An Ethical Hackers Guide: Part 2 - Script Kiddie Password Recovery

in #steemstem6 years ago (edited)

Hello Steemstemers, Utopians, Future Hackers and Crackers :]

This is the start of what I aim to be be a comprehensive guide, on everything that a beginner should know about passwords. Recovery tools, obtaining hashes, cracking, and many more different techniques to gaining access to many different accounts, systems, and networks. IMO, Credential Theft is one of the most common, and yet important aspects to hacking. There will always be ways around the password, but there's really nothing simpler than just pretending to be the user.

Cliche_Hacker_and_Binary_Code_(26614834084) (1).jpg

Wikimedia Commons

For those of you interested in becoming a more proficient hacker, I strongly suggest that you do everything you can to learn programming, Including reading the other tutorials I have, and will be posting. This is going to become a little personal Disclaimer throughout the guides here:

This is an Ethical Hacking Guide. That being said, the majority of the things you will be learning in this guide, are not legal, and should not be used on any device, or network that you do not have written permission to test on. (From the owner)

Password Recovery Tools


Now the first things I'll get into here, simply because it is one of the simplest things you can do to call yourself a password hacker :P, are password recovery tools. Password recovery tools, as you would imagine, were designed so as to help people recover their forgotten passwords. These tools were made a long time ago, with very little security in mind, and as such, are not meant to be used on legitimate threats.

These are fun and simple tools, that clearly demonstrate human err, and would be great to **** with your friend for a day or two. I will now list several different types of tools, and how to use them. I personally used to keep them all in a folder in my phone, but it's up to you how you would deliver them to your target PC. A side note, these tools are designed only for windows PCs. We will be moving to Linux shortly on in these guides.

Password_hacking_illustration.jpg

Wikimedia Commons

NirSoft Recovery Tools


For years now, NirSoft has had these nifty little tools out, and as tiny and quick as they are, each one is equally powerful when used in the correct situation. As a rule of thumb, I only carry about 6-8 with me, and as such, will only be discussing these during this guide. The reason these tools are considered 'script-kiddie' material, are simply, that no professional would fall for such an attack. The only passwords these tools will ever 'recover', will be passwords that were stored insecurely in the first place. (ALL of these tools will fail a virus scan. you will need to turn victims antivirus off for a quick moment, which is honestly too simple. Remember to turn AV back on after ^_^)

IE Passview

IEPassview is a neat utility, pretty much does as expected, when you run this program on a target PC, it will take any passwords it can find within Internet Explorers saved data. This tool is only for use with IE, a browser that I do not use, so I will not be demonstrating it here, however it is very simple point and click. If there are passwords to be found, they will be in the window when opened.

Password Fox

editmepasswordfox.PNG

PasswordFox, like you would assume does the same as IEPassView, or ChromePass, however this tool is strictly for use on Firefox browsers. This will grab any logins stored in Firefox, and actually did grab one of mine, however it is not an account I use often. None the less, I have blurred my credentials, and file-path from the image for security.

ChromePass

chromepass.PNG

Allrighty then! ChromePass was a score if you were using this on me lmao. All of these are useless passwords I prefer my system to know, but even still knowledge about me and my password formats. ChromePass may not be as effective on all users, but it is definitely a big name browser. Depends on your user, and a hacker should always be prepared :)

BulletsPassView

bulletpassview.PNG

BulletsPassView is a pretty cute tool lol, can surprise you sometimes lol, if you see above, it actually tried to grab my Binance login, and that's just too funny. This is a fresh PC install, so there's not much work for it to do on my computer, however this is a nice program for grabbing random passwords lol, and remember any valid password can be useful in the right situation guys!

WirelessKeyView

WirelessKeyView actually managed to get my WiFi Password, even today a powerful program. Unfortunately I am at the max for picture uploads so like the othertools, simply run and view. Copy passwords down quickly, or learn moreadvanced ways from my future tutorials.

WebBrowserKeyView

WebBrowserKeyView is used to steal user credentials from most any web browser, be it Firefox, Chrome, or even Opera. It just knows the right types of files to look for. There are many other types of passwords to go after, and in the next few lines I hope to list a good few of them that may interest you.

VNCPassView
Messenger PassView
MailPassView
Opera PassView
RDP PassView
RouterPassView

Conclusion

Well I hope this has been at the very least, knowledgeable for you readers out there. As I'm sure I've mentioned earlier, this is simple simple level 1 stuff, and I'm sure you can see how dangerous it has already become. One of those tools grabbed over thirty of my logins from chrome lol.

Thankfully, modern computer security has increased greatly, and most of these tools are not so point and shoot anymore. Again I hope you had a good time reading this, and I'm excited to see you all next time.

Happy Hunting,
Cerulean

Sort:  

Looking forward for more. Keep it up please!

Thanks @fako Glad to know people are enjoying it :)

Coin Marketplace

STEEM 0.15
TRX 0.16
JST 0.028
BTC 68859.62
ETH 2444.01
USDT 1.00
SBD 2.34