenient, and they often rely on their minds in order to remember them. Because of that, people often choose passwords that are not only easy to remember, but also contain a lot of clues that they can see in their immediate environment. For added assurance that they will definitely remember passwords for easy access, they would also want to write it down where they can easily see it.
If a computer user would choose a more difficult passphrase to guess, it can still be easily hacked by targeting the weakness in its encryption scheme. Computer users and vendors often think that a password that is long and difficult to guess because of the string of characters used is not prone to attacks. However, note that when the encryption is weak, it can be easily targeted by a simple cracking attack.
There are over 6000 password vulnerabilities known today, according to the National Vulnerability Database. That number is still growing as hackers discover more sophisticated methods to get past encryption methods. The most popular and easiest ways to uncover a password is through social engineering, gleaning, and using a key logger, but there are different other methods to remotely obtain a password. Here are some of the tools that are used to get passwords without having to be near a target computer or having physical access to it:
1. Elcomsoft Distributer Password Recovery – This tool cracks Microsoft Office encryption, PKCS, and PGP passwords. This allows you to use GPU acceleration that speeds up the hacking process up to 50 times.
2. John the Ripper – This tool cracks hashed Windows, Unix, and Linux passwords.
3. Proactive System Password Recovery – This tool recovers any locally stored Windows, WPA or WEP, SYSKEY, and VPN passwords
4. Cain and Abel – This tool cracks LanManager, Windows RDP, Cisco IOS, and other types of similar passwords.
5. Proactive Password Auditor – This runs using brute-force, dictionary, and rainbow attacks and can extract NTLM and LM password hashes.
Countermeasures Against Password Cracking
In order to prevent unauthorized users from uncovering passwords, here are some tips that you can use to thwart any attack designed to crack authentication:
1. Use switches on networks
Hackers typically make use of network analyzers to detect network cards that have activities. To prevent that from happening, you can use programs like sniffdet in order to uncover if someone is trying to sniff out information from your ports.
2. Make sure that unsupervised areas do not have network connections
3. Do not let anyone have physical access to your network connection or your switches.
4. Make sure that you use updated authentication policies on your network in order to make sure that you are using better encryption that hackers will find hard to attack.