Cracking Passwords

Complete Guide to Cracking Passwords in CEH System Hacking

Understanding Password Cracking in Certified Ethical Hacker (CEH) Exams

Password cracking is a critical component of the system hacking phase in ethical hacking. This guide will help you understand what password cracking is, why it's important, how it works, and how to answer exam questions on this topic effectively.

Why Password Cracking is Important

Password cracking is essential knowledge for ethical hackers because:

1. It reveals security vulnerabilities in authentication systems
2. It demonstrates the resilience of password policies
3. It allows penetration testers to gain authorized access during security assessments
4. It helps organizations understand their exposure to unauthorized access risks
5. It's a fundamental skill assessed in the CEH certification

What is Password Cracking?

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. In ethical hacking, it's a legitimate technique used with proper authorization to test security controls.

Password cracking is considered phase 3 of the five-phase hacking methodology, occurring after reconnaissance and scanning, and before maintaining access and covering tracks.

How Password Cracking Works

Common Password Cracking Techniques:

1. Dictionary Attack: Uses a list of common words and variations to guess passwords.

2. Brute Force Attack: Systematically tries all possible character combinations until finding the correct password.

3. Rainbow Table Attack: Uses precomputed tables of hash values to crack password hashes faster.

4. Hybrid Attack: Combines dictionary words with variations and special characters.

5. Rule-Based Attack: Applies transformation rules to dictionary words (e.g., replacing 'a' with '@').

6. Social Engineering: Obtains passwords through manipulation rather than technical means.

Common Password Cracking Tools:

• John the Ripper: Versatile password cracker supporting various hash types
• Hashcat: Advanced password recovery utility using GPU acceleration
• Ophcrack: Specializes in Windows password cracking using rainbow tables
• Hydra: Online password cracking tool for various protocols
• Cain & Abel: Windows-based password recovery tool with multiple features
• Medusa: Parallel login brute-forcer similar to Hydra

Password Hash Types:

• LM Hash: Older Windows hash, highly vulnerable
• NTLM/NTLMv2: Newer Windows authentication protocols
• MD5: Common but insecure hash algorithm
• SHA-1, SHA-256, SHA-512: Increasingly secure hash algorithms
• bcrypt, PBKDF2, Argon2: Modern algorithms with salting and key stretching

Countermeasures Against Password Cracking:

• Strong password policies (complexity, length, expiration)
• Multi-factor authentication (MFA)
• Account lockout policies
• Password salting and use of secure hashing algorithms
• Monitoring and alerting on failed login attempts

Exam Tips: Answering Questions on Password Cracking

1. Know the terminology: Understand terms like "hash," "salt," "rainbow table," and "dictionary attack."
2. Memorize tool capabilities: Know which tools are best for specific scenarios (e.g., Hashcat for GPU acceleration, Hydra for online attacks).

3. Understand attack complexity: Remember that brute force complexity increases exponentially with password length and character set size.

4. Learn time estimates: Be familiar with approximate time requirements for different attack methods against various hash types.

5. Identify hash types: Practice recognizing hash formats by appearance (length, character set, etc.).

6. Remember tool syntax: The exam may ask about command parameters for common tools.

7. Practice scenario-based thinking: For each question, identify the most efficient attack method based on available information.

8. Compare attack methods: When presented with multiple options, evaluate which would be most effective for the given scenario.

9. Focus on countermeasures: Questions often ask about the most effective ways to prevent password cracking.

10. Understand OS differences: Know how password storage differs between Windows, Linux, and other systems.

Sample Question Types:

• Tool identification: "Which tool is best for cracking Windows passwords using rainbow tables?"• Attack selection: "Which attack would be most effective against a known MD5 hash with no salt?"• Time estimation: "Approximately how long would a brute force attack take against an 8-character password?"• Countermeasure effectiveness: "Which approach would best protect against rainbow table attacks?"• Command syntax: "What Hashcat command would perform a dictionary attack against an NTLM hash?"
Remember that the CEH exam focuses on practical knowledge and real-world applications. Questions will often present scenarios where you need to identify the most appropriate password cracking approach or countermeasure.