This is How Hackers Crack Passwords!

In this video, we’ll see how hackers really crack passwords.

This video is edited with Filmora video editor, get it here : https://goo.gl/RtmNC5

DISCLAIMER : This video is intended only to educate people about how hackers crack passwords, and how important the strength of the password is, when coming to security.

If you are using a common password like test123456 which I used in the video, then the hacker will easily be able to know the plain text form of your password from the hash string. There is something known as Rainbow tables. These rainbow tables contain the password hashes of numerous commonly used passwords.

So the hacker will be to do a simple search with the password hash that he has, and if the password hash exists in the rainbow table, then that means the password is successfully cracked, and we have the password in a plain text. Remember that rainbow tables contain the password hashes of only the passwords which are commonly used.
As a reference, you can go to https://crackstation.net/

If the password is not a commonly used password, then there comes dictionary attack and brute force attack.

In dictionary attack, you have a wordlist. A wordlist is nothing but a huge text file with loads of passwords. In this attack, the hacker writes a code which compares the password hash to be cracked, with the password hash of each and every password that exists in the wordlist. Now, this attack can be target-specific as well. which means we can build a wordlist targeting an individual provided that we know some basic details about him/her.

In a brute force attack, each and every combination of letters ,symbols and numbers are converted into their hash forms, and are then compared with the hash to be cracked. This is a more expensive.

A new technique called salting is introduced by security analysts to give hackers a hard time in cracking passwords.

In this technique, a specific combination of characters are inserted at specific positions of the plain text password before hashing.
Every company has its own salting algorithm, and they don’t make their salting algorithm public

For example, kets say Facebook salting algorithm inserts the string f&2p at the beginning, after the third character, and at the end of the plain text password.
After salting the password, the salted password is then hashed by a hashing algorithm.

So when salting is used, rainbow tables are of no use even if the password to be cracked is a weak commonly used password. Because the hashe of the password without salting do not match the hash of the password which is salted

Also, brute force and dictionary attack are not effective to crack salted passwords unless the hacker already knows the salting algorithm employed by a company.

Visit my website : https://techraj156.com
Like my Facebook Page : https://fb.com/techraj156
Follow me on Instagram : https://instagram.com/teja.techraj
Follow on Twitter : https://twitter.com/techraj156
For written tutorials, visit my blog : http://blog.techraj156.com

SUBSCRIBE for more videos!
Thanks for watching!
Cheers!

STAI CERCANDO PRODOTTI PER L’HACKING, LA SICUREZZA INFORMATICA E IL PENETRATION TESTING? HAI BISOGNO DI BONIFICARE IL TUO SMARTPHONE, IL TUO PC O IL TUO SITO DA VIRUS E MALWARE? DEVI RINTRACCIARE UNA PERSONA O RECUPERARE DELLE INFORMAZIONI URGENTI? DEVI RIPRENDERE POSSESSO DI UN ACCOUNT, UNA MAIL O DI UNA PASSWORD CHE TI HANNO SOTTRATTO? VUOI ACQUISTARE DEVICE GIÀ CONFIGURATI PER SPERIMENTARE TUTTE LE TECNICHE DI HACKING IN MODO FACILE E VELOCE? HAI ESIGENZE PARTICOLARI IN AMBITO SOFTWARE O HARDWARE?POSSIAMO AIUTARTI  ! CLICCA SUBITO SUL BOTTONE ROSSO QUI SOTTO OPPURE CONTATTACI TRAMITE WHATSAPP O COMPILANDO E INVIANDO IL MODULO SOTTOSTANTE.

chevron_left
chevron_right

Disclaimer : Tutte le tecniche, i prodotti e i servizi presenti o descritti su questo sito si intendono a scopo puramente informativo, di studio o di aggiornamento professionale e per testare esclusivamente la sicurezza e la funzionalità della propria rete informatica o degli account di cui si è legittimi proprietari o per i quali si dispone l'autorizzazione ad attività di hardening o di penetration testing da parte dei legittimi titolari in accordo alle vigenti normative sull'accesso a sistemi informatici e telematici (cfr. art. 615 ter c.p. e successive modifiche). HackerSecret declina ogni responsabilità per ogni ulteriore utilizzo al di fuori di tale ambito che è di esclusiva resposabilità individuale ai sensi delle vigenti leggi e per eventuali danni o problematiche causate dall'utilizzo delle tecniche, dei prodotti o dei servizi presenti o descritti nel sito ai propri sistemi o apparati informatici o per la perdita di dati sensibili e non conseguente all'utilizzo di tali tecniche, prodotti o servizi.