Password Cracking


Software cracking is the modification of software to remove protection methods. This is a type of reverse engineering. Reverse engineering means study the design, structure and pattern of process to know how things are work and modify them for some other use, mainly personal use.
The main reasons for software cracking is:
(1) For understanding algorithms used in software for use in there own programs.
(2) Making shareware software full-version.


Password cracking is a type of software cracking. Since password form one of the foundation of security for most of the systems and networks, cracking password is high on the list of priorities for the attackers trying to break into and compromise such systems. Password cracking is the process of recovering secret passwords. Main method of cracking is guessing. So password cracking is the process of guessing the password for an application or system until the correct one is found.

Purpose of password cracking:
(1)Help a user to recover forgotten password.
(2)As a preventive measure.

Cracking password can be approached in two ways. They are: Online Cracking and Offline cracking.

1.1.1 Online Cracking
This approach involves sniffing the network traffic to capture authentication sessions and try to extract passwords from the captured information. This is generally slow and difficult to accomplish, but there are some tools are available that are specially designed for sniffing out password from network traffic.

1.1.2 Offline Cracking
This is the preferred method. This involves compromising a system to gain access to the password file or database and then running a tool called password cracker to try to guess valid password for user account. Offline cracking can be performed on the compromised machine or the password file can be grabbed and copied to a machine located outside the compromised network to be cracked at leisure, even some worms such as Double Tap and Lion can automatically grab passwords from infected systems.

1.2 Principal attack methods used in password cracking:
There are many methods that are used to crack passwords. Some of them are given below:
(1) Weak encryption.
(2) Guessing.
(3) Dictionary Attack.
(4) Brute Force Attack.
(5) Hybrid Attack.
(6) Precomputation
(7) Memorization.
(8) Password Grinding.

1.2.1. Weak Encryption
Sometimes we use cryptographically weak function to store password. In most of the computers, before storing the password into the database it encrypt the password and stores in some place. Or it may use some hash function for this. If the system uses some weak function to encrypt password the cracker needs only a fewer operation to decrypt this.
One example for this is LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length. LM hash breaks the password in to two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

1.2.2. Guessing
This is the simplest method. Not surprisingly many of the people use very weak passwords such as blank, the word ‘password’, ‘passcode’ and some other words having the meaning of password, the users name or the login name, the name some significant relatives of the user, their birth place, date, pet’s name, passport number etc…… and some users neglect to change the default password.
Sometimes it is very easy to crack the password if we have a good idea about the behavior of the user. So by guessing we can easily crack these passwords.

1.2.3. Dictionary Attack
This type of attack uses some password cracking tools (we will discuss these later). The tool will be equipped with a dictionary which contains some commonly used passwords, name of places, common names, and other commonly used words. The password cracking tool then encrypt these words by using all commonly used encryption methods and then by using some good searching algorithms check whether a valid match is found or not.
This is a simple method. And also this is the commonly used method. It can perform both online and offline cracking.

1.2.4. Brute Force attack
In this method the cracker try all combinations of letters and digits. This is the simplest and least efficient method. This is the most time consuming method .This is used when the dictionary fails. By using the letters, digits and special symbols it generate every possible length until the correct one is found or the attacker gives up. The ease with which the password can be cracked varies with different platforms and systems. OS much as Microsoft windows server 2003 store the password securely in encrypted form. To crack such passwords usually requires at the minimum physical access to the system using administrative credentials and even then Brute force is usually the only the approach for extracting password.

User applications such as office productivity tools can protect document with passwords, and these are generally easier to crack. Older platforms such as windows 95 stored password information in ‘.pwl’ files that were weakly encrypted and easy to crack. In this approach the feasibility is dependent upon the length of the key, the computational power available for the process, and the patients of the attacker. This is also used in both online and offline cracking.

1.2.5. Hybrid Attack
This is the combination of both Dictionary and Brute force attack. In addition to cracking passwords it is used for guessing community names on a network that uses simple network management protocol. In a typical hybrid attack the cracking program generates short strings of characters and adds them to the beginning and end of the dictionary words. Eg: A password such as “daisy 123 “ would likely crack very quickly through a hybrid attack, which would try the world “daisy “ with various short strings of characters appended.

1.2.6. Precomputation
This involves hashing each words in the dictionary and store in the form of pairs in a way that enables lookup on the cipher text field. This is very useful only when salt is not properly used in the program (Salting will be explained later). By applying time-memory trade-off, a middle ground can be reached – search space of size N can be turned into an encrypted database of size O(N 2/3) in which searching for an encrypted password takes time O(N 2/3).

1.2.7. Memorization
This is a method similar to precomputation. This is used to crack multiple passwords at cost of cracking just one. Since encrypting a word takes much longer than comparing it with a stored word, a lot of effort is saved by encrypting each word only once and comparing it with each of the encrypted passwords using an efficient list searching algorithm.

1.2.8. Password grinding
This is manually trying to guess passwords for an application, system, or network. This is a primitive form of password cracking in which the attacker simply attempts to log on repeatedly to the target machine, trying different passwords until either the correct one is guessed or the system locks out the attacker. While this might seem like a fruitless activity, it is amazing how many users employ the word password as their passwords and how many administrators fail to change or disable the default passwords included with devices such as routers they install on their networks. Even considering the marked exaggeration of hacking abilities depicted in movies like WarGames and Mission Impossible, a knowledgeable cracker can occasionally succeed using this simple method and then leverage the obtained password to further compromise a target system or network.

Password crackers have valid uses in business environments. It provide legitimate tools and services to companies that need to access password-protected document or an administrator account or to disable screen savers. There are many tools are used in the market to crack passwords. Some of them are described below.

Popular Tools for Cracking Passwords:

1.3.1. L0pht Crack:
This is used for auditing account, passwords and recovery lost password on Microsoft windows. Administrators can use this to audit their network and detect weak passwords that could constitute security vulnerabilities. The tool can also be used as a password cracker, through a “Hide” features allows administrators to configure it so that it does not divulge passwords it has cracked but rather simply displays auditing information such as length. It works via dictionary attack. The current version is called LC4.

1.3.2. John the Ripper
This is another type of password cracking tool available for Linux /Unix open ums and Microsoft Windows. It also uses Dictionary attack, it has numerous rules for permitting dictionary entries to guess passwords that might be thought difficult to attack. This is intended to produce for detecting weak Unix passwords. The Architecture of this tool is extensible , allowing custom cracking modes to be defined using C code.

1.3.3. Ophcrack
Open source program used to crack windows LMhashes( As described above) using rainbow tables. (They are large pre-computed files). It can crack 99.9% of alphanumeric passwords of up to 4 character length. The rainbow tables reduces the time needed to crack password.

1.3.4. Rainbow crack
It also uses rainbow tables to crack passwords. It reduce length of time needed to crack passwords.


Many people use the password cracking tools for harmful purposes. So it is big need to know the preventive measures.

The most important measure is use very strong password. Don’t use any passwords related to our behavior, or use any names or places related to us. If we use such a password it will become very easy for a person who knows us closely to crack those passwords.

Ensure that attackers cannot get access to even encrypted passwords. It is accomplished by storing the password some other place other than the default place, because in most systems all the passwords are stored in some particular system files.

Lock out an account that has been subjected to “too many” incorrect password guesses. In this method lockout the account if the user tries so many incorrect passwords.

Salting: In this method a random string called salt is suffixed or prefixed with the password before encrypting it. This is mainly use to nullify precomputation and memorization. Since salt is usually different for all users, the attacker can no longer construct the tables with a single encrypted version of each candidate password. Unix system usually use 12-bit salt.

Password shadowing: This another type of preventive measure used in Unix systems. This is done by hiding the location of the password. On Unix system systems user passwords together with user names and other information concerning user are stored in a word readable file called /etc/password. One of the main goals of attackers trying to compromise such systems is “grabbing” the password file and then trying to crack the passwords it contains. Password shadowing separates the sensitive information (such as passwords) in this file from its public information (such as user names) and stores the sensitive information in a different file called a shadow file. Permissions on this shadow file are then configured as root-readable, which means only root (super user) can access its contents, making it much more secure than the password file that anyone can access. The location of the shadow file varies with different platforms; for example, /etc/shadow on Linux and /etc/security/passwd on AIX.

Another name for password cracking, guessing the password for an application or system until the right one is found. Usually used in the context of legitimate activity.

Copyright © 2017 Hoozi Resources