Jump to content

Passwords


hacker12345
 Share

Recommended Posts

sir please tel me,How the password crackers are working,,say i want to access a router and it asking for a password and username,how can i get the real password's hash code ,i know about brute force ,but i want to know how the password crackers get the hash code????

Link to comment
Share on other sites

They get it by taking a word list and using the same algorithm to create the hash, build a table of matching words and hashes, then look them up. Its not illegal to have knowledge, its illegal to break into someone else's equipment. If you want to break the law, that is on you. Have fun in jail if you get caught.

Link to comment
Share on other sites

Thank you sir,I'm not breaking any low just i need to know how are they working.and sir how they know what algorithms are used to convert password by router?

as i think when the password is entered by us,,router convert it to hash codes and match the two passwords is it correct?

Link to comment
Share on other sites

as i think when the password is entered by us,,router convert it to hash codes and match the two passwords is it correct?

Correct, when you enter the clear-text password in your router, it takes it and then uses a hash algorithm such as an MD5 for example, to generate a hash of your clear-text password and uses it to match against the hash already saved in the database. If they are a match, you are authenticated, if they don't then you will get an authentication error.

Link to comment
Share on other sites

Easiest way would probably be to call 911 and tell them your problem...

Seriously, do you really think that you'll get answers on how to do illegal stuff?

There's no need to be hostile here, he gave router authentication as an example. Just because someone says "Like if I did this", doesn't mean they are actually doing it. Wireless routers are usually the first entry point into hacking nowadays for most people, even if it is their personal router or one they set up on the side. I believe in the end he phrased is as, how are people going to get my hash and how are they going to use it to gain entry to my networks core, not "Hey guys how do I break into my neighbors router login page". I understand your concern with people doing illegal things, but in the end it is going to happen and that is a risk they agreed to take on their own terms, I believe the user agreement for this website even states that it and its affiliates are not responsible for what you do with the info you find here.

Either way, Infiltrator pretty much nailed it with his answer.

Link to comment
Share on other sites

Thank you sir..sir i think you all are know about kon-boot software i download and install it to my pen drive ,,first time computer boot from the pen drive it say "COULD NOT FOUND KERNEL IMAGE:MENU.C32" and then i download it from internet and copy it to pen drive and boot again, now it boot and boot and boot nothing happen ,it comes BOOTING-UP and restart again ...and again...what is the reason for this and what is the solution???

Link to comment
Share on other sites

Thank you sir..sir i think you all are know about kon-boot software i download and install it to my pen drive ,,first time computer boot from the pen drive it say "COULD NOT FOUND KERNEL IMAGE:MENU.C32" and then i download it from internet and copy it to pen drive and boot again, now it boot and boot and boot nothing happen ,it comes BOOTING-UP and restart again ...and again...what is the reason for this and what is the solution???

If you would like to get a password for a user on windows you can probably best use Ophcrack.

Ophcrack will actually crack the password hash, where kon-boot will just remove the password.

What exactly would you like to do?

Link to comment
Share on other sites

If you want to reset the password, I'd recommend NT Offline password, burn the ISO image to a CD and boot the computer off it.

Link to comment
Share on other sites

NT Offline password is a great tool indeed, I used it on Hiren's BootCD, maybe you can download and burn Hiren's BootCd, that way you've got NT Offline password live Infiltrator suggested and aslo a lot of different tools that will come in handy ;)

Link to comment
Share on other sites

How can the OP use chntpw or ophcrack or any of the aforemetioned tools to get the hash from a router?

I think it was in reference to a separate question in this same thread - http://forums.hak5.org/index.php?showtopic=26835&view=findpost&p=205112

Link to comment
Share on other sites

sir,,i generated my own word list for brute-force AET2 software ,,but it does not working properly,,i configure this for a lan network

there is error in some where ..sir can you help me?????? :P

it gives all the words in the list as password. :(

Edited by hacker12345
Link to comment
Share on other sites

Hmmmm...hydra...it's a mess ^m^

Yes it can be a mess, but its quite good from experience. It will also need a decent password list, to be successful in cracking the router's password.

Link to comment
Share on other sites

Sir ,,can you give me brief introduction how to use hydra? or a link of tutorial? i searched all over the internet but they are hard to understand! :unsure:

If you put a bit of effort, nothing it's hard.

Hydra for Linux:

http://www.securitytube.net/video/953

Hydra for Windows:

Edited by Infiltrator
Link to comment
Share on other sites

  • 3 months later...

If your trying to get into a router this will depend what type of router. Wireless router just crack the WPA2 its easier than trying to password guess the login.

Once in you can use meterpreter to remote keylog a host system as part of the backtrack metaploit package. Not including steps there all over the net sadly to say. Once you get remote keyboard logging going just be patient and what for the user name and loggin of the users Windows box then remote in to it enable telnet so you can upload a ghost keylogger which emails you a keylog daily of what they did. Sooner or later they will access the router, but at this point you probably have email bank and other site usernamesn and passwords.

No actual steps given just enough info to reseach on.

I generally dont rely on default brute force list, I would research teh person learn their habits in some cases dumpster dive for information.

All trash placed on the curb is public use, The police use it all the time to bypass getting a warrant.

Once you learn about your subject its easier to create a bruteforce list.

In my case my passwords are all alpha numeric alt+code 25 characters in length. Example: !GiL9Ω+n0@0bOmä4Æ Brute force would never get this. Or pass phrase : Normal view: "Hi there im a girl" h! 3hRe *m ä ♀ (now this is assuming the device can handle the password special characters.)

But I think you get the point.

Link to comment
Share on other sites

Bruteforcing is the surefire method.

Instead of CPU processed bruteforcing, we can process bruteforcing through the GPU in order to arrive at a rate of about 380M * 1.4M passwords per second, allowing us to guess a 7-character password in maybe 1-2 days. In this sense, the GPU works with a package called CUDA, available for downloading from nVidia. Certainly we would need to have the hashed versions of the passwords beforehand.

Search for GPU CUDA BRUTEFORCE PASSWORDS or similar

There are many paid and free projects that use bruteforcing processed on the GPU. I think this is what you wanted to know by your inquiry: "how the password crackers get the hash code".

Cryptohaze is one of the projects which function in this way.

https://www.cryptoha...multiforcer.php

Edited by h41duk
Link to comment
Share on other sites

Bruteforcing is the surefire method.

Instead of CPU processed bruteforcing, we can process bruteforcing through the GPU in order to arrive at a rate of about 380M * 1.4M passwords per second, allowing us to guess a 7-character password in maybe 1-2 days. In this sense, the GPU works with a package called CUDA, available for downloading from nVidia. Certainly we would need to have the hashed versions of the passwords beforehand.

Search for GPU CUDA BRUTEFORCE PASSWORDS or similar

There are many paid and free projects that use bruteforcing processed on the GPU. I think this is what you wanted to know by your inquiry: "how the password crackers get the hash code".

Cryptohaze is one of the projects which function in this way.

https://www.cryptoha...multiforcer.php

I personally like Cryptohaze a lot, but have found it to be slower than HashCat. CryptoHaze uses Nvidia, which is a lot slower than ATI in this respect, so I would recommend Hashcat instead. Hashcat also support distributed networking, which can push the performance envelop to the extreme.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...