How I became a password cracker

[*BlackFox]

Cracking passwords is officially a "script kiddie" activity now.

At the beginning of a sunny Monday morning earlier this month, I had never cracked a password. By the end of the day, I had cracked 8,000. Even though I knew password cracking was easy, I didn't know it was ridiculously easy—well, ridiculously easy once I overcame the urge to bash my laptop with a sledgehammer and finally figured out what I was doing.

My journey into the Dark-ish Side began during a chat with our security editor, Dan Goodin, who remarked in an offhand fashion that cracking passwords was approaching entry-level "script kiddie stuff." This got me thinking, because—though I understand password cracking conceptually—I can't hack my way out of the proverbial paper bag. I'm the very definition of a "script kiddie," someone who needs the simplified and automated tools created by others to mount attacks that he couldn't manage if left to his own devices. Sure, in a moment of poor decision-making in college, I once logged into port 25 of our school's unguarded e-mail server and faked a prank message to another student—but that was the extent of my black hat activities. If cracking passwords were truly a script kiddie activity, I was perfectly placed to test that assertion.

It sounded like an interesting challenge. Could I, using only free tools and the resources of the Internet, successfully:

Find a set of passwords to crack
Find a password cracker
Find a set of high-quality wordlists and
Get them all running on commodity laptop hardware in order to
Successfully crack at least one password
In less than a day of work?

Read More Here

[w00t]

Within the hour we will all be hacked?

[Aventus]

God damn Skiddies. Thats why you make your password with lots of different characters.

[_Dutchy_]

Password cracking is really easy, but can be easly avoided by not using words in your password
Random numbers and letters will force someone to brute force it wich would take allot longer then simply using a wordlist.

[w00t]

For a long time I used the word mijnwachtwoord for a password :') It means mypassword in dutch.

[LillDev!l]

For a long time I used the word mijnwachtwoord for a password :') It means mypassword in dutch.

A teacher of mine had 'qwerty' as his password. Nobody would ever be able to notice that when he types it, right ?...

[CrimsonNuker]

Password#

They'll never get me MWAHAH

[w00t]

For a long time I used the word mijnwachtwoord for a password :') It means mypassword in dutch.

A teacher of mine had 'qwerty' as his password. Nobody would ever be able to notice that when he types it, right ?...

Once at school I recorded my teacher (who was also a server admin) typing his username and password. Afterwards we played it in slomo and we knew his password. :')

[heroo]

Some retard once run a program on our highschool where he could see everything anyone typed. It wasn't really a hack, but rather a program that showed all the letters someone typed on a computer that was connected to our schoolnetwork. We obtained password of 6 of our teachers and of the director of our entire school community (our school had 4 different locations in 2 different towns). We logged on to their school e-mails and obtained 7 tests for 4 different courses. However, the real treasure turned out to be the school's director e-mail. The dude had an email from a medical clinic that made penis enlargements possible. First we thought it was spam, but then we discovered he had sent them multiple e-mails. He eventually enlarged his penis and ''it had helped him and his wife alot''. Also one time we got the list of all the teachers that would be fired next year. Funny thing is that the teachers themselfes didn't even know it themselfes. And it was fun to read all the different problems between teachers. We accessed is e-mail for 2 years and knew litereally everything that was going on in the school, it was fun. And the guy who run that program got expelled and we graduated with LOLZ!

[_Dutchy_]

Some retard once run a program on our highschool where he could see everything anyone typed. It wasn't really a hack, but rather a program that showed all the letters someone typed on a computer that was connected to our schoolnetwork. We obtained password of 6 of our teachers and of the director of our entire school community (our school had 4 different locations in 2 different towns). We logged on to their school e-mails and obtained 7 tests for 4 different courses. However, the real treasure turned out to be the school's director e-mail. The dude had an email from a medical clinic that made penis enlargements possible. First we thought it was spam, but then we discovered he had sent them multiple e-mails. He eventually enlarged his penis and ''it had helped him and his wife alot''. Also one time we got the list of all the teachers that would be fired next year. Funny thing is that the teachers themselfes didn't even know it themselfes. And it was fun to read all the different problems between teachers. We accessed is e-mail for 2 years and knew litereally everything that was going on in the school, it was fun. And the guy who run that program got expelled and we graduated with LOLZ!

We've got a awsome Security/Programing teacher. He was unhappy with our new school's roster so he encouraged us to hack it. With approvel of the director ofcourse. So far we've hacked it 3 times and got 3 days off because of it

[BuDo]

For a long time I used the word mijnwachtwoord for a password :') It means mypassword in dutch.

There are word list dictionaries for all sorts of different language...not just English...

[BuDo]

Some retard once run a program on our highschool where he could see everything anyone typed. It wasn't really a hack, but rather a program that showed all the letters someone typed on a computer that was connected to our schoolnetwork. We obtained password of 6 of our teachers and of the director of our entire school community (our school had 4 different locations in 2 different towns). We logged on to their school e-mails and obtained 7 tests for 4 different courses. However, the real treasure turned out to be the school's director e-mail. The dude had an email from a medical clinic that made penis enlargements possible. First we thought it was spam, but then we discovered he had sent them multiple e-mails. He eventually enlarged his penis and ''it had helped him and his wife alot''. Also one time we got the list of all the teachers that would be fired next year. Funny thing is that the teachers themselfes didn't even know it themselfes. And it was fun to read all the different problems between teachers. We accessed is e-mail for 2 years and knew litereally everything that was going on in the school, it was fun. And the guy who run that program got expelled and we graduated with LOLZ!

That's a great story indeed...

[*BlackFox]

OMFG such a story ^

[Toshiharu]

Find a set of high-quality wordlists and

That's why you do not use a word that exists by itself. Using a phrase/sentence is far harder to crack, but easier to remember than random passwords where they encourage you to use like %jK1&2js_9 assuming the system allows those characters.

[Fiction]

Some retard once run a program on our highschool where he could see everything anyone typed. It wasn't really a hack, but rather a program that showed all the letters someone typed on a computer that was connected to our schoolnetwork. We obtained password of 6 of our teachers and of the director of our entire school community (our school had 4 different locations in 2 different towns). We logged on to their school e-mails and obtained 7 tests for 4 different courses. However, the real treasure turned out to be the school's director e-mail. The dude had an email from a medical clinic that made penis enlargements possible. First we thought it was spam, but then we discovered he had sent them multiple e-mails. He eventually enlarged his penis and ''it had helped him and his wife alot''. Also one time we got the list of all the teachers that would be fired next year. Funny thing is that the teachers themselfes didn't even know it themselfes. And it was fun to read all the different problems between teachers. We accessed is e-mail for 2 years and knew litereally everything that was going on in the school, it was fun. And the guy who run that program got expelled and we graduated with LOLZ!

That's a keylogger, or a RAT. Either way, he could have had it self-destruct and nobody would have known anything about it, other than the other students that were in on it. I prefer to use this method because it doesn't matter how complex ones password is, if they aren't running a key scrambler/encryptor, it's as easy as reading a notepad with their information on it. Best part is, you can send them through img files and pretty much anything else, so great for getting someone to download through email. (Obviously you have to mask your email as one of their friends or family, so they'll trust it, but FB makes this way easier)

Anyways, I have a PDF that I can upload, and you guys should download and read all about this hacking stuff.

[Gaigemasta]

Password cracking was never really hard, just not practical until brute force methods came out. Even then they were really slow until OpenCL and Cuda support came about. Social engineering is the real problem. Once they get into the databases and php (for hash methods) you better be careful. Really as long as you don't md5 alone your fine. MD5+SHA1 is usually a sufficient cc details but I usually do md5 x100 sha1 x20 and some randomly added characters in between.

[Skyve]

I'm currently using some App (root needed) on Android (Nexus4 ) that let's me "hijack" anyone who's on the WiFi I'm currently on. Needless to say I troll everyone's Facebook in my 400 student bio lecture theatre. Not exactly password cracking but just to add to how easy it is to steal now.

P.S: I'm not a dick though, I've only used the app on a few occasions

[Gaigemasta]

you talking about faceniff?

[Skyve]

you talking about faceniff?

DroidSheep

[The Invisible]

Interesting, really interesting.

Don't know why, but i changed most of my passwords today while reading this to two passwords (instead of 5), guess that they are moderately tough and i don;t want ti forget them.