Say that ten times! Ouch – someone pass the chapstick!
I thought I’d devote some time to how people break into your systems. I’ll give you some information and methods that you can use yourself to test the security of your own systems and passwords.
One of the ways people break into systems is by obtaining people’s passwords. But what if they want to try and guess your password?
Turns out there are a lot of tools to help password crackers. One of those tools is called “John the Ripper”. It is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Other password crackers include:
1. Cain and Abel – password recovery tool for Windows
- http://www.oxid.it/cain.html
2. John the Ripper - multi-platform password hash cracker
- http://www.openwall.com/john/
3. THC Hydra - network authentication cracker which supports many different services
- http://freeworld.thc.org/thc-hydra/
4. Aircrack - WEP/WPA cracking tool
- http://www.aircrack-ng.org/doku.php
5. Ophcrack - Windows password cracker
- http://ophcrack.sourceforge.net/
6. Airsnort - 802.11 WEP Encryption Cracking Tool
- http://airsnort.shmoo.com/
7. SolarWinds - network discovery/monitoring/attack tools
- http://www.solarwinds.com/
8. Pwdump - window password recovery tool
- http://www.foofus.net/fizzgig/pwdump/
9. RainbowCrack - password hash cracker
- http://www.antsight.com/
10. Brutus - network authentication cracker
- http://www.hoobie.net/brutus/
11. Password Cracker 3.76 - restoring forgotten passwords
- http://www.download.com/Password-Cracker/3000-2092_4-10226556.html
More details about these and other password crackers can be found at: http://sectools.org/crackers.html
Most of these tools use a variety of methods to recover passwords such as: sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Remember that although these tools can be used as password crackers their intended use is for System Administrators to recover lost or forgotten passwords.
ref: http://www.theemailadmin.com/
No comments:
Post a Comment