Hacking course: PASSWORD ATTACK

PASSWORD ATTACK

Hello Friends Today, we will learn about Password Attacks. In today's chapter, we will learn how to crack passwords, we will learn a lot about Password Attack today.

Password attack is of 2 types: -
1. Online Password Attacks
2. Offline Password Attack

ONLINE PASSWORD ATTACKS

As we were already scanning Vulnerability with the help of tools, we can do Password Guess with the help of some tools like this. With the help of these tools, we look at automatic passwords. These automatically use our given passwords and when they get the correct password, they show that password, we call it Brute Forcing. These are the same number of username and passwords that the tools do and check them one by one until the correct username and password is found. One problem in Brute Force is that if your target is kept using Strong Password then it takes too much time to get hacked.

WORDLIST

Before using these tools, you need some list which contains some Username and Password as these tools will use the same username and password.

USER LISTS

In User Lists, you can put in the username that you think your target can put one of those username.As I have put some username in my file userlist.txt because we are teaching all this here, then I have put a little bit of it, I have inserted the same real username as well.

PASSWORD LISTS
You can add a list of password to ISME. You can use any Text Editor to create this list, I have created this Password List in which I have entered the real password, because we just learn how to use it.

You also make similar 2 files and save them. We will use a tool named Hydra which is a very good tool.

If you already have a password and userlist created, you can visithttp://packetstormsecurity.com/Crackers/wordlists/ or http://www.openwall.com/wordlists/ . There are some targets which use such a password that can easily be remembered and these are mostly from Password Dictionary, so this attack is also known as a Dictionary Attack.

GUESSING USERNAME AND
PASSWORD WITH HYDRA
OK, if you have userlist and passwordlist now you are ready to do the Hydra Attack, then first open the Terminal in Kali Linux and type in it: =
hydra -t 1 -L userlist.txt -P passlist.txt -vV 192.168.43.160 ftp

In this we have Hydra Attacks, in the above example we have done the first Hydra type, which is the command of the Hydra, then we have done the -t 1 type which is attacking the same attack in the same 1 bar at a time, We did this because at times it happens that the FTP does not tolerate attacks more than 1 and stops for a while, -L is used for userlist and for the -P password list. -V for Verbose Mode and -V is used to show us whatever password it has tried. After this there is an IP address of our Windows XP and at the end of the FTP as you saw it tried all the password and the correct password was shown to us.

Now we will have another attack on this, in which we already know the target of the username, if we do not need a userlist, then we write -l <username> and then put our password list.
Hydra -l target -P passlist.txt -vV 192.168.43.160 ftp

After -l in this, we directly write the username of my target and the rest is the same.

HOW TO CREATE WORDLIST
You can also create Wordlist for yourself in Kali Linux itself. Like if you think that your target 7 can be a password of the word in which it will use only AB, then you can do this with a very good tool called Crunch, that's why we took a small example You can write anything in place of AB, then Crunch will meet you with the same words and create a password list. But remember one thing, this Password List sometimes comes in very large size as you want to create a Password List.
To use Crunch, you have to type the following command.
Crunch 7 7 AB

Initially, Crunch has started this command with the help of this command you can create wordlist 7 words which is created with the use of A or B.

CEWL
This is also a good tool in Kali Linux. These tools check the entire website and make Wordlist for you from them as shown below in Screen-Shot.

Command: -
cewl -w mywordlist.txt -d 1-m 5 www.kaliattacks.com

In this command -w saves your wordlist as it will save it as mywordlist.txt after that -d1 means that it will find words from the website in depth and -m 5 means that it is less Will create a list of less than 5 words.

Keep in mind that one of the biggest problems of Online Password Attack is that many services are such that it is often stopped by trying. As soon as entering the Login Password incorrectly your IP address will be blocked.

OFFLINE PASSWORD ATTACKS
The good thing about this attack is that it does not have your IP address block. In this, you also have to Copy Password of Hash Files and decode it in Plain Text on your system so that you can get Password, but if Hash is compromised, you can not decode it, for this you need to type any password What will happen after the Encrypt is being matched with Hash?

OPHCRACK
This is an Offline Password Cracker. It uses some tables called Rainbow Tables. Helps in Password Cracking very quickly using those Tables. In OPH Crack, you can decrypt any Single Hash File or Encrypt SAM File. You will have to download Hash Tables for this. For this first write the ophcrack in the terminal, it will open the ophcrack. Now load the SAM file in it and then click on the Tables button to install Tables. Then click on the Crack button. After some time you will find it in Password Plain Text.

There are more tools to crack online and offline password that you can try like hamid and you will find them all in Kali Linux.
You can also do more Google tools. Next we will learn a lot more by moving forward our classes.Please share this blog with me. Hope you have got to learn a lot in this ethical hacking classes.
thank you