Password hacking may sound like an ominous thing to most people, who also believe that someone who may know how to do it can't possibly be up to any good. On the contrary, it can actually be most useful for you or potential clients. You wouldn't know when you would need to hack your own email account in case you forgot your password, or an important client needs your help to crack a program password.
- Dictionary attacks. Most programs used for password hacking have this basic function, to scan the password and eventually find if the password used can be found in any dictionary. It tries all the possible combinations that could be a password and that can be found in the dictionary, and such a program can be given additional information on word modifications like using zeros instead of ‘o' or one instead of ‘I' and so on and so forth. It will bombard the system with all these possibilities until the match is found. With all the words in the dictionary, it will most probably hit on that forgotten or easy to remember password. More often than not, you'd be surprised at how many people are actually not careful with their login passwords. An example of this is John the Ripper. It uses dictionary attacks as an initial method to get the password, but it can also have a brute force attack mode.
- Brute force attacks. This type of password hacking will try all means and possibilities to try to hack into the system. Since it is not as focused as dictionary attacks, it is very time consuming and is not used unless dictionary types of attack cannot find it, or if it is a must to get that password, like if it is an admin account on the Internet or in Windows. A popular hack tool for this type of attack is Rainbowcrack. It is a modification of the original brute force type, as it has what are called rainbow tables that give options for specific limits in searching for the password.
- Combination. Most password hacking software actually uses a combination of dictionary attack and brute force attack. There is also what is known as cryptanalysis where they go through the hash and decrypt the information to see the password. In big companies that need high security for their files, the keeper must be aware of all the tools of the trade hackers may use to get into the system. Examples of these are Cain and Abel, LC5, Rixler Software, and Brutus. You can identify these attempts by monitoring your system logs carefully to see the attempts to access.
Password hacking is still a skill that not everyone can do. But this kind of knowledge can help your system security on a personal level, and in your company. As it is most probably needed for protection of the administrator, you must be able to identify the need to retrieve or reset the passwords that have been set in case they get lost. Whichever the need, know very well what your tools can do.