Password Cracking with Target Information

TL;DR

Yes, password/passphrase guessers and crackers can absolutely use information about the target to improve their success rate. This guide covers tools and techniques for doing this, from simple dictionary attacks enhanced with personal data to more advanced methods like rule-based cracking.

Password Cracking Using Target Information

1. Gathering Information (Reconnaissance)
   • Publicly Available Data: Search social media (Facebook, Twitter, LinkedIn), company websites, personal blogs, and public records for names, dates of birth, pet names, hobbies, locations, favourite sports teams – anything that could be part of a password.
   • Data Breaches: Check if the target’s email address appears in any known data breaches using sites like Have I Been Pwned? This can reveal previously used passwords.
   • Company Information: If cracking a work password, research company policies (password complexity requirements), common naming conventions for accounts, and internal jargon.
2. Choosing the Right Tool
   • Hashcat: A very powerful command-line tool supporting various hash types and attack modes. It’s free and open source. (https://hashcat.net)
   • John the Ripper: Another popular, versatile password cracking tool with a wider range of features than Hashcat in some areas. Also free and open source. (https://www.openwall.com/john/)
   • Hydra: Primarily for brute-forcing network services, but can be used with password lists.
3. Attack Methods – Simple to Advanced
   1. Dictionary Attack: Use a wordlist (a file containing common passwords) and try each one against the target hash.
      • Enhance with personal data: Add names, dates of birth, pet names etc. to your wordlist.
      • Example Hashcat command:

      hashcat -m   

   2. Brute-Force Attack: Try every possible combination of characters within a specified length and character set. Very slow without constraints.
      • Example Hashcat command (limited character set):

      hashcat -m   ?a?a?a?a?a?a?a?a

      (This tries all 8-character passwords using only lowercase letters ‘a’.)

   3. Rule-Based Attack: Apply rules to modify words from a wordlist. Rules can add numbers, symbols, capitalisation etc.
      • Hashcat includes many pre-defined rules. Use the --rules option.
      • Example Hashcat command (using rule file ‘best64’):

      hashcat -m    --rules best64

   4. Combinator Attack: Combine names, dates, and other information to create potential passwords.
      • Use a tool like cewl (Cyber Eye Word List) to extract words from websites.
      • Combine cewl output with known target data using scripting languages like Python or Bash.
4. Important Considerations
   • Hash Type: Identify the correct hash type (e.g., MD5, SHA256, bcrypt) before cracking. Incorrect hash types will lead to failure. Tools like Hash Identifier can help.
   • Computational Power: Password cracking is resource intensive. GPUs significantly speed up the process compared to CPUs.
   • Legal Implications: Cracking passwords without permission is illegal and unethical. Only crack passwords for systems you own or have explicit permission to test.