Open in app

Sign in

Write

Sign in

Behind The Scenes Of Password Hacking

Pattnaikarihant
SIGMA XI VIT
Published in
6 min readJul 9, 2022

For every lock, there is someone out there trying to pick it or break in — David Bernstein

So What Does the Word “Hacking” Actually Mean?

Hacking is essentially the art of seeking and exploiting a variety of chinks in the armor of a computer system, computer network, or any other electronic-based system and exploiting them.

It has been around for many years and isn’t something that can just easily be prevented or stopped, it is defiantly an important aspect of today’s technology-filled world. Because of this method of computing and the high demand flow and exchange of important and valuable information, it becomes essential to protect and secure any and all critical information.

Hackers can be classified into three types:

  • White Hat Hacker
  • Black Hat Hacker
  • Grey Hat Hacker

Bored by reading the definitions and facts until now? Let’s get into how the fun stuff happens. Let's look into how hackers hack passwords.

Code the Decoded!!!

Have you ever wondered how the passwords you set for multiple websites or social media handles are stored in the database?

Whenever we SignUp for a website and enter our details, the entered information is stored as Plain Text except for the password. What gets stored in the database is the Hash of the Password. All the companies present on the web have their own Hashing Algorithm.

So how does this Hashing work?

This Algorithm converts the plain text password into a series of characters that cannot be decoded. This series of characters or hashed form gets stored in the database. These Hashing Algorithms convert your passwords into hashed form. So in case of a Data breach, Hackers would have all your details except the exact password.

Types of Hashing Algorithms

Adding a Pinch of Salt

But in recent times, hackers have hacked servers of Instagram, Twitter, Apple, and other multi-billion companies.

How is this possible?

Hackers being as intelligent as ever pre-computed hash of a large number of words (from a popular word list or dictionary words) once they realized that hashed passwords were being stored in the database. They created a table of words and their corresponding hashes. This table is known as Rainbow Table and it is readily available online!

They can use this table to reverse lookup the actual password by comparing the hashes obtained from the database.

Developers now add a pinch of Salt to level up the security of your passwords. A salt is random data that is concatenated with your password before sending it as the input of the hashing function.

Each company uses a private set of characters as their salt, which is added between the password. Then the password is converted into its Hashed form, making it inevitable for the hacker to crack through it. The hacker can only crack this code only when she or he exactly knows the Salt.

Methods of Hacking

Hacking Methods

Basic Hacking Attacks

1. Rainbow Table

One of the most common techniques used by hackers is to decode the most commonly used passwords using the Rainbow Table. They can use this table to reverse lookup the actual password by comparing the hashes obtained from the database. Hence, companies suggest using strong passwords, eliminating the threat of attack using the Rainbow Table.

The Rainbow Table

2. Dictionary Attack

This method is similar to the Rainbow Table attack but has a wider range of permutations and combinations making it a slower process as the compiler first finds the hashed form and then compares.

Dictionary Attack

3. Brute Force Attack

In this attack, the attacker finds all possible combinations, prepares their hashed form, and then decodes. Thus, if your password is strong, it might take him 1QT years to decode. So, to save yourself from these attacks you should use a unique password.

Advanced Hacking Attacks

Advanced Hacking Attacks

1. SQL Injection

In SQL Injection, the attacker sends a malicious SQL command into the database and executes it. After the execution is successful, the hacker can impersonate any user and play with the data. This attack is performed on vulnerable user inputs within the website.

The only sure way to prevent SQL Injection attacks is input validation and parameterized queries including prepared statements. Moreover, it should be ensured that the application code should never use inputs directly.

SQL Injection

2. Cross-Site Scripting

Cross-Site Scripting attacks through malicious files similar to the SQL Injection methodology.

There are 3 types of Cross-Site Scripting:

  1. Stored XSS: Occurs when a malicious payload is stored in the database.
  2. Reflected XSS: Occurs when a web application sends a string provided by an attacker to the victim’s browser so that the browser executes part of the string as code.
  3. DOM-based XSS: Occurs when an attacker injects a script into a response. Attackers can read and manipulate Document Object Model (DOM) data to craft a malicious URL.
Cross-Site Scripting

3. Phishing Attacks

Phishing attacks are the practice of sending fraudulent communications from well-known sources. This is usually done via email. The purpose is to steal sensitive data, such as credit card and login details, or to install malicious software on a victim’s machine.

The only way to avoid such attacks is to “Stop clicking on Random URLs”.

Phishing Attack

The Ultimate Form of Attack — The Zero-Day Attack

Zero-Day Attack — The Attack with No Remedy Yet

Not to scare anyone … but this attack has no fix yet!

The term Zero-Day refers to the fact that the vendor or developer has only just learned of the flaw — which means they have “zero days” to fix it.

Any software often has security vulnerabilities that hackers can try to exploit. Software developers are always looking out for such vulnerabilities to “patch it up” — that is, develop a solution that they release in the newer updates.

However, sometimes hackers or malicious actors spot the vulnerability before the software developers do. While the vulnerability is still open, attackers can write and implement code to take advantage of it. This is known as exploit code.

It is using the problem with the Troubleshooting processes where it allows to run of any code while troubleshooting.

So, how exactly does the attacker attack?

  • A mail is sent which consists of a Word Document.
  • While opening the document, a troubleshooting pop-up will pop.
    For any random user, it may just be a pop-up. But by that time, the attacker has the access to your system.
  • As the pop-up vanishes, a sign-up bar appears and the user types their info.

And booom… the hacker has full control over your system and all its passwords.

Conclusion

In this world where hackers are hungry for our data, there are a few ways through which can keep our data safe. The ways include not uploading private information on a random website. Refrain from clicking on unknown URLs. To add more security to your data use strong passwords because passwords like “password”, and “*****1234” have become easily decodable.

If you enjoyed reading my blog, do consider leaving some claps below, as it helps with reachability. (You can leave up to 50 claps, thanks!)

--

--

Pattnaikarihant
SIGMA XI VIT

Written by Pattnaikarihant

1 Follower
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams