###########         #                   ###             #########      ##     # 

 ############       ###                 #####           ###  #####     ###     ## 

 #####    ####     #####               #######         ###    ###     ####    ### 

 #####    #####   #######             #########       ###      #      ####  #### 

  ####   #####    #######            ###########     ###               ### #### 

   #########      #######           ####     ####    ###               ####### 

    ###########    #####           #####     #####    ###     ##      ####### 

   #############    ###   ##      ######  #########    ###   ####     ######### 

  ######     ####    #   ####      ########  #####      ##  ######     ###   ### 

 ######     ####     ##########     ####     ####        #########     ###  ##### 

 #####     ####       ##########     ###     ###          #######     ####  ###### 

 #############         ##########     ##     ##            #####      ####   #### 

 ###########            ########      ##     ##             ###        ###    ## 



   #######       #     #        #     # 

  ##########    ##     ##      ##     ## 

 ###    ###     ##     ##     ###     ### 

  ###    #     ###     ###   #####    ####           Black Sun Research Facility 

    ###         ##     ##    ######   ####             http://blacksun.box.sk 

      ###       ##     ##    #######  ####                 ASCII By : cyRu5 

   #   ###     ###     ###   ####  ####### 

  ###  ####   ####     ####   ###   ##### 

 ###########   ###########     ##    ### 

  #########      #######        #     # 

_____________________________________________________________________________



Password Cracking Decrypted: By Ankit Fadia ankit@bol.net.in

_____________________________________________________________________________



All of you would probably must have come across the term 'password'. Ever wondered why 

exactly passwords work and how to crack them? Well, this manual will answer all your queries 

about passwords and make you an expert in cracking passwords.



Passwords: An Introduction



First of all, what exactly is a password.A password is best described as a verification or an 

authentication tool or object. Passwords are used to ensure legal and proper access to only those 

people who have the authority or the permission to view the data.A password is required in many 

places,you are required a password, to access your Inbox, you are required a password to dial up 

to your Internet Service Provider and in some organisations you also need to enter a password to 

start the system.At all places the Username and Password pair is used to authenticate the user.

Usernames are used to identify the user and the password is used to authenticate the user and 

for every unique username there is a unique password.Take the example of the Lock and Key, for 

every lock you need a unique key to open it and enter.Here the Lock acts as the Username and 

the password would be the key.So passwords are as important as the key of your house.



Your house remains safe as long as only you who is the rightful owner has the key and no one 

else finds it.Similiarly, the concept behind passwords is that it is only the rightful owner who 

knows the password and no one else knows it.Everyday we hear about password stealing, 

computer break ins etc.Sometimes the user chooses very lame passwords which are easily 

guessed by hackers.There are certain guidelines which I would like to tell you which you must 

keep in mind while choosing a password:



1. Never keep your password same as your Username

2. Never choose your own name, Date of Birth, spouse's name, pet's name, child's name etc as 

your password, those are the first ones which are tried by a hacker.

3. Some people are so lazy that they keep their password to be 'Enter' (Carriage return)

4. Try to choose a word which is not in the dictionary and contains both numbers and alphabets, 

and if possible use both Lower Case and Upper Case alphabets and also symbols like 

(#,$,%,^ etc) as they can be cracked only be brute force password crackers which take too 

long a time to crack.



You may say that choosing of weak passwords is responsible for the large number of hacks, but 

people themselves are the weakest chain in the whole authentication process.Most people 

usually use lame passwords like those I mentioned above, and those who use excellent 

passwords are not able to remember them and then write the password down on a piece of paper 

and stick it on their monitor.One should try his level best to remember weird passwords if he 

wants to keep his system secure.The best places where you can find the passwords, would be 

beneath the keyboard, behind the CPU or even on the sides of the monitor.

Some people have trouble remembering the large number of passwords that they are asked for, 

while using various services, as a result they use the same password everywhere.Thus knowing 

even a single password might help in some cases.

 

Password Cracking



The most common method of password cracking is password guessing, although it requires a lot 

of luck, it can be successful sometimes.To start to guess the password, you first need to gather 

all kinds of info about the victim.(See the Guidelines of keeping a password for more details.)

The most common and the most successful method of password cracking is th use of password 

crackers.Now what exactly are password crackers? Now to understand what a password cracker 

is and how it works, you first need to understand how a person is authenticated.

When you are creating a new account or registering or running the setup(basically whenever you 

create a new account by entering the Username and Password.) you might be asked for the 

Username and Password.The username is mostly stored in plaintext, but the password that you 

enter is stored in an encrypted form.Now when you enter the password, it is passed through a pre 

defined algoritm and is thus encrypted and is stored on the hard disk.So next time when you use 

the account and enter the password, the text (password) you type is passed through the same 

algorithm and is compared with the earlier stored value.If they both match, the user is 

authenticated else the authentication fails.

The algorithm that is used to encrypt the password is a one way algorithm, by that I mean that if 

we pass the encrypted password through the reverse algorithm, we will not get the original 

plaintext password.

Lets take an example to make it more clear: Say your plaintext password is xyz123 and it is 

passed through an algorithm and stored in the a file as 0101027AF. Now if you get his encrypted 

password and know the algorithm which xyz123 is passed through to get 0101027AF, you cannot 

reverse the algorithm to get xyz123 from 0101027AF.

When you are typing in your password, the computer does not display it in plaintext but instead 

shows only stars i.e. ******** so that if someone is shoulder surfing, he cannot find out the 

password.The text box has been programmed in such a way.On most forms Unix you will not 

even see the asterix marks and the cursor will not move, so that neither does a person shoulder 

surfing, find out the password nor does he find out the length of the password.



Password Crackers are of two types-: Brute Force and Dictionary Based. 

Dictionary Based password Crackers try out all passwords from a given pre defined dictionary list 

to crack a password.These are faster but more often than not are unsuccessful and do not return 

the password.As they do not try out all combinations of possible keys, they are unable to crack 

those passwords which have symbols or numbers in between.

Brute Force Password Crackers try out all combinations of all keys which can be found in the 

keyboard (i.e. Symbols, Numbers, Alphabets) both Lower Case and Upper Case.These kinds of 

Password Crackers have a greater success rate but take a long time to crack the password.As 

they take all possible keys into consideration, they are more effective.

Now that you know the two main types of password crackers lets see how they work.

As passwords are encrypted by a one way algorithm, password crackers do not extract the 

password from the file but instead take the combination of letters, encrypt them by passing the 

characters through the original algorithm and compare this value with the stored encrypted 

value.If these two match, then the password cracker displays the password in plaintext.



Cracking The Windows Login Password



The Windows ( 9x) password is passed through a very weak algorithm and is quite easy to crack.

Windows stores this login password in *.pwl files in the c:\windows directory.The .pwl files have 

the filename which is the username coresponding to the password stored by it.A typical .pwl file 

would be as follows:

Note: This .pwl file has been taken from a Win98 machine running IE 5.0



###############CUT HERE##############



銈厲