Nowadays, passwords are the only form of security on most websites and computer systems. It has become one of the most common and easiest ways for a hacker to gain unauthorized access to your computer or network.

Password Cracking

Before we get into cracking passwords with programs, I will explain a couple old-fashioned ways to obtain someone’s password.

• Social Engineering – Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like:

Bob- “Hello Suzy. My name is Bob and I’m from the IT department. We are currently attempting to install a new security update on your computer, but we can’t seem to connect to the user database and extract your user information. Would you mind helping me out and letting me know your password before my boss starts breathing down my neck? It’s one of those days, ya’ know?”

Suzy would probably feel bad for Bob and let him know her password without any hesitation. BAM! She got social engineered. Now the hacker can do whatever he pleases with her account.

• Shoulder surfing – Shoulder surfing is exactly what it sounds like. The hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself.

• Guessing – If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this are: date of birth, phone number, favourite pet, and other simple things like these.

Now that we have the simple low-tech password cracking techniques out of the way, let’s explore some high-tech techniques. Some of the programs I will use in my examples may be blocked by your anti-virus programs when you attempt to run them. Make sure you disable your anti-virus program when you decide to download and explore them.

There are different ways a hacker can go about cracking a password. Below I will explain and give an example of each way.

Dictionary Attacks

A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In the following example, I will use Brutus, a very common password cracker, to show a dictionary attack against an ftp server. Brutus is a Windows only program, but at the end of this chapter I will list a couple more password crackers, some of which are made for Mac, Windows, and Linux.

Before I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix instead of. I set up an FTP server on my computer so I could demonstrate.