CrAcK PaSsWoRdS:

Most people do not understand what password cracking is. First of all it is almost impossible to crack some passwords. Most servers root account are 8 letters, numbers, etc. That makes it almost impossible for it to be cracked by a fast home pc. Some people even use high ascii charters in their passwords, such as: ? ? o and other charters. Password cracking is a vast field. Most OS's use different methods of security and encryption. I only have used password crackers to crack unix passwords myself.

---------------------------------------- ------------------ ------------------------------------------

---------------------------------UNIX Password Cracking---------------------------------

-------------------------------- - - - - - - - - - - - - - - - - - - - -

Unix passwords look something like this
root:QxBmPgjh0XPI:0:0:root:/root:/bin/bash
test:dk8djwIMpsjYdf:100:100:Test Account:/home/test/:/bin/sh
This is a flat file format that is very common on any unix system. This is usually called /etc/passwd, but today most people shadow their password files. So when you look at the password file you will see something like
root:*:0:0:root:/root:/bin/bash
test:*:100:100:Test Account:/home/test/:/bin/sh
Which means there is a shadow file (usually /etc/shadow or /etc/oshadow) that contains the passwords. The shadow file is usually set so that only a root user can read it. The shadow file would look something like this.
root:QxBmPgjh0XPI:0:0::::
test:dk8djwIMpsjYdf:100:100::::
To crack passwords you need a unshadowed password file or the shadow file for a server and a cracking program. I recommend John The Ripper <http://www.false.com/security/john/index.html>. This is my personal favorite and in my opinion better than all the rest.
This is the steps I usually take in cracking a password file. I think this is one of the better ways of doing it. I seem to do pretty good using these steps.
1. Run single mode crack. i.e.: john -single passwd
2. Try the common password file that comes with john. i.e.: john -w:password.lst passwd
3. Get some big dictionary files and crack with those.
4. Now I usually crack with my password lists I generated. I have one that is all 1, 2, and 3 letter combinations, 4 length only letters, 5 length only letters, and 4,5, and 6 length numbers.
5. If I still do not have the access I need I set john.ini to minimum of 4 charters on incremental mode and run john -i passwd
The last step will crack all the passwords, but it is a matter of time. With the fastest home PC's it could take your whole life to crack an eight letter password. That is why I like to try dictionary files, and other methods to try to get what I can before running incremental mode. On a huge password file I managed to crack out about 1/3 of the passwords. Usually in cracking, you either only want the root account or just one account with enough access to do what you want (shell account.)

<--------------------|-------------------->