Passwords are by far the most common type of user authentication.

 

they are popular because the theory makes perfect sense to individuals and is reasonably simple to implement for developers.

 

on the other hand poorly constructed passwords can pose security flaws.

 

A well-designed password-based authentication process does not save the user's actual password.

 

This would make it far too simple for a hacker or a malevolent insider to access all of the system's user accounts.

 

We will learn how to crack passwords and simultaneously try to make your passwords as brute force resistant as possible.

 

1 – What is password tracking?

 

2 – Techniques of password cracking

 

3 – Password creaking tools

 

4 – Protection against hackers

 

1 – What is Password Tracking?

 

 

password cracking is the process of identifying an unknown password to a computer or network resource using a program code.

 

It can also assist a threat actor in gaining illegal access to resources.

 

malicious actors can engage in various criminal activities with the information obtained through password tracking.

 

The procedure might entail comparing a set of words to guest credentials or using an algorithm to guess the password repeatedly,

 

Password tracking can be done for several reasons,

 

But the most malicious reason is in order to gain unauthorized access to a computer without the owner's awareness this results in cyber crime,

 

Similar as stealing paswards for the purpose of penetrating banking information,

othernon-malicious reasons for word cracking do when someone has lost or forgotten a password,

 

another example of non-malicious password cracking,

 

may take place if a system administrator is conducting tests on password strength as a form of security test,

 

this enables so that the hacker cannot easily access protected systems,

 

the best way that users can protect their passwords from cracking is to ensure that they choose strong passwords,

 

generally watchwords must contain a combination of mixed case arbitrary letters integers and symbols,

 

strong passwords should never be actual words in addition strong passwords are at least eight characters long in many password protected applications users are notified of the strength of the password they have chosen upon entering it,

 

the user can then modify it and strengthen the password based on the indications of its strength.

 

 

2 – Techniques of password cracking

 

Asking the customer for their password

is simple approach to hacking

 

1 – Phishing

 

A phishing email directs the unwary reader to a counterfeit login page linked with whatever service the hacker wants to access,

 

generally by demanding the user fix some critical security flaw or aid in a database reset,

 

that page then captures their password which the hacker can subsequently exploit for their own purpose.

 

2 – Social Engineering

 

Social engineering influences the victim to get personal information such as bank account numbers or passwords.

 

the strategy is popular among hackers because they realize that humans are the gateway to vital credentials and information,

 

through social engineering the employee tried and true tactics to exploit and influence age-old human tendencies.

 

rather than devising novel means to breed secure and advanced technologies.

 

it has been demonstrated that many firms either lack adequate security or are overly friendly and trustworthy even they should not be,

 

they allow granting access to critical facilities based on a uniform or a sob story,

 

3 – Dictionary Attack

 

A hacker searches a password dictionary for the correct password in the case of a dictionary attack,

 

password dictionaries cover many themes and of mixture of topics such as,

politics

movies and

music groups

 

user's failure to create a strong password is why this approach efficiently cracks passwords till today.

 

simply said this assault employs the same terms that many individuals use as passwords,

 

a hacker can compare the password hash obtained to hashes of the password dictionaries to find the correct plain text password.

 

4 – Rainbow Table

 

Now that the passwords have been hashed the hackers attempt to achieve authentication by breaking the password hash,

 

they accomplish this by applying a rainbow table which is a set of precomputed hashes of portable password combinations,

 

hackers can use the rainbow table to crack the hash resulting in guessing your password,

 

As a result it retrieves the password hash from the system and eliminates any need to break it,

 

Furthermore it does not necessitate the discovery of the password itself.

 

The breach is accomplished if the hash matches,

 

5 – Brute Force

 

In a brute force assault the attacker attempts multiple password combinations until the correct one is identified,

 

The attacker uses software to automate this process and run exhaustive password combination in a substantially shorter length of time.

 

With the growth of hardware and technology in recent years such programs have been invigorated.

 

It won't be quick if your password is more than a few characters lengthy but,

 

it will eventually reveal your password.

 

Brute force assaults can be sped up by throwing more processing resources at them.

 

 

3 – Password Creaking Tools

 

With so many different techniques coming together to correct passwords none of them are useful without the right tools,

 

there are a plethora of scripts and snippets of code that can retrieve passwords from either encrypted storage or from the hash digest.

 

let's go through some of these tools

 

Kane and Able

 

Kane and able is a password recovery tool for microsoft operating systems,

 

it allows easy recovery of various kinds of passwords by sniffing the network cracking encrypted passwords using dictionary brute force and crypt analysis attacks.

 

Recording vibe conversations,

 

Decoding scrambled passwords,

 

Recovering wireless network keys etc,

 

are some of the other features of k enable,

 

lot of new features like,

 

arp poison routing which enables sniffing on switched lands and man-in-the-middle attacks,

 

the sniffer in this version can also analyze encrypted protocols such as ssh1 and https,

 

while containing filters to capture credentials from a wide range of authentication mechanisms.

 

it also ships routing protocol authentication monitors and route extractors,

 

dictionary and brute force crackers are also present along with common hashing algorithms and several specific authentications password hash calculators and other features.

 

john the ripper

 

john the ripper is a password tracking application that was first released in 1996 for unix-based computers.

 

it was created to evaluate password strength brute force encrypted hash passwords and break passwords using dictionary attacks.

 

it can use dictionary attacks rainbow tables and other attacks depending on the target type.

 

rainbow crack

rainbow crack is a password tracking application that uses time memory trade-off algorithm to crack password hashes with rainbow tables.

 

rainbow tables make password cracking more easier and faster than traditional brute force attacks,

 

it is like a wordbook containing nearly every possible password and the pre-calculated hashes.

 

Treating this kind of dictionary takes much more time than cracking a single hash but after that you can use the same dictionary over and over again.

 

 

this procedure might take a long time however once the table is ready it can break passwords far quicker than brute force methods.

 

 

4 – Protection against hackers

 

with so many tools ready to nab our passwords there are certain set of rules users can follow to protect their credentials from being compromised.

 

let's cover some of these guidelines,

 

Longer passwords are required making the brute force mechanism tougher to implement.

 

Longer passwords and passphrases have been demonstrated to boost security significantly,

 

However it is still critical to avoid lengthier passwords that have previously been hacked or that feature often in cracking dictionaries.

 

This password policy encourages users to establish passwords that do not contain personal information,

 

As previously said most users create passwords utilizing personal information such as hobbies nicknames pet or family member names etc,

 

if a hacker has access to personal information about a specific user for,

 

example via social media they will test password combinations based on that knowledge.

 

password regulations should compel users to distinguish between security and convenience.

 

users should be prohibited from using the same password for all services,

 

password sharing between users including those who work in the same department or use the same equipment should be avoided,

 

A single breached password doesn't affect your other accounts with this policy.

 

some password regulations necessitate the creation of a pass phrase rather than a password.

 

while passphrases serve the same objective the length make them more difficult to break.

 

in addition to letters a good pass should include numbers and symbols.

 

passwords may be easier for users to remember than pass phrases,

 

however the latter is much more breach resistant

 

two-factor authentication or 2fa can help secure an online account or even a smartphone.

 

2fa does this by asking the user to provide two forms of information,

 

a password or a personal identification pin and a code texture to the user's,

 

smartphone or a fingerprint before accessing whatever is secured.

 

this helps discourage unauthorized entries to an account without the original owner's permission.

 

 

The top 5 tips you need to be learning to get into cybersecurity.

Still, there’s so important,

If you’re new to the field or looking for a career transition info out there that it’s hard to indeed get started.

You might hear people talk about an ABC haze of instruments to take, but I ’m.

Then to tell you

THEY ’RE NOT THAT IMPORTANT.

While there’s some value inquiring the method of studying for certs.

What IS IMPORTANT are your tips and EXPERIENCE.

Because in this field, what you can DO will make you so much more successful than what you KNOW.

Working specialized problems is THE way to earning the trust and 

confidence from people you work with.

Buckle up and let’s dive right in.

 

1- Structure and using virtual machines.

 

Don’t run down but EMBRACE it.

The command line interface, 

generally appertained to as a SHELL, 

is the simplest and the most effective way to interact with an operating system.

For illustration, if I ’m looking for an entry in this CSV train, Excel might indurate or crash.

Running a featherlight shell command gets me what I need in no time.

Why’s it called a shell?

The important corridor of an Zilches that actually makes it run called the KERNEL, 

because it functions at the center of the system.

The part that’s exposed to a stoner called the shell, 

since it wraps around the kernel.

It’s like a auto, 

where the steering wheel, pedals, 

and dashboards giving you control over the machine or 

transmission all live in the “ shell” of the auto.

The command line gives you the smallest position,

access to software functionality that comes with an operating system.

Many of the most useful tools don’t have a graphical interface to point and click.

Learning the command line expands your magazine and lets you get further done with lower.

It lets you be suitable to use scripting and,

Robotization to attack repetitious tasks that would else waste lots of time.

Automating your workflow by learning the command line makes, 

you a precious asset to the platoon.

I recommend starting out with Bash, or the “ Bourne- again Shell” 

since it comes dereliction with every Linux distribution.

MacOS used it in its Terminal app, but has agone changed to Zsh, or “ Z-Shell”, 

and has some nicer features.

Still, also Zsh is more like a Lexus, If Bash is like a Toyota.

Bash is so popular and effective that Microsoft actually released,

the Windows Subsystem for Linux, or “ WSL” and, 

lets you install several different Linux flavors to use Bash as a native app.

This is super accessible, 

since I can pierce utmost of my Linux tools without having to switch to a virtual machine.

Now understand that Powershell is the go-to native shell for Windows.

It’s different from how you would use the Linux command line, 

but gives you a ton of important Windows administration capacities.

Still, 

Learn Powershell as well, 

If you work in an terrain where Windows is the primary Zilches.

3 - System Administration.

 

All us with a computer or smartphone, 

from your grandma to IT wizard is a sysadmin at some position.

System administration involves the configuring and maintaining of computers, 

whether a particular device or hi-powered garçon.

When I was first using computers as a sprat, 

I loved to dive down into EVERY SINGLE SETTING available on the computer, 

To see what it did.

Reading primers, online attendants, and playing around drove this curiosity further.

By doing that, I came the family IT help office.

System administration is about knowing your platform, 

and colorful tools outside and out to be suitable to help others who don’t.

Whatever your skill, I challenge you to swindle around and learn by doing.

Cancel some lines, and try to recover them.

Download, open, and cover old contagions in a virtual machine with tools like, 

Windows Sysinternals to see what they do.

Try to prize lines and watchwords off a computer without knowing the login word.

Whatever it is, 

Push the limits of what you know by reading attendants out there and following on.

Exercise a little more each day and you ’ll position up in no time.

 

4 - Computer Networking. 

THIS is the heart and soul of it all, 

What I like to call the cyberspatial “ laws of drugs”.

It’s understanding how bias interact with each other and how data gets from point A to point B. 

A strong foundation in networking will cause you to a rockstar troubleshooter, 

whether you ’re red teaming, defending, or running day-to- day IT ops.

There’s two abstract models that govern computer networking TCP/ IP and OSI.

They group all your different networking and telecommunication protocols into “ layers”.

TCP/ IP aged and uses four layers network access, 

internet, 

transport, and 

operation layers.

OSI stands for the Open System Interconnection, 

which developed by the alliance for Standardization, 

or ISO.

These guys define everything from country canons to time and date formats.

OSI is newer and, 

uses seven layers physical, 

Datalink, 

Network, 

Transport, 

Session, 

Donation, 

Operation layers.

All these layers are a way to describe “ what’s passing where”.

So if you ’re entering a package from someone in a different country, 

It’s gonna get passed between envelopes, 

boxes, vehicles and Aeroplanes, 

each with their own addressing system and operating procedures.

When the post office tells you there’s an airline issue, 

you know where it's in the transportation system that’s delaying your delivery.

Likewise, 

the networking layers all have different functions, 

but as a whole work together to let you stream vids from a garçon in a rack to a device in your hands.

Knowing what’s passing at each subcaste lets you “ see the matrix” and 

be much more professed at your craft.

 

5 - Particular digital security.

 

This is an area I’ve been particularly passionate about because it affects our families, 

musketeers, and associations.

The cyber crime assiduity is roaring.

As technology becomes more integrated with our lives, 

from Internet-connected, 

the vulnerabilities and attack vectors are gonna increase further and further.

Still, 

there’s no better place to start than with yourself, 

If you want to go deep into cybersecurity.

From watchwords, encryption, to secure comms, 

stay over-to- date with the rearmost security news and stylish practices.
 

You might be the subject- matter expert in your office that others head to for advice.

And that advice might cover your company from getting frontal runner news.

But most resides it out yourself as well.

You wouldn’t believe the number of times, 

I’ve seen cyber intrusions appear from the security operations or IT department because, 

people didn’t understand or exercise introductory digital hygiene.