Video Activity

Password Cracking Demo

Video Transcript

Hey, everyone, welcome back to the course. So in this video, I'm just going to show you some brief demonstrations of password cracking. So first things first Going to make sure that hydra THC hydra is installed here on this Callie machine. Eso I wanna go ahead and run the command apt Get install Hydra. We see it's already installed here. So next I'm gonna go ahead and call this password crackers. I'm gonna do Hydra the dash lower case T flag, Dash Capital V Dash, lower case F and then I'm gonna specify user account be And we're gonna try to crack the password of B. And so we're gonna be using this file p lab dot txt.

And we're gonna be using the specific IP Address 1 92 1680.10 and we're gonna ftp the results. Here. We see it's gonna attempt several different types of passwords to try to guess the password of this user. We'll give it a minute here, and it should pull up the results for us. Alright, so we see were able to successfully correct password. In this case, the password is bug for our user account be. And this is why we don't wanna have easily decibel passwords or very short passwords because it doesn't take a long time to crack them.

The next tool we're gonna use is called John the Ripper. This is a very popular password cracking tool. So first things first, we need to merge our password file in our shadow file here in Linux, and then we're gonna create a directory in John. All right, So you see, now that director has been created, so we could go ahead and use John the Ripper now, So to call this password cracking tool, we just type in John for John the Ripper. And we specify pass, and you see, it's gonna go ahead and try to crack the password for us. And what you'll notice here is that we were successful. You notice down at the bottom. There, the password is route. So next I'm gonna move over to a Windows 10 machine, and we're gonna be using a password cracking tool called can enable. Now, we're not gonna actually crack a password in this part of the demonstration.

I just want you to see how long a longer password might take to create. So in this example, we're gonna go ahead and use a password that's about characters, long. So first things first, we launch Cain and Abel here, we're gonna select the cracker tab, and then we're gonna be focused on L m and N T l m hashes. And don't worry about what that means for this particular demonstration. So what? Select this plus sign here, and we're gonna import the password hashes from our local systems. We're just going to say next there and you'll see it's gonna populate some different user accounts for us.

So we're gonna right click on this administrator account. We're gonna focus on a brute force password attack, which basically just means it's gonna try every possible combination, and then we're going to select the NTL M hashes. Now we're gonna change the password length again. I mentioned eight characters is gonna be what we're focused on trying to crack in this demonstration. So on the right side here, we're just gonna go ahead and decreases to eight characters, and we're gonna go ahead and select the start button.

Now again, we're not gonna be actually cracking the password in this demonstration And if you look at that box that says Time left near the bottom right, you'll see why it's estimating that it will take about 11 or 12 days to crack this particular password. And obviously I don't think anyone watching this course wants to wait 12 days to see the end result of this password crack. But this is the reason why AH, lot of security professionals will encourage you to have a longer, more complex password, because criminal hackers and adversaries out there are using these tools to crack your password. So the longer the password more complex, it is more difficult. It is for them to actually crack. So in this video, we just took some brief demonstration of different password cracking tools.

Course link:
Cybersecurity For Beginners, Introduction to Cyber Security
Are you new to IT & cybersecurity and wondering which role might suit you best? In this cybersecurity for beginners overview, we cover the roles of Network Administrator, Incident Responder, System Administrator, Penetration Tester, Cloud Engineer, Cybersecurity Manager, and Privacy Analyst. Find the role for you in this exciting field.
Instructed by
Ken Underhill

I'm an Cybersecurity professional who holds both the CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensic Investigator) certifications from EC-Council, and am a content reviewer/writer for both exams.