Investigate how password protection works and delve into popular cracking techniques for penetration testing and retrieving data

Key Features

• Gain guidance for setting up a diverse password-cracking environment across multiple platforms
• Explore tools such as John the Ripper, Hashcat, and techniques like dictionary and brute force attacks for breaking passwords
• Discover real-world examples and scenarios to navigate password security challenges effectively

Book Description

Whether you’re looking to crack passwords as part of a thorough security audit or aiming to recover vital information, this book will equip you with the skills to accomplish your goals. Written by a cybersecurity expert with over fifteen years of experience in penetration testing, Ethical Password Cracking offers a thorough understanding of password protection and the correct approach to retrieving password-protected data.

As you progress through the chapters, you first familiarize yourself with how credentials are stored, delving briefly into the math behind password cracking. Then, the book will take you through various tools and techniques to help you recover desired passwords before focusing on common cracking use cases, hash recovery, and cracking. Real-life examples will prompt you to explore brute-force versus dictionary-based approaches and teach you how to apply them to various types of credential storage.

By the end of this book, you'll understand how passwords are protected and how to crack the most common credential types with ease.

What you will learn

• Understand the concept of password cracking
• Discover how OSINT potentially identifies passwords from breaches
• Address how to crack common hash types effectively
• Identify, extract, and crack Windows and macOS password hashes
• Get up to speed with WPA/WPA2 architecture
• Explore popular password managers such as KeePass, LastPass, and 1Password
• Format hashes for Bitcoin, Litecoin, and Ethereum wallets, and crack them

Who this book is for

This book is for cybersecurity professionals, penetration testers, and ethical hackers looking to deepen their understanding of password security and enhance their capabilities in password cracking. You’ll need basic knowledge of file and folder management, the capability to install applications, and a fundamental understanding of both Linux and Windows to get started.

Table of Contents

Part 1: Introduction and Setup

Chapter 1: Password Storage: Math, Probability, and Complexity

Chapter 2: Why Crack When OSINT Will Do?

Chapter 3: Setting Up Your Password Cracking Environment

Chapter 4: John and Hashcat Rules

Part 2: Collection and Cracking

Chapter 5: Windows and macOS Password Cracking

Chapter 6: Linux Password Cracking

Chapter 7: WPA/WPA2 Wireless Password Cracking

Chapter 8: WordPress, Drupal, and Webmin Password Cracking

Chapter 9: Password Vault Cracking

Chapter 10: Cryptocurrency Wallet Passphrase Cracking

Part 3: Conclusion

Chapter 11: Protections against Password Cracking Attacks

About the Author

James Leyte-Vidal is a 20-plus-year veteran of the computer security industry. After a self-taught career in IT, James worked on a computer security incident that changed his career trajectory to security. James consults independently and has worked for Fortune 100 companies in various roles, including security architecture, penetration testing, compliance, policy, and much more. James is also an instructor at the SANS Institute, a global provider of information security training, and a co-author of three SANS courses: SEC467: Social Engineering for Security Professionals, SEC556: IoT Penetration Testing, and SEC617: Wireless Penetration Testing and Ethical Hacking. When not actively doing security work, James can often be found tinkering with hardware or spending time with his family.