Disclaimer
This article is solely for educational purposes. The techniques discussed herein should not be used for unlawful activities.
Understanding Password Cracking
Before we dive into building, it's essential to understand what password cracking entails.
Password cracking is the process of recovering passwords from data that has been stored or transmitted by computer systems.
This process often involves attempting to gain unauthorized access to password-protected accounts or resources.
It's important to note that password cracking should only be performed on systems you own or have explicit permission to test. Unauthorized password cracking is illegal and unethical.
Passwords are becoming easier to crack due to the advancing technology, and millions of password dumps in the dark web.
There are so many password cracking software on the internet, and we would look at some of them and build our own, but first, let's look at some of the top password crackers.
Hashcat: The Speed Demon
Hashcat is widely regarded as one of the fastest and most advanced password recovery tools. It supports over 300 hash types, making it incredibly versatile for various cracking scenarios.
Getting Started with Hashcat:
- Download Hashcat from the official website.
-
Install it on your system (available for Windows, Linux, and macOS) for Mac; you have to have
Homebrew
installed.Follow the steps here to download and install Homebrew, then run
brew install hashcat
. Prepare a wordlist or dictionary file containing potential passwords, find a 10 million password list here.
-
Obtain the hash you want to crack. Here is a complete article on how to generate a hash.
Here's how you can generate different types of hashes:
Open Terminal: You can find Terminal in Applications > Utilities, or use Spotlight (Cmd + Space) and type "Terminal".
Generate an MD5 hash
echo -n "yourpassword" | md5
Replace "yourpassword" with the actual password you want to hash.
Generate a SHA-1 hash
echo -n "yourpassword" | shasum -a 1
Generate a SHA-256 hash:
echo -n "yourpassword" | shasum -a 256
Generate a bcrypt hash: For bcrypt, you'll need to install a tool like htpasswd
which comes with Apache. If you don't have it, you can install it via Homebrew.
brew install httpd
Then generate a bcrypt hash:
htpasswd -bnBC 10 "" "yourpassword" | tr -d ':\n'
The '10' in this command is the cost factor - higher numbers make the hash more computationally expensive to generate (and crack).
Save your hash to a file: You can redirect the output to a file like this:
echo -n "yourpassword" | shasum -a 256 > hash.txt
This saves the SHA-256 hash of "yourpassword" to a file named hash.txt.
Remember to replace "yourpassword" with the actual password you want to hash in all these examples.
Next, open a terminal or command prompt and navigate to the Hashcat directory.
Run a command like this.
hashcat -m 0 -a 0 hash.txt wordlist.txt
Where -m 0
specifies the hash type (MD5 in this case), -a 0
indicates a dictionary attack, hash.txt
is your file containing the hash, and wordlist.txt
is your dictionary file.
Hashcat's power lies in its ability to utilize GPU acceleration, making it incredibly fast for brute-force and dictionary attacks.
John the Ripper: The Versatile Veteran
John the Ripper (JtR) has been around for decades and remains a favorite among security professionals due to its flexibility and support for numerous password hash types.
Getting Started with John the Ripper:
Download JtR from the official website. Please note that JtR is not a free application, so you will have to pay, but not to worry, we will be creating our own.
Extract the files and navigate to the
run
directory.Prepare your password hash file.
Run JtR with a command like:
./john --format=raw-md5 hash.txt
This command attempts to crack an MD5 hash stored in hash.txt
.
JtR is particularly useful for its ability to auto-detect hash types and its extensive customization options.
Hydra: The Online Password Cracker
While many tools focus on offline password cracking, Hydra specializes in online brute-force attacks against login pages and network services.
Getting Started with Hydra:
Install Hydra (available in most Linux repositories or from).
Prepare a list of usernames and passwords.
Identify the target service (e.g., SSH, FTP, HTTP).
-
Run a command like:
hydra -l username -P passwordlist.txt ftp://192.168.1.1
This attempts to crack an FTP login using a single username and a list of passwords.
Hydra's strength lies in its support for numerous protocols and its ability to perform distributed attacks.
Aircrack-ng: The Wi-Fi Cracker
Aircrack-ng is a complete suite of tools for auditing wireless networks. It's particularly useful for cracking WEP and WPA-PSK keys.
Getting Started with Aircrack-ng:
Install Aircrack-ng (available for Linux, Windows, and macOS).
Put your wireless adapter into monitor mode:
airmon-ng start wlan0Capture packets:
airodump-ng wlan0monOnce you've captured enough packets, attempt to crack the key:
aircrack-ng -w wordlist.txt capture-file.cap
Aircrack-ng is essential for anyone interested in wireless network security and penetration testing.
Advanced Techniques and Considerations
While the tools mentioned above are powerful on their own, advanced users often combine multiple techniques and tools for more effective password cracking.
Some more advance techniques that can be implemented include.
- Rainbow Tables
Rainbow tables are precomputed tables for reversing cryptographic hash functions, used for cracking password hashes. Tools like RainbowCrack utilize these tables for faster cracking, though their effectiveness is limited against modern salted hashes.
- GPU Acceleration
Many modern password cracking tools support GPU acceleration, which can dramatically increase cracking speed. This is particularly useful for brute-force attacks against complex passwords.
- Distributed Cracking
For tackling particularly challenging hashes, some crackers set up distributed systems where multiple machines work together. This approach can significantly reduce the time needed to crack complex passwords.
Building a Password Cracker in Python
We will create a basic brute-force password-cracking prototype.
Wordlist
- Text file containing possible passwords
- We brute-force crack passwords by hashing entries from this list
We use a small list that can crack only weak passwords for learning purposes.
Tools Used
- hashlib - Generate SHA1 password hashes
- urllib - Read wordlist file over the internet
import hashlib
from urllib.request import urlopen
def readwordlist(url):
try:
wordlistfile = urlopen(url).read()
except Exception as e:
print("Hey there was some error while reading the wordlist, error:", e)
exit()
return wordlistfile
def hash(wordlistpassword):
result = hashlib.sha1(wordlistpassword.encode())
return result.hexdigest()
def bruteforce(guesspasswordlist, actual_password_hash):
for guess_password in guesspasswordlist:
if hash(guess_password) == actual_password_hash:
print("Hey! your password is:", guess_password,
"\n please change this, it was really easy to guess it (:")
# If the password is found then it will terminate the script here
exit()
############# append the below code ################
url = 'https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/master/Real-Passwords/Top12Thousand-probable-v2.txt'
print("Enter your actual passoword and let's guess how easy it is to guess it!\n ex: trying entering 'henry' as a password without the '' ")
actual_password = input()
actual_password_hash = hash(actual_password)
wordlist = readwordlist(url).decode('UTF-8')
guesspasswordlist = wordlist.split('\n')
# Running the Brute Force attack
bruteforce(guesspasswordlist, actual_password_hash)
# It would be executed if your password was not there in the wordlist
print("Hey! I couldn't guess this password, it was not in my wordlist, this is good news! you win (: \n\n ps: You can always import a new wordlist and check whether ur password still passes this bruteforce attack")
The full code for this prototype is available on GitHub.
Running the Cracker
To run the script:
$ python3 password_cracker.py
It will start testing passwords from the wordlist against the hash using brute force. Once cracked, it will print the matching cleartext password.
The more advanced your password is, the less likely our cracker will be able to crack it; let's test it out.
We typed in my name as the password, and our cracker could crack it in less than a second.
Next, we will tweak our password using special characters and numeric values. it could not brute force the password; voila, our password cracker is ready.
Password crackers rely on how powerful your wordlist is; the more updated and powerful your wordlist is, the better your cracker becomes.
Creating an advanced payload takes skills. In this article, we explained how to make a keylogger undetectable. Find out more in How to Make a Keylogger Payload Undectatable.
We intentionally use a wordlist that can crack only weak passwords for learning purposes.
In real attacks, hackers use huge leaked password databases containing millions of entries to launch targeted and efficient dictionary-based cracking attempts.
Analysis
By running this basic prototype, we can understand:
- Wordlists are at the heart of most password-cracking attempts
- Brute-force guarantee works but is very slow in practice
- Strong hashing and salting by developers can thwart most attacks
- Users practicing good password hygiene is critical
Building and running such prototypes provides valuable insight to strengthen our systems.
Protecting Against Password Cracking
Understanding password-cracking techniques is also valuable for defending against them.
Here are some best practices for creating strong, crack-resistant passwords:
- Use long passwords (16+ characters)
- Incorporate a mix of uppercase, lowercase, numbers, and symbols
- Avoid common words or phrases
- Use unique passwords for each account
- Consider using a password manager to generate and store complex passwords
Additionally, system administrators should implement measures like:
- Salting and using strong hash functions (e.g., bcrypt, Argon2)
- Implementing multi-factor authentication
- Using account lockout policies
- Regularly updating and patching systems Conclusion
Password cracking software plays a crucial role in both offensive and defensive cybersecurity strategies. By understanding these tools and techniques, security professionals can better protect systems and data from unauthorized access.
In this detailed walkthrough, we:
- Learned about common password-cracking techniques
- Understood how cryptographic hashes and salting secure passwords
- Built a basic brute-force password cracker prototype in Python
- Analyzed how to harden systems and user habits against such attacks
You now know to start securing systems against password-cracking attempts.
Let me know if you have any other questions.
If you like my work and want to help me continue dropping content like this, buy me a cup of coffee.
If you find this post exciting, find more exciting posts on Learnhub Blog; we write everything tech from Cloud computing to Frontend Dev, Cybersecurity, AI, and Blockchain.
Top comments (0)