passwd.txt

黑客培训教程

###########         #                   ###             #########      ##     # 
 ############       ###                 #####           ###  #####     ###     ## 
 #####    ####     #####               #######         ###    ###     ####    ### 
 #####    #####   #######             #########       ###      #      ####  #### 
  ####   #####    #######            ###########     ###               ### #### 
   #########      #######           ####     ####    ###               ####### 
    ###########    #####           #####     #####    ###     ##      ####### 
   #############    ###   ##      ######  #########    ###   ####     ######### 
  ######     ####    #   ####      ########  #####      ##  ######     ###   ### 
 ######     ####     ##########     ####     ####        #########     ###  ##### 
 #####     ####       ##########     ###     ###          #######     ####  ###### 
 #############         ##########     ##     ##            #####      ####   #### 
 ###########            ########      ##     ##             ###        ###    ## 

   #######       #     #        #     # 
  ##########    ##     ##      ##     ## 
 ###    ###     ##     ##     ###     ### 
  ###    #     ###     ###   #####    ####           Black Sun Research Facility 
    ###         ##     ##    ######   ####             http://blacksun.box.sk 
      ###       ##     ##    #######  ####                 ASCII By : cyRu5 
   #   ###     ###     ###   ####  ####### 
  ###  ####   ####     ####   ###   ##### 
 ###########   ###########     ##    ### 
  #########      #######        #     # 
_____________________________________________________________________________

Password Cracking Decrypted: By Ankit Fadia ankit@bol.net.in
_____________________________________________________________________________

All of you would probably must have come across the term 'password'. Ever wondered why 
exactly passwords work and how to crack them? Well, this manual will answer all your queries 
about passwords and make you an expert in cracking passwords.

Passwords: An Introduction

First of all, what exactly is a password.A password is best described as a verification or an 
authentication tool or object. Passwords are used to ensure legal and proper access to only those 
people who have the authority or the permission to view the data.A password is required in many 
places,you are required a password, to access your Inbox, you are required a password to dial up 
to your Internet Service Provider and in some organisations you also need to enter a password to 
start the system.At all places the Username and Password pair is used to authenticate the user.
Usernames are used to identify the user and the password is used to authenticate the user and 
for every unique username there is a unique password.Take the example of the Lock and Key, for 
every lock you need a unique key to open it and enter.Here the Lock acts as the Username and 
the password would be the key.So passwords are as important as the key of your house.

Your house remains safe as long as only you who is the rightful owner has the key and no one 
else finds it.Similiarly, the concept behind passwords is that it is only the rightful owner who 
knows the password and no one else knows it.Everyday we hear about password stealing, 
computer break ins etc.Sometimes the user chooses very lame passwords which are easily 
guessed by hackers.There are certain guidelines which I would like to tell you which you must 
keep in mind while choosing a password:

1. Never keep your password same as your Username
2. Never choose your own name, Date of Birth, spouse's name, pet's name, child's name etc as 
your password, those are the first ones which are tried by a hacker.
3. Some people are so lazy that they keep their password to be 'Enter' (Carriage return)
4. Try to choose a word which is not in the dictionary and contains both numbers and alphabets, 
and if possible use both Lower Case and Upper Case alphabets and also symbols like 
(#,$,%,^ etc) as they can be cracked only be brute force password crackers which take too 
long a time to crack.

You may say that choosing of weak passwords is responsible for the large number of hacks, but 
people themselves are the weakest chain in the whole authentication process.Most people 
usually use lame passwords like those I mentioned above, and those who use excellent 
passwords are not able to remember them and then write the password down on a piece of paper 
and stick it on their monitor.One should try his level best to remember weird passwords if he 
wants to keep his system secure.The best places where you can find the passwords, would be 
beneath the keyboard, behind the CPU or even on the sides of the monitor.
Some people have trouble remembering the large number of passwords that they are asked for, 
while using various services, as a result they use the same password everywhere.Thus knowing 
even a single password might help in some cases.
 
Password Cracking

The most common method of password cracking is password guessing, although it requires a lot 
of luck, it can be successful sometimes.To start to guess the password, you first need to gather 
all kinds of info about the victim.(See the Guidelines of keeping a password for more details.)
The most common and the most successful method of password cracking is th use of password 
crackers.Now what exactly are password crackers? Now to understand what a password cracker 
is and how it works, you first need to understand how a person is authenticated.
When you are creating a new account or registering or running the setup(basically whenever you 
create a new account by entering the Username and Password.) you might be asked for the 
Username and Password.The username is mostly stored in plaintext, but the password that you 
enter is stored in an encrypted form.Now when you enter the password, it is passed through a pre 
defined algoritm and is thus encrypted and is stored on the hard disk.So next time when you use 
the account and enter the password, the text (password) you type is passed through the same 
algorithm and is compared with the earlier stored value.If they both match, the user is 
authenticated else the authentication fails.
The algorithm that is used to encrypt the password is a one way algorithm, by that I mean that if 
we pass the encrypted password through the reverse algorithm, we will not get the original 
plaintext password.
Lets take an example to make it more clear: Say your plaintext password is xyz123 and it is 
passed through an algorithm and stored in the a file as 0101027AF. Now if you get his encrypted 
password and know the algorithm which xyz123 is passed through to get 0101027AF, you cannot 
reverse the algorithm to get xyz123 from 0101027AF.
When you are typing in your password, the computer does not display it in plaintext but instead 
shows only stars i.e. ******** so that if someone is shoulder surfing, he cannot find out the 
password.The text box has been programmed in such a way.On most forms Unix you will not 
even see the asterix marks and the cursor will not move, so that neither does a person shoulder 
surfing, find out the password nor does he find out the length of the password.

Password Crackers are of two types-: Brute Force and Dictionary Based. 
Dictionary Based password Crackers try out all passwords from a given pre defined dictionary list 
to crack a password.These are faster but more often than not are unsuccessful and do not return 
the password.As they do not try out all combinations of possible keys, they are unable to crack 
those passwords which have symbols or numbers in between.
Brute Force Password Crackers try out all combinations of all keys which can be found in the 
keyboard (i.e. Symbols, Numbers, Alphabets) both Lower Case and Upper Case.These kinds of 
Password Crackers have a greater success rate but take a long time to crack the password.As 
they take all possible keys into consideration, they are more effective.
Now that you know the two main types of password crackers lets see how they work.
As passwords are encrypted by a one way algorithm, password crackers do not extract the 
password from the file but instead take the combination of letters, encrypt them by passing the 
characters through the original algorithm and compare this value with the stored encrypted 
value.If these two match, then the password cracker displays the password in plaintext.

Cracking The Windows Login Password

The Windows ( 9x) password is passed through a very weak algorithm and is quite easy to crack.
Windows stores this login password in *.pwl files in the c:\windows directory.The .pwl files have 
the filename which is the username coresponding to the password stored by it.A typical .pwl file 
would be as follows:
Note: This .pwl file has been taken from a Win98 machine running IE 5.0

###############CUT HERE##############

銈厲