Questions are bombarding to me in facebook, whatsapp and even through call. People are asking 'How hackers take our encrypted passwords which even the site owner can't do?' Here is the answer for you all.
When a website stores your login password for the site, it is run through a cryptographic hash function before it enters the database. Here starts another doubt 'So how are hackers getting these passwords?'
When a website is breached and has their database stolen, the password hashes will be in there. A hacker will analyze the hashes, and see which hash type they are, and then bruteforce them. Bruteforcing is when you systematically cycle through each letter in a letterset until it matches a password. A letter set can be all lower-case, symbols, or anything the hacker wants. So the hacker bruteforces until they find a hash that matches yours, resulting in "guessing" your password.
Lets run through what it takes to hack a password using the common MD5 hashing algorithm. I'm going to show you how to do this on Windows.
Lets make it simple and easy to understand with a simple example. Let's hash the word "csultimates" using Miracle Salad's MD5 hash generator. We get the following result: 72aca06f19d854e479611ee195057836
Bruteforce with Cain, it takes much time but MD5 hash to get "csultimates".
Hope I answered all your questions how to hackers. That doesn't mean hacker can easily bruteforce MD5 hash to get password. To bruteforce a simple word of length between 5-10 takes 15-16years of time, meanwhile you may have changed your password many time and the hash obtained by hacker would be waste. Video tutorial of the same will be uploaded soon, for more follow us Facebook.
When a website stores your login password for the site, it is run through a cryptographic hash function before it enters the database. Here starts another doubt 'So how are hackers getting these passwords?'
When a website is breached and has their database stolen, the password hashes will be in there. A hacker will analyze the hashes, and see which hash type they are, and then bruteforce them. Bruteforcing is when you systematically cycle through each letter in a letterset until it matches a password. A letter set can be all lower-case, symbols, or anything the hacker wants. So the hacker bruteforces until they find a hash that matches yours, resulting in "guessing" your password.
Lets run through what it takes to hack a password using the common MD5 hashing algorithm. I'm going to show you how to do this on Windows.
Step 1 Cracking MD5 on Windows
Everything needs some tool to achieve something. Here in Windows, we are using Cain & Abel.
Cain is part of the software suite, and is a AIO (All-In-One) Windows
hacking tool. We will be using its bruteforce function to crack MD5
hashes.
Bruteforce with Cain, it takes much time but MD5 hash to get "csultimates".
Hope I answered all your questions how to hackers. That doesn't mean hacker can easily bruteforce MD5 hash to get password. To bruteforce a simple word of length between 5-10 takes 15-16years of time, meanwhile you may have changed your password many time and the hash obtained by hacker would be waste. Video tutorial of the same will be uploaded soon, for more follow us Facebook.
nice post, and there are much more simple tools to crack hashes more faster using rainbow tables and other tricks.
ReplyDeleteNeverthless, Cain and Abel is a very powerful tool.. :)