Before I begin, I would like to seriously state to my readers that the knowledge in this article should be used only for the purpose of benefiting society and not for causing harm. This guide will help you to crack password using all different methods such as tools, Kali linux & your android phone!
The biggest truth of the world is that a single blunder of hatred can melt down years of friendship even amongst the greatest of people.
Moving on to important things – Today’s Article is about one of the most basic ways hackers tend to use for infringing upon our privacy, stealing our files and then disappearing in a flash – Password cracking.
Now for laymen like you and me, Cracking and Hacking sounds more of the same. But actually, they are not. Whether they are cousins, fraternal twins you can decide by reading further.
Hacking is use of unauthorised methods of stealing other people’s data either through use of methods like BOTNET, DDOS attack etc.
There are ‘n’ number of ways of hacking and stealing other people’s data whose link will be at the end of this article for your reference.
CRACKING on the other hand happens to be one of the methods of HACKING. There are specialised software (Eg: KEYGEN) which can help you come up with an equally compatible password to access any type of files – movies, Email files you name it.
A very interesting case from my own experience which you might be aware of. KEYGEN softwares are small but seriously useful tools helpful in case of gaining access to downloaded images of Game CDs available on ‘torrentz’ website.
All you need to do is just run it and it will generate a good enough code for accessing the game files.
Rampant CRACKING of Game CD software has forced companies to opt for digital membership number system for buyers.
Breaking such system is….well….not a cakewalk. Back in my days, every physical game CD used to come equipped with a 16 digit code for gaining access to files.
“To catch a thief, you need to think like a thief” – that’s why hacking techniques are also used by investigators in Police and Central Investigation Agencies through Ethical Hackers in search for clues and leads to criminals.
Such techniques played a huge role in solving the ENRON scandal.
PASSWORD CRACKING TECHNIQUES
There are ‘n’ number of methods developed in the recent past by hacking societies. One of the most basic and the most common is: BRUTE-FORCE ATTACK(BFA).
Simply explained, BFA is another name for trial-and-error method of guessing password of your victim’s computer and using it to hack into his system.
Let’s suppose in your daily life, if your sister is able to hack into your personal files using your password without you knowing it or having shared any password with her, then it can be considered as a BFA attack.
Only difference is in reality, BFA attacks involve use of softwares like KEYGEN (which is still a simpler example compared to its peers) to make infinite number of guesses in terms of codes and crack open your victim’s computer, safe whatever.Refer this link for demo: https://www.youtube.com/watch?v=c8ytZyvvgeg
Next is Dictionary Attack which happens to be the simplest and fastest password cracking attack (Elder brother of BFA you can say). To put it simply, it just runs through a dictionary of words trying each one of them to see if they work. Although such an approach would seem impractical to do manually, computers can do this very fast and run through millions of words in a few hours. This should usually be your first approach to attacking any password, and in some cases, it can prove successful in mere minutes.
Then there is Rainbow Table attack. Most modern systems now store passwords in a hash. This means that even if you can get to the area or file that stores the password, what you get is an encrypted password. One approach to cracking this encryption is to take dictionary file and hash each word and compare it to the hashed password. This is very time- and CPU-intensive. A faster approach is to take a table with all the words in the dictionary already hashed and compare the hash from the password file to your list of hashes. If there is a match, you now know the password.
HOW TO GUIDE
#1: HOW TO Crack Wifi Password Using Evil Twin Attack Using Wifislax
An evil twin is a fake Wi-Fi access seems to be legitimate, configured to capture credentials in Wireless communications. The evil twin method is the same as phishing. The Evil twin method creates a new phishingpagethat sends credentials over a local network.
This type of attack can be used to steal the passwords of unsuspecting users, either by controlling their connections or by phishing, which involves setting up a fraudulent website and attracting people there. -low. Often, users do not know that they were hacked well after the incident.
False access points are configured by configuring a wireless card to act as an access point (known as hostap). They are difficult to follow because they can be disabled instantly. the fake access point can receive the same SSID and BSSID a nearby Wi-Fi network. The Evil Twin can be configured to transmit Internet traffic to the legitimate access point connection while the victim is being monitored, or you can simply say that the system is temporarily unavailable after obtaining a username and password.
The bad double attack, also known as double point method access is one of the most famous and powerful attacks used by most hackers to hack wireless networks. In fact, this process is very difficult when you’re done directly, so here in this tutorial, I’m using a tool called linset, which has everything needed for the evil twin attack tools. Evil Twin attack requires the dhcp3 server and other tools during the installation causes many errors. Then using Evil Twin Attack using line to hack the wifi is the best option.
Requirements To Hack Wifi Password Without using Wordlist
2) WifiSlax (Operating System)
3) Linset (Mostly Inbuilt)
4) Pendriveor Flash Drive (2gb or higher)
5) Universal USB Installer
What is WifiSlax and Why WifiSlax?
Wifislax is one of the best Spanish Linux Operating systems. It is one of the most famous operating systems for wifi hacking, to be precise this Linux based operating system is for hacking wifi networks. WifiSlax has all inbuilt tools required to hack wifi, of course, linset as well. So for this tutorial, I am using WifiSlax.
How To Crack Password of Wifi Using Evil Twin Attack Using Linset
Step 1: Install WifiSlax in Flash Drive or Pendrive using universal USB installer
Step 2: Start WifiSlax
1) Click on “Change To English Menu”
2) Click on “Run with SMP Kernel”
3) Click on “WifiSlax with KDE Desktop”
4) That’s it WifiSlax will start now
Step 3: Go to WifiSlax à WPA à Linset (Evil Twin Attack)
Step 4: Linset will Start required Tolls
Step 5: Select Wlan0
Step 6: type “1” to select Wlan0
Step 7: Enter “1” to select “todos los canales” which means select all channels. We need to search all channels to get all the networks available near you. If you want to hack a particular network whose channel number you know already, select 2 and proceed.
Step 8: All the Available networks will be shown now, wait for 2-3 mins to complete the search and click “CTRL +C” To stop the search
Step 9: Select the network that you want to hack from the list shown as in the below picture
Step 10: Enter the number of the network that you want to hack, in my case, I am hacking my own network which is “Virus” and is located at number 5
Step 11: Now we need to select hostpad, so type “1”
Step 12: We need to enter the path of the handshake, there is no need to enter any address, by default it takes some root/micaprura.cap, so just Hit “Enter” without typing anything
Step 13: We are going to capture handshake using aircrack-ng, so enter “1”
Step 14: We need to deactivate the process after the handshake is created, so we need to select “realizardesaut. masiva al ap objetivo” that is “1”
Step 15: Now Handshake capturing process will start, and 2 windows will open. we need to wait until the handshake is created. You need to capture handshake compulsorily to proceed.
Step 16: After the Handshake is captured, close the de authentication box
Step 17: Select “Si” which means “Yes”. So, Enter “1”
Step 18: Select “Interface Web Nutra”. So, Enter “1”
Step 19: Select your Language, I am Selecting “English” as the content in my country is displayed in English. You can choose accordingly and enter the number
Step 20: Now the main process will start DHCP, fake DNS, AP, deauth all, and wifi info dialog boxes will open. You need to wait until the client is connected to our network.
Step 21: Check out for active clients. The victim cannot access their internet connection until we stop the process. DHCP and deauth all will stop them from receiving any packets which make them shift to another network i.e. our fake access point or fake network signal In this process, A DOS attack is launched and the victim loses their internet connection and the victim see’s it as “Limited Connection” When you are at this step, you can even eavesdrop on the victim. you can see all the websites they surf, each and every detail is displayed in FAKE DNS
Now I will show you what happens when the process is started Original network gets disconnected and our newly created fake network with the same name connects to victim’s network and a page pop’s up
This is the page that appears, page changes from language to language, as I selected English – content is displayed in English
Unless the victim enters the password, they can neither access the internet nor move away from the page.
After Victim enters the password, they can get access to their old network.
Step 22: After the victim enters the password it will be immediately shown in our window.
So, this is how we easily decrypt any type of wifi password using dual Evil attack or false access point method. As it works without a list of words and without reaver, this is one of the best methods available to hack wifi WPA / wap2 – enabled wps and even blocked networks.
How to protect yourself from Evil Twin Attack?
1) Do not connect to public networks, everyone can smell your data while in a public network. The Twin Throw attack will be done as a public network, so restrict as much as possible the connection to all open or public networks mainly if the wifi name is the same as your wifi name
2) When the Internet connection stops working suddenly, it can be under DOS attack using a double evil attack, just restart the router and the attacker must restart the attack and it takes time. Maybe they will leave or continue at another time
3) Run a VPN to ensure that all browsing and data transmission is performed through an encrypted tunnel that can not be easily spied.
4) Do not always trust the name of the network, make sure it is a legitimate and reliable network or not
#2: FACEBOOK HACK
Now that the hackers have managed to breach security of the world’s most secure organisation, the CIA (No points for guessing who it is), hacking into Facebook is a piece of cake for them.
Looking for a reliable tool to hack a Facebook password any time you need quick access to someone profile to check private text messages? iKeymonitor is the easiest way to get a Facebook account hacked. This app can provide a lot of powerful features.
By installing this advanced program on a target mobile phone, you will be able to monitor the internet activity of the hacked Facebook account, read messages, view media files, and follow lots of conversations on Facebook Messenger in real time. The spy app will work in the background of the target mobile device and the person whose mobile phone is being hacked will have no idea about this fact and won’t detect it.
Follow these steps to hack a Facebook account:
- Create iKeymonitor The process is easy & you won’t need more than a couple of minutes to perform this action using your computer. You will need to enter your username & password.
- Take the target phone, install iKeymonitor, & complete a setup process. You should use a compatible jailbroken iOS or rooted Android mobile device.
- The system will start working immediately. The app will immediately hack a Facebook account of your victim & capture all the information.
- Log in your iKeymonitor account using your own smart device and select Facebook from the list of the apps.
What is the best part of it? You will be able to monitor all sent & received messages and view all details on the victim’s page without a hacker on the daily basis. With Keylogger feature, you will be able to hack Facebook & other passwords.
Don’t have time to view all the conversations – download them to your computer or other device and have a look at them later. The application will record all calls made with Facebook Messenger app.
John the Ripper is probably the world’s best known password cracking tool. It is strictly command line and strictly for Linux. Its lack of a GUI makes a bit more challenging to use, but it is also why it is such a fast password cracker.
One of the beauties of this tool is its built in default password cracking strategy. First, attempts a dictionary attack and if that fails, it then attempts to use combined dictionary words, then tries a hybrid attack of dictionary words with special characters and numbers and only if all those fail will it resort to a brute force.
Ophcrack is a free rainbow table-based password cracking tool for Windows. It is among the most popular Windows password cracking tools (Cain and Abel is probably the most popular; see below), but can also be used on Linux and Mac systems.
It cracks LM and NTLM (Windows) hashes. For cracking Windows XP, Vista and Windows 7, you can download free rainbow tables. You can download Ophcrack on SourceForge, and you can get some free and premium rainbow tables for Ophcrack here.
LophtCrack is an alternative to Ophcrack, and attempts to crack Windows passwords from hashes in the SAM file or the Active Directory (AD). It also uses dictionary and brute force attacks for generating and guessing passwords.
LophtCrack was acquired by Symantec and they promptly discontinued it in 2006. Later, L0phtCrack developers re-acquired this excellent password cracking tool and re-released it in 2009. You can download the tool here.
Cain and Abel
They just might be the best known password cracking tool on the planet. Written strictly for Windows, it can crack numerous hash types, including NTLM, NTLMv2, MD5, wireless, Oracle, MySQL, SQL Server, SHA1, SHA2, Cisco, VoIP, and many others.
Cain and Abel can crack passwords using a dictionary attack, rainbow attack, and brute force. One of its better features is the ability to select the password length and character set when attempting a brute force attack. And besides being an excellent password cracking tool, it is also a great ARP Poisoning and MiTM tool.
It is probably the most widely used online hacking tool. It is capable of cracking web form authentication, and when used in conjunction with other tools such as Tamper Data, it can be a powerful and effective tool for cracking nearly every type of online password authentication mechanism.
PASSWORD SAFETY STRATEGY
Password security is considered as the most basic protection to be provided to systems. Following are tips from various experts combined with my own experience on how passwords should be maintained:
#1: Use a combination of upper case and lowercase letters.
#2: Keep changing passwords after a certain period (monthly, quarterly).
#3: Never share password with anyone.
#4: ignore spam mails in your mailbox. Shutdown your mail ID in case of too many spam mail.
#5: create password which no one can decipher from you.
Hacking is both a science and an art which will consistently be a challenge no matter how much technology develops. But you really can’t help it, can you?
Imagine yourself waking up in the morning, going to office when suddenly a thief kidnaps you, takes your fingerprints and uses them to gain access to your “secure” computer system.
Well, the above has less probability of happening unless things go wrong but the point is there are many ways to do a wrong thing and a right thing in this world.