IMPORTANT TOOLS FOR SECURITY BREACHING (Lesson 6)

First Step – Finding a computer to attack

Second Step – Breaking into it

Third Step – Crack the password

A hacker can find the password in the following ways:

1).Keystroke Logger-

A Keystroke Logger can record each and everything a person types. A logger can either send the recording to a monitoring computer or saves it to a file in the same computer. The key logger run’s in hidden mode i.e. they hide their presence from the user, although a professional person can check their existence in the computer system.

When the user leaves the target computer, the hacker can recover the log file in which every entry is recorded be it an email id username, password, credit card number, etc. Some key loggers can even mail the log file to the hacker so that they can monitor the target’s activity from another location.

For using a key logger the hacker must have access to target computer system on a regular basis.

2).Desktop-Monitoring Programs-

If the hacker doesn’t have access to the target computer on a regular basis then a desktop monitoring program is the solution. If the hacker is successful in installing this program on the target computer, then, whatever the user types on the target computer will appear on the hacker’s computer screen.

3). Brute-Force Attack-

The brute-force method simply tries every possible combination of alphabets, (small + caps), special characters and numbers of varying lengths. However, this method can take days to crack a password.

Brute-force attacks are very much successful in cracking Windows 98 and UNIX passwords. In windows 98 the user name and password is stored in the windows/*.pwl files whereas most of UNIX systems store the list of account names and passwords in the /etc/passwd file.

To gain access to the target computer the hackers simply copy the /etc/passwd file or the *.pwl file to their own computer so that they can run a brute-force attack on that file at their convenience, without any risk.