How to crack a computer password

Password Cracking Goals, Techniques and Relative Merits and Cracking Times of Different Techniques

Password crackers are primarily after (root or administrative account passwords) when they crack passwords. Their tools are password cracking programs that use password dictionaries. The feature lists of common password cracking programs or tools are discussed. Also listed are the suggested standard dictionary transformations for Crack, the best known tool for cracking passwords. How long it takes to crack passwords and the primary factors affecting password cracking times are covered. Why password dictionary attacks dramatically lower brute force password cracking times is discussed.

  • Goals of the Cracker
  • Password Cracking Programs’ Feature List
  • Password Cracking Program Examples
  • How Long Does It Take to Crack Passwords?
  • Table of Times to Crack Passwords
  • Brute Force, Dictionary Comparison

Goals of the Cracker

The goal of the cracker is to obtain the root account password on UNIX systems and administrator accounts on Windows NT and 2000 systems. With some UNIX security setups, the passwords for users in the wheel, security, or root group may have significant value. Since the cracker presumably already has some degree of access to the target machine (cracking can only be performed when the attacker already possess the password hashes), it’s not likely that unprivileged accounts will be of much value to the intruder but the techniques for obtaining passwords are the same regardless of the target account.

The intruder is likely to need only one password for an account with suitable privileges. Additional accounts may be of some value in preserving access but not likely to make much practical difference in obtaining access to the system at the desired privilege level.

The cracking times table shows that with the computing power currently available and for the next several years, eight character passwords (the traditional length limit on UNIX systems) can be chosen that will not be cracked by brute force techniques but still most passwords are poorly chosen and fit some predictable characteristics.

Since brute force is not likely to identify any but the weakest passwords, the intruder’s best chance is to identify techniques that are computationally efficient compared to brute force techniques and have a reasonable chance of cracking some of the passwords in the collection of accounts and password hashes in their possession. By applying what is known about how users select passwords, an intruder can tremendously increase the odds in their favor of finding passwords. With the right techniques, some poor passwords can be cracked in under a second.
Cracking Tool’s Feature List

The fundamental flaw in the password system is the tendency of most people to select names and words that can be found in dictionaries as their passwords. Often such names or words are modified by applying predictable changes to them. This may be in response to system requirements to vary the kinds of characters included in a password.

The alternative to brute force is a dictionary attack. At its simplest this means treating each word in a dictionary (electronic list) as a password and encrypting it and then comparing the resulting hashes to the hashes in the password file being cracked. If the hashes match, the password is known. It’s imperative to understand that this is only the most rudimentary form of dictionary attack and that the real power of dictionary attacks come from understanding the ways in which most people vary names and dictionary words when attempting to create a password. By applying all the common transformations to every word in the electronic list and encrypting each result the number tested passwords multiplies rapidly. Every “clever” way of manipulating words to hide their origin is know to the cracking tools.

To understand what make weak and strong passwords, it’s necessary to understand what cracking tools can and can’t do. L0phtCrack is the leading Windows cracking tool. The easy to use L0phtCrack with its GUI interface is rather limited compared to Crack 5 and John the Ripper in its dictionary transformation capabilities. L0phtCrack can append a user specified number of characters to the end of the dictionary words. It works through the entire character set and appends every combination to each dictionary word; this includes all the letter sequences as well as digits and symbols. L0phtCrack takes less than a second to process the default dictionary of nearly 30,000 words and about a minute and a half to process two additional characters in conjunction with the 30,000 word list (on a PIII 500).

Both Crack 5 and John the Ripper allow the user to define rule sets that control the transformations that are applied to the input dictionaries (word lists). Below are most of the transformations that John the Ripper can perform. Crack has the same capabilities.

* Append or prepend defined characters to a word.
* Reverse a word.
* Duplicate a word.
* Mirror a word, i.e. append the reversed word.
* Rotate a word either left or right, i.e. move the first letter to the end or the last letter to the front.
* Upper case a word.
* Lower case a word.
* Make only the first letter a capital.
* Male all but the first letter a capital.
* Toggle the case of all characters.
* Toggle the case of a character at a set position.
* Minumum and maximum word lengths can be set or long words can be truncated at a set length.
* Suffixes (s, ed, ing) may be added to words.
* First, last or any specific character may be deleted.
* Characters can be replaced at a set location.
* Characters can be inserted at a set location.
* “Shift” the case, i.e. substitute the other character on the same key, e.g. ‘a’ and ‘A’ or ‘5’ and ‘%’.
* Shift the characters left or right by keyboard position (so an ‘s’ becomes an ‘a’ or ‘d’).
* Replace all of one character with another.
* Replace all characters of a class (for example vowels, letters, non letters, digits) with a specific character.
* Remove all occurrences of any character from a word.
* Remove all characters of a class from a word.
* Reject a word if it contains or doesn’t contain a character, or characters from a class.
* Reject a word if the first, last or set character is or is not a specific character or from a class.
* Reject a word unless it contains at least so many of a character or characters from a class.

In the forgoing a class might be any of the following: a letter, a vowel, a consonant, an upper case letter, a lower case letter, a digit, a symbol or punctuation, a non letter (digits, symbols and punctuation), alphanumeric or one of several others. The length limits and reject options don’t increase the possibilities but allow the cracker to skip “words” where a particular type of transformation may not make much sense; this should improve the cracking tool efficiency.
Cracking Tool Examples

The words that the transformations operate on can be either from a standard dictionary (word list, one per line) or from the user name and words (or names) extracted from the /etc/passwd GECOS field. Crack appears to be limited to words from dictionaries. Rules can be combined to perform multiple transformations on the words. Below is the list of actual transformations suggested in the Crack 5 documentation:

* Lower case pure alpha words.
* Lower case and pluralize alpha words.
* Append digits and punctuation to all pure alpha words.
* Lower case and reverse pure alpha words.
* Lower case and mirror pure alpha words.
* Capitalize all alphanumeric words, i.e. first letter only.
* Capitalize all alphanumeric words and add a variety of common punctuation so ‘cats’ becomes Cats! Cats? Cats. Cats, Cats- etc.
* Upper case all alphanumeric words.
* Remove vowels from pure alpha words.
* Remove white space and punctuation from those words that have it.
* Duplicate short words.
* Perform most of the similar looking character substitutions identified in the list of dont’s.
* Lower case and prepend digits (all words).
* Capitalize then reverse alphanumeric words.
* Reverse then capitalize words.
* Upper case words adding common punctuation and swapping zero for O.
* Upper case then duplicate, reverse and mirror words.

A number of the preceding transformations had length limitations which have been omitted for simplicity.
How Long Does It Take to Crack Passwords?

Conceptually the easiest way to crack passwords is to generate character sequences working through all possible 1 character passwords, then two character, then three character, etc. This is the brute force attack previously mentioned. It could start at any specific length password. Theoretically any possible password can be found this way but generally there is not sufficient computing power available to successfully accomplish this. A number of factors deteremine how long a brute force attack will take. Some may be under a system administrators control and others are not.

One factor is the amount of computing power available to solve the problem. Computing power increases continually; Moore’s law anticipated a doubling of processing power every 18 months and this has so far been a close approximation to reality. This works out to about a 100 times increase each decade. Today a computer is likely to have approximately a million times the computing power available when the first UNIX was developed.

Password cracking lends itself well to parallel processing on multiple machines with near linear gains as more machines are applied to the problem. Someone with access to many machines during off-hours at a company or educational institution may be able to apply lots of computing power. Computers with a wide range of speeds may be available. Thus the amount of computing power available for password cracking continually rises but the amount available to a single cracker or group of crackers may vary by orders of magnitude at any specific point in time.

Another factor is the algorithm used to encrypt the password. Generally this is set by the operating system but some such as Linux and OpenBSD allow the administrator to select from different types. On OpenBSD the administrator can control loop counts for some of the options. Changing the encryption method and how many times it is applied, can greatly increase the time it takes to compute a password hash. Generally, the longer it takes to compute the hash when the password is created, the longer it will take when trying to crack the password. The standard UNIX encryption method has been changed to make it slower more than once. On the other hand, some algorithms have multiple implementations and those cracking passwords have created variants that produce the same results but run as much as 100 times faster than the version that originally encrypts the password2.

Probably the most important factor in brute force cracking of passwords is how many passwords need to be examined to cover all possible passwords. Two factors determine this. They are the length of the password and the number of characters in the character set from which the passwords are formed. The number of possible passwords is the number of characters in the character set raised to the power represented by the password length. For example, the number of possible three character passwords formed by 26 letters is 26 cubed.

The table below is calculated by assuming 100,000 encryption operations per second; this is a plausible number for a desktop PC today. In “Password Cracking Using Focused Dictionaries”1, Paul Bobby refers to 48000 “password combinations per second” on a “P2-400Mhz computer”. In “UNIX Password Security – Ten Years Later”2, Feldmeier and Karn refer to a “top speed of 1092.8 crypts per second on a Sun SPARCStation.” in 1989. Applying Moores law we should get between 100,000 and 200,000 crypts per second on a high end workstations eleven years later. Using L0phtCrack5, I’ve seen about 1.2 million “Tries/sec” using only alphanumeric characters and about nine hundred thousand “Tries/sec” using the full 95 character, printable ASCII character set, on a PIII 500. I believe the L0phtCrack number is at least in part a result of the weaker encryption used by NT as discussed on another page.

Password lengths from 3 to 12 are shown. The numbers at the top, 26 – 94, indicate the number of characters from which the passwords are formed. 26 is the number of lower case letters, 36 is letters and digits, 52 is mixed case letters, 68 is single case letters with digits, symbols and punctuation, and 94 is all the displayable ASCII characters including mixed case letters. The times shown are the times to process the entire set of passwords thus the average time to crack passwords would be one half the listed times.

26 36 52
3 0.18 seconds 0.47 seconds 1.41 seconds
4 4.57 seconds 16.8 seconds 1.22 minutes
5 1.98 minutes 10.1 minutes 1.06 hours
6 51.5 minutes 6.05 hours 13.7 days
7 22.3 hours 9.07 days 3.91 months
8 24.2 days 10.7 months 17.0 years
9 1.72 years 32.2 years 8.82 centuries
10 44.8 years 1.16 millennia 45.8 millennia
11 11.6 centuries 41.7 millennia 2,384 millennia
12 30.3 millennia 1,503 millennia 123,946 millennia

68 94
3 3.14 seconds 8.3 seconds
4 3.56 minutes 13.0 minutes
5 4.04 hours 20.4 hours
6 2.26 months 2.63 months
7 2.13 years 20.6 years
8 1.45 centuries 1.93 millennia
9 9.86 millennia 182 millennia
10 670 millennia 17,079 millennia
11 45,582 millennia 1,605,461 millennia
12 3,099,562 millennia 150,913,342 millennia

Even if a cracker has a thousand times more power available than assumed, e.g., 100,000 is significantly low and the crackers has lot of fast computers or a supercomputer, it’s very easy to find passwords that can’t easily be cracked. Eight character passwords using the entire character set will do, as it will take nearly two years to work through all possible passwords. Depending on the password and the brute force sequence, some passwords might fall quickly. For example if passwords were generated in the order of ASCII collating sequence, the poor password !!!111Aa might be found rather quickly.

The time to process a cracking dictionary is determined in the same manner. The total number of passwords to be tried, which is a product of the number of words in the dictionary times the number of transformations per word, is divided by the rate it takes to encrypt passwords. Complex rule sets may impose an additional significant overhead. On today’s computers, small dictionaries (less than 100,000) with a few transformations will complete in a few seconds. The total number of passwords with large dictionaries and many transformations or huge dictionaries will be huge and the processing time correspondingly large.
Brute Force, Dictionary Comparison

As brute force is the only alternative to dictionary based password cracking it’s worth taking a close look the table above. Look at how long it should take to crack eight character passwords drawing from the 95 typeable characters. One simple statement should put this in perspective. Not including NT systems, that have a seriously flawed password storage method
It is highly unlikely that any cracker has ever gotten even a single password, eight characters or longer, randomly created from the entire 95 printable ASCII character set.

Randomness does have it’s surprises. If numbers are randomly selected from a billion number sequence, there is a one in a billion chance that the first number will be drawn on the first try. Very unlikely but still possible. To have a 1% chance of cracking a specific random, 8 character password from the full character set takes about 20 years of computing, at 100,000 passwords per second.

An obscure word in the Afrikaans language, mirrored and all uppercased except the first letter is more likely to be used as a password than any single random character sequence of similar length. Further, where the single random sequence cannot be reliably found by existing technology today, the Afrikaans derived password surely can; it’s simply a matter of the cracker having and choosing to apply sufficient resources

Any word and all the mechanical transformations that can be described to change that word into something else is a subset of all possible combinations of the same characters. As the length of the word increases, the standard transformations become an ever smaller subset of the possible permutations. For a word of meaningful length, say more than 5 characters, the word and its transformations is an infinitesimal subset of all possible combinations of the same number of all characters. In other words, the longer the passwords to be cracked, the larger the advantage of a dictionary based attack will be compared to a brute force attack. Here “dictionary based attack” is understood to include custom programmed dictionaries as described in subsequent pages in this section.

from: Geodsoft

69 thoughts on “How to crack a computer password

  1. Hi I need to know how get randomly selected (by a computer)letters from the alphabet.

    I want a programme that randomly selects nine letters from the 26.. If you know how I can get such a programme It would be much appreciated…
    Kind Regards

    Rhyn

  2. i need a hacking software by which i can the question paper of the next exam of my school.if any one can tell me it will bw very help ful for me.

  3. i need a hacking software by which i can get the question paper of the next exam of my school.if any one can tell me it will bw very help ful for me.

  4. I just want to find out my future wife’s password to her myspace to see what’s she’s really about.

  5. i need to know how i can get yahoo passwords for their messenger. I need to see what my children’s step mother is all about. Help Me!

  6. My daughter set her myspace profile to private and I have no access to it. I want to know what she is doing and who she is conversating with. Would you plz teach me how to get her password. Thank You

  7. i need a hacking software by which i can get the question paper of the next sessionals in the college.Can anyone help me out…………

  8. I need a password cracker for myspace and yahoo. I have my daughters email address but I need to know who she is talking to, she is only 10 and shouldn’t even have a myspace account. Please help me. I need to protect my daughter.

  9. Please can anyone help me. I need to find out my dayghters passwords for her yahoo and myspace. She is only 10 years old.

  10. I also want to be able to check on my daughter’s yahoo, and myspace. She’s just shy of 16 and not too long ago added some new online friends, changed her password to one “Mom can’t get”. She’s closing out of her screens when I am too close to the computer…seriously, this makes me feel there’s something I need to worry about!
    the other alternative is NO INTERNET…that’ll be the death of me! We homeschool and I do alot of research… Please

  11. I “kinda” fixed my Problem with my daughter…

    I told her I had an issue that needed to be dealt with… I told her I am concerned about her health, well being, and protection, and because she lives in MY house, and IS a minor in MY authority** I have the right to monitor her activities, and conversations online… especially when she acts like she has to hide, sneak or prevent the facts from being presented openly.** Starting immediately a new Plan of Action is in force…

    A) I would now keep the log-in password private, she has to get me to log-in when she wants online.

    B) She would keep me informed of her passwords and subsequent changes for messengers, emails, blogs, etc.

    C) I am to be accepted into the “viewing area” of the monitor while she is online.

    D) if any of these conditions are not agreed upon, then I can exercise my Parental rights to delete this form of technology in my home. I explained that I had things I could do,
    *remove installed/downloaded software, and block address to a new download
    *can block websites,
    * install an additional web filtering program and /or a tracker program
    *discontinue services (isp, and phone line)

    I think that because I looked her in they eyes and stated my case with authority and love ;) she acquiesced without a full blown battle…

    God Bless, Colisa

  12. omg u ppl expect to be handed password crackers and taught how to get these things? look learn html and java script if you care enough and u can do what u need to do

  13. i need a hacking software by which i can get the question paper of the next sessionals in the college.Can anyone help me out………… plzzzzzzzzzzz

  14. hii guys the prob i have is tht my parents have put a password on the computer its not like i can switch on the computer then i have to put my username and password but the moment i switch on my computer they ask me for a password no user name required though now i am really fraustrated i have tried everything and am still stuch how do i find this password out.Plzzz someone help me.
    Mail me at- distilled_devil@hotmail.com

  15. hi dudes if anyone read this msg then plzzzzzzzzzzzzzzz tell me that how to crack a password someone give me a hint that first we should go to SQL but i canot found it that where it is plzzzz if anyone read my msg and know how to crack a password then plz reply me on sarthakrock_2006@yahoo.com .

  16. To you parents- do not try cracking your kids passwords. If you REALLY want to know what they are doing / get their passwords, and it is YOUR computer- all you have to do is find and install a key logging program, or buy a hardware key logger which plugs in between your keyboard and computer and records all keystrokes (including passwords). BTW- No one that really has know-how on the topic of password cracking is going to tell you how to crack passwords, give you programs, or do it for you just for the hell of it on this message board… If you really NEEDED to know, you would take the time to learn how to program, familiarize yourself with the things you are interested in, and learn to do it yourself using others as a resource to learn from, not as someone to hook you up instantly with “L337 skillz”

  17. well sir I work in a company in I.T dept and there are password on net for all computers if we open any site so it ask about password I just want to ask that how can I know or crack that password on the upper side of password there is some place empty it seems that some text will write there if you can tell so plese tell me this

  18. Here’s a good way to make better passwords:

    Mask your passwords with PwdHash, a browser plugin for both Firefox and Internet Explorer that generates safe, secure passwords.

    And something to crack any computer running windows:
    Extremely impressed at the ease and speed with which the Ophcrack Live CD cracked my Windows admin password when I tested it out last a few weeks ago, I thought it might be useful to throw together a quick guide detailing how to use this powerful little utility.

  19. #
    32
    eldin Says:
    November 25th, 2006 at 12:31 am

    HI if you read this and can help me crack this password the hint is whats my favorite painting if you know how to crack this password plesssse email me at gdhf_6_hood@yahoo.com

    My favorite painting is called _Blue_. I dont know what you’re favorite painting is called.

    Btw, i do not expect this to help…i cant believe you asked for help with that hint online…how are we supposed to know what someone’s favorite painting is?

  20. By the way, anyone needing help with their windows account passwords can pay loginrecovery.com to crack them for you. unfortunately, if you are trying to crack someone else’s administrator password, and that person knows what they are doing, they have likely shut off the boot from cd/disk option in the bios, which renders this useless for you.

  21. Of all the lusers than ask for “crack my pass plz” each time anyone writes something on this topic.

    God pls give us the ability to smack ppl over TCP/IP.

  22. Looking for information on Yahoo msg cracks for the newest edition. I recently changed my password and can’t remember it. I have been searching but everything I seem to find says you cannot recover your password for this edition..

  23. Please, I need help cracking a password for myspace.com. My girlfriend is hardly talking to me and is affiliating with other guys. So I believe she’s talking to a guy that she doesn’t want me to know about. Please…… I really need to get her password for I can know once and for all. Please e-mail me back. Her myspace e-mail is “pixxie06@hotmail.com. I just need her password. Thank You.

  24. if anyone would be so kind enough or need practice in craking/hacking an account can you please crack into my hotmail address and find out the password I forgot it because i havent been on in alittle while and now i want to check my emails. i know the email adress and it is tweek_jojo_66@hotmail.com if you would be so kind, can u please send the password to my sister’s emali acount. it is darling_dana@msn.com

  25. Luis,

    Try the following passwords:

    pixie
    pixxie
    Pixie
    Pixxie
    PIXXIE
    PIXIE

    et cetera. Just try it, that’s probably it.

  26. Hi, ive read the posts and u seem really good. I would like u too help my find out my boyfriends password for his address: zack_trial4@hotmail.com. Any help would be really appreciated since i think im in love with him and he may be cheating on me. Thanks again.

  27. A lot of people will say that they know how to crack passwords to e-mails, but never go into detail on how to do it. I was wondering if you can send me the password for j_speed78@yahoo.com e-mail for yahoo or myspace.

  28. Hey man, i know you get tons of requests for getting someones password and usernames, and i have basically the same request. I know you probably dont have the time to do this for me, seeing as you dont even know me, but i would be so thankful to you! I have been going through hell the past couple weeks, because i think my girlfriend is cheating on me. I would be willing to pay you, i dont know how much that would take, or how much i could give you seeing as i am a college student and running tight on my budget, but this girl means the world to me. I have asked my girlfriend if she is cheating on me but she says no, and then she will get calls from the same guy while i am with her. Sir I am begging you to hack into her account for me. I will do anything for you i can. all i have is her url for her myspace page, but i am about to get her email. I beg you to respond to this message. You can email me at johndeerboi@gmail.com. Thankyou so much for your time and I hope that you can help me! God Bless.

    Zac

  29. Hello,
    Thank you for your time, first of all.
    I have been living with a woman for about a year and a half.
    She has an Ex who is Not quite getting the picture that she is going to be married. However I am not so sure at this point if it is simply a case of Him not being informed.
    I believe she is playing both sides of the fence, we are going to be married in Jan of 08
    and I would like to make sure I am not pulling off the biggest mistake of my life. . .
    after one failed 13 year relationship, I cant afford to make another.
    Please let me know if there is some form of compensation you normaly, or would like to recieve
    reguarding this matter.
    The email address I would like to veiw, are as follows :BlackNuckle@yahoo.com
    :edyrnr@aol.com

    Thank you again for your time.
    Paul

  30. If its Your pc Then What do you care Use a keylogger program on the pc to retrieve thier passwords just Search google/download.com for the words “keylogger” and youll have everything you need Peac3

  31. I need a password for a myspace account. Is this possible? Please someone let me know through email. Thanks

  32. hi im looking into getting into hacking passwords and computers..can someone please fill me in on what programs i need and information i need to know?? thanks

  33. yea a ex friend has been spreading nasty rumors about me i need to get in one of my friend’s myspaces to delete the messages can any one give me any sugjestions asap?

Comments are closed.