A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources. It can also be used to help a human cracker obtain unauthorized access to resources.

Password crackers use two primary methods to identify correct passwords: brute-force and dictionary searches. When a password cracker uses brute-force, it runs through combinations of characters within a predetermined length until it finds the combination accepted by the computer system. When conducting a dictionary search, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variety of topics and combinations of topics, including politics, movies, and music groups.

Some password cracker programs search for hybrids of dictionary entries and numbers. For example, a password cracker may search for ants01; ants02; ants03, etc. This can be helpful where users have been advised to include a number in their password.

A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer’s memory, the program may be able to decrypt it. Or, by using the same algorithm as the system program, the password cracker creates an encrypted version of the password that matches the original.

Some most popular password crackers are as follows:

1. Cain & Abel: Cain and Abel is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracker can handle a wide variety of tasks. This password cracking program can perform the following types of tasks: Dictionary attack, Brute force attack, Cryptanalysis attack, Recording VOIP sessions, Decoding scrambled passwords, Uncovering cached password, etc.
2. John the Ripper: John the Ripper is a fast password cracker available for various environments. Its primary purpose is to detect weak Unix/Linux passwords. Initially developed for the Unix operating system, it currently runs on fifteen different platforms. John the Ripper is a fast password cracking tool that is available for most versions of UNIX, Windows, DOS, BeOS, and Open VMS. John the Ripper requires a user to have a copy of the password file.
3. THC Hydra:: THC Hydra is a fast network authentication cracker that supports many different services. Hydra was a software project developed by a German organization called “The Hacker’s Choice” (THC) that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA.
4. Aircrack: Aircrack is the fastest WEP/WPA cracking tool. Aircrack is used for 802.11a/b/g WEP and WPA cracking. Aircrack is also used to attack WPA 1 or 2 networks using cryptographic methods or by brute force.
5. L0phtCrack: L0phtCrack is a password auditing and recovery application. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. It was one of the crackers’ tools of choice, although most use old versions because of its low price and availability.
6. Airsnort: Airsnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. Airsnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
7. SolarWinds SolarWinds is an overplus of network discovery/monitoring/attack tools. They have created dozens of special purpose tools. Some of them are router password decryption, an SNMP brute force cracker, a TCP connection reset program, etc.
8. Pwdump: Pwdump is a Windows password recovery tool. It can extract NTLM and LanMan hashes from a Windows system. It is also used to display password histories. The output data is in L0phtcrack-compatible form and can be written to an output file.
9. RainbowCrack: RainbowCrack is a computer program that generates rainbow tables to be used in password cracking. RainbowCrack differs from “conventional” brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.
10. Brutus: Brutus is a password cracking tool that performs both dictionary and brute force attacks in which passwords are randomly generated from given characters. Brute forcing can be performed on the following authentications: HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3 (Post Office Protocol v3) FTP (File Transfer Protocol), SMB (Server Message Block), and Telnet.

How does a Password Cracker work?

Generally, Crackers steal a password file from a computer system. This file contains the encrypted value of the password. Crackers firstly try to guess the password, which is also known as password guessing. They then gather all information of the victim such as the date of birth, family person’s name, favorite food, favorite actors/actresses, etc. All these information are easily available on any social networking site like myspace, hi5, orkut, facebook, etc. Crackers also use crack programs against a dictionary to generate the password until the same encrypted value is found. For example, if a victim’s password is welcome99, then they try welcome1, welcome2, welcome3, etc. until the welcome99 is reached. The other ways of password cracking is trying all combinations of keys present on the keyboard and using the rainbow attack for password cracking, which is the fastest method of password cracking. The latter method of password cracking is implemented by calculating all the possible hashes for a set of characters and then storing them in a table known as the Rainbow table. These password hashes are then imported in the tool that uses the Rainbow algorithm and searches the Rainbow table until the password is not fetched.