Password Hacking
Paasword
number symbol or sabdo ka vo samuh hota hai jo ye tay kar hai kisi system ko
access karne vala user vahi user hai jo vo system ka use karne vala orijnal
user hai.hamae paasword crack kiye jaarte hai or system ko yahi lagata hai ki
jiske paasword hai vahi system ka use karne vaalaa original user hai.To hum
kais eek paasword ka criteria choose kare jisse hamara paasword hack ya crack
nah o sakte.
Esa paasword
na rakhe jise hacker ya cracker easily crack kar sakte kyoki hackers or cracker
sabse pahle aap ki social profile ko check karte hai.fir jo details aapne use
ki hoti hai usi se aapka paasword guess karte hai.jaise ki aapka
naam,sername,mobile number,pincode,birthdate,pet name ya faverate actor ka
naam.90% user ke paasword mobile number hote hai.is liye aap apni saari
jaankari social media pe naa dale.is tarah ke attack ko guessing attack kahte
hai.
Eise sabdo
ko na chune jo dirctonary me ho kyo ki ye sabd easily crack kiya jata hai.is
tarah ke attack ko dirctonary attack kahte hai.
Ese sabdo ko
naa chune jo comen use hote hai.
Aapka paasword
hamesa 7 din ya 15 din me change hona chhahiye.or aapka pahle paasword se metch
nahi hona chaaiye.
Aap ka
paasword har site kea lag hona chaahiye.jaise ki gmail me alag facebook me alag
kyo ki agar aap ne sab site me ek hi paasword use kiya ho or agar aap ka
paasword leak ho gaya to aap ke saare account hack ho jaayege.
Jab bhi
paasword banaaye paasword me mix up takhe jaise ki number special symbol.esa
paasword banaye jo aap ke liye yaad rakhna easy or attacker ke liye crak karna
muskil ho.
Jaise ki
agar aap ko easy to remember paasword rakhna ho to
YO YO
HONEYSING MERA FAVERATE SINGER HAI USKA BIRTHDATE MUJE NAHI PATA.
Ab aap is
vaaky ka paasword banate hai.iska paasword hoga
YYHsMFsHUBMNP
Is paasword
me hamne har sabdo ka first lettor rakha hai or S ko chota kar ke rakha hai.
Ek or
example dekhte hai.
Mai Ahmedabad
se hu mera pincode hai 380004.
Iska paasword
is tarah se hoga
Mashmph#()))$
Isme maine
first letter rakha hai or number ko shift dabake press kiya hai.is tarah aap
alag alag paasword bana sakte hai.
Cracking tacknick
is liye banai gayi hai kyo ki agar koi user paasword bhul jaaye ko vo apna
account on kar sake.
Is liye ye
tecnic hai
1. Dirctonary attack
2. Rule based attack
3. Bruteforce attack
4. Hybrid hashes
5. Symbol attack
OR kuch
paaswor ke 4 attack hote hai.
Passive Online Attack
Active Online Attack
Ofline
Attack
Non
Elektronic Attack
Cracking tecknik
ek leagal user ke liye bani thi or paasword attack hackers ke liye invet ki gai
hai.vo in char tariko ka use karte hai.
Active hacking
vo hote hai jisme hum direct system ko acess kar sakte hai.
Active
hacking paasword hacking ki sabse simple or easy method hoti hai.isme hacker
aap ka paasword guess karte hai.ye sab jaankari vo social networking sites or
jobs site se lete hai.jab bhi aap koi bhi job site me apne bio data daalte hai
to hacker usi ka use karte hai.hacker vo saari details ko match karne ke baad
ek guessing paasword create kiya jata hai.fir uska paasword banakar use karte
hai.
Passive
attack vo hote hai jab hum bichh me se jaankaari chura rahe hote hai.
Passive
online attack vo hota hai jab attacker aap ke system me koi change nahi karta
hai.jab aap ke system me koi data flow ho rahi hoti hai nus usiko moniter or
record kar leta hai
Ofline
attack me hacker ofline paasword crack kar raha hota hai.
Ofline attack
me hacker system pe koi attack nahi karta hai
Non eleckronic
attack me attacker koi software ka use nshi karta.hacker ke paas pahle hi aapke
paasword ki hash ya encrypted file hoti hai.un encrypted file ko human readable
form me convert karta hai.
NON Electronic
attack me kisi bhi tacknical knowledge ki jarurat nahi hoti hai.vo koi bhi
software kay a tools ka use karake paasword crack karte hai.software ko victim
ke computer me install kar dete hai or jab vo paasword daal raha hota hai to vo
us paasword ko hacker ke paas bhej deta hai.
PASSIVE Ko
Teen Hisso me divide karte hai.
1st
wire sniffing
2nd
MITM
3rd Replay
wire sniffing
me packet sniffing ke jo koi tools hote hai jaise ki wire shark and cain and
albel ko pertual length pe chalaya jata hai jab us length par koi user paasword
daal raha hota hai to ye software use catch kar lete hai.is se aap ko plane
text ya encrypted formet mai aap ko paasword mil jayega.
MITM yaani
ki man in the middle attack me jab koi do party yaani ki koi user server mai
paasword daal raha hota hai tab hacker bich se hi paasword chura leta hai or
same chij foolw hoti hai replay attack me
Aap dekh
sakte hai ki user ko direct server se connect hona hota hai par vo server se
connect na hoker hacker se connect hota hai par use lagta hai ki vo server se
connect hai or server ko lagta hai ki vo user se connect hai.isi bich se aapki
saari jaankaari hack kar li jati hai.
Replay attack
me hacker aapki jaankari ka bar bar use kar sakta hai.isme method same hoti
hai.
Active Ko
hum char hisso me divide karte hai
1st Hash injection
2nd
Keyloggar\sprayware\Troojan
3rd
Paasword Guessing
4th
phising
1st Hash injection – jab aap ka paasword aapke
system ya server me save hota hai to vo hash form mesave hote hai.
What is hash
Hash vo
value hoti hai jab aap koi paasword ko store kar rahe hote hai tab aap ke
paasword ko encrypted form me convert kar deta hai jo koi human samaj nahi
sakta hai.
Jaise ki
agar maine paasword shailandra dala hai to vo kucj is tarike se save hota hai
Dwfegregidjfiewjgorehrehr4e65re8496r7ytertgert7e67t6er7e
Ye aap ko
dikh to gaya par aap ise samaj nahi sakte
Internet mai
5 tariko se aap ke paasword ko save kiya jata hai
1st
plane text
Isme Agar aap
ne paasword insert kiya shailendra ko us website ki database me paasword save
hua usi tarah plane text me.yaani ki human readable form me.isme sanse badi
hani ye hai ki agar koi attacker us website ko hack kar leta hai to use sab
paasword dikh jaayege kyoki vo human readable form me hota hai.isliye jyadatar
website is tarike se paasword save nahi karti hai.
2nd
basic paasword enycrypted
Isme paasword
ko encrypted form me save kiya jata hai jo hamne pahle dekha tha.
3rd
Hashed Form
Hashed form
bhi ek tarike ka encryption hi hota hai par agar aap ke paas hash value hai to
sahi par use human redable form me lane ke liye koi algoreadhem nahi hai.means
hashed value ko hashed value se hi match karna padega.iske liye agar aap
raimbow table ka use karte hai toraimbow table ko yehi hash value chaahiye hoti
hai paasword ko crack karne ke liye agar aap ke paas puri hash value nahi hai
to raimbow table ise crack nahi pata hai.
4th
hasses form with salt
Isme jo bhi
paasword dete hai usme salt add kiya jata hai encrypted form ke pahle hi jaise ki
agar maine shailendra paasword daala to usko shailendra12dfg1 is tarah se lane ke
baad encrypted kiya jata hai isme piche ke sabd alag alag hote hai har bar.kyoki
raimbow table ise crack nahi kar paaye.raimbow table sirf hash value koi hi
crack kar pata hai par vo salt value ke saath crack nahi kar sakta hai.
5th
slow hasses
Ye paasword
store karne ka sabse accha tarika hi kyo
ki agar koi hacker ise crack karne ke liye blueforce attack karte hai tab hash
function jaise ki MD5,SH1,SH2 bahut hi jaldi currpt ho jate hai.par slow
metthosd mai is liye bahut hi jyada samay lagta hai
2nd
Keyloggar\sprayware\Troojan
Ke use se
paasword ko crack kiya jata hai inhi tariko se social engineering me paasword
ko crack kiya jata hai.
3rd
Paasword Guessing attack me aapka paasword social site ka use karke guess karta
hai.
4th
phising mai same site jaisa duplicate page banaya jata hai or use page me jav
aap paasword naakhte ho to vo paasword hacker ke paas pahuch jata hai.
Offline attack
ke 3 type hote hai.
Ofline attack
ka use hacker tab karta hai jab uske paas aapke paasword ka hash ya encrypte
format hota hai.
Agar aap ke
system paasword kaise save karna hai to ye aap ke upper aadharit hai aap ko
plane text me save karna hai ya dusre form me save karna hai isliye sabse
pahle.
Start menu ->
Search -> secpol.msc -> Account policies -> paasword policies me
jaaye.
Yaha jake
aap dekh sakte hai ki store paasword using… aap ise aneble kar sakte hai.or
bahut saare option ko enable kar akte hai.
Jab aap
gmail ya facebook par paasword banate hai to 8 carecter maagte hai.kyoki agar
jab blueforce attack ho raha ho tab aap paasword crack karne ke liye jyada
samay lagge.aisa ho aap apne system mai kar sakte hai.
1st precomuter
hases
2nd Distributed
Network
3rd
Rainbow Table
Ek attaker
jab rainbow table ki baat karta hai to vo jitne possible combination hote hai
kisi paasword ke vo bana liye jaae hai.fir unke hashes applay kiya jata hai.jo
hamare ya victim ke computer me save kiya jata hai us paasword ke hash ko
rainbow table mai match kiya jata hai agar ye match ho jaati hai to paasword
crack ho jata hai.
NON Electronic
attack ke 3 type hote hai.
1st Sorder
suffering
Jab koi aap
ke piche kahde hoker paasword dekh kar hack kare to use sorder suffering kahte
hai.
2nd
Social Engeenering
3rd
Dumpster driving
Paasword Cracking Tools
1. BOB-THE-BUTCHER
2. Bruts
3. Cain and able
4. John the ripper
5. Lophtcrack
6. Ophcrack
7. Rainbow crack
8. Paasware kit EnterPrise
EmoticonEmoticon