CRACKING

NON-HASHED
PASSWORDS

Presented by
Gopipriya Chelle
PROBLEM STATEMENT

● Non-hashed passwords stored in systems pose significant security

risks, making them vulnerable to brute force and dictionary
attacks. The objective of this project is to demonstrate and
understand these vulnerabilities and how to effectively crack such
passwords.
INTRODUCTION

● Password security is a critical aspect of cybersecurity. Many

systems still store passwords in non-hashed formats, making
them susceptible to various attacks.
● This project explores techniques to crack non-hashed passwords
using brute force and dictionary attacks, emphasizing the
importance of proper password hashing and encryption.
EXISTING SYSTEM

● Current methods for password storage often involve simple text

files without hashing.
● Common solutions for cracking non-hashed passwords include:
1. Rainbow tables: Precomputed tables for reversing
cryptographic hash functions.
2. Password cracking tools: Software designed to guess
passwords (e.g., John the Ripper).
3. Hybrid attacks: Combining dictionary and brute force attacks
to increase efficiency.
PROPOSED SYSTEM

● This project proposes using two main techniques to crack non-hashed passwords:
1. Brute Force Attack: Trying all possible combinations until the correct password
is found.
2. Dictionary Attack: Using a precompiled list of possible passwords to find
matches.
 SOFTWARE & HARDWARE REQUIREMENTS

Software Requirements:

● Kali Linux: A Linux distribution used for penetration testing.

● Python: Programming language for writing custom scripts.
● Libraries: Relevant Python libraries (e.g., hashlib, itertools).

Hardware Requirements:

● Processor: 1 GHz CPU (32-bit)

● RAM: 1 GB
● Display: 1024x768 resolution used for better experience
● Sufficient storage for password lists and results.
 Brute force
attack's
MODULES Python
script
INVOLVED
1.Setup and configuration
of Kali Linux environment.

2. Implementation of
brute force attack using
Python.

3. Implementation of
dictionary attack using
Python.

4. Analysis and
documentation of the
Dictionary
results obtained from the attack’s
attacks. Python
Script
WORKFLOW
ARCHITECTURE
The architecture of the
project involves:

● Input: List of target

non-hashed
passwords.
● Processing: Brute
force and dictionary
attacks implemented
in Python.
● Output: Successfully
cracked passwords
and the time taken to Flow of events involved
crack them.
 TESTING

Testing Methodology: To evaluate the effectiveness of the proposed cracking

methods, we conducted comprehensive tests using both brute force and
dictionary attacks on a variety of non-hashed passwords.

Simple Passwords:
Length: 4-6 characters
Composition: Lowercase letters
Examples: admin, 1234
Moderate Complexity Passwords:
Length: 8-12 characters
Composition: Lowercase letters
Examples: admin123, password123
 OUTPUT
BRUTE FORCE ATTACK

● Effective for Shorter Passwords: Up to 6

characters.
● Time-Consuming for Longer Passwords:
Exponential increase in combinations.
● Successful Cracks: Simple passwords like admin,
trust, hello1.

OBSERVATIONS:

1. Passwords longer than 6 characters took

impractical time.
2. Demonstration used passwords of 4-5 characters
for manageability. Output
3. Successfully cracked all 5 passwords of 5 users
(less than 6 characters).
 DICTIONARY ATTACK

● Efficient for Common Passwords: Included in the

dictionary.
● Limited by Dictionary Thoroughness:Successful
cracks: 123456, admin123, password123. Output 1

Observations:

1. Success depends on the comprehensiveness of

the dictionary file.
2. Not dependent on password length, but on the
presence in the dictionary.
3. Cracked only one longer password (password123)
due to its inclusion in the dictionary file.
Output 2
CONCLUSION

● This project successfully demonstrated the vulnerabilities of non-hashed

passwords to both brute force and dictionary attacks.
● Brute force attacks, while guaranteed, are time-consuming for complex
passwords. Dictionary attacks are faster but rely on the quality of the
wordlist used.
● These findings highlight the critical need for implementing strong
hashing mechanisms and using complex, unique passwords to enhance
security.
● Future work should focus on exploring more sophisticated attack
methods and developing better defense strategies to improve password
security.
REFERENCES

● OWASP (Open Web Application Security Project): Website: https://owasp.org/

● Kali Linux Documentation: Website: https://www.kali.org/docs/
● Python Documentation: Website: https://docs.python.org/3/
● "Python for Offensive PenTest: A Practical Guide" by Hussam Khrais: A comprehensive guide on using Python
for penetration testing and security analysis.
● "The Hacker Playbook 3: Practical Guide To Penetration Testing" by Peter Kim: A practical guide covering
various penetration testing techniques, including password cracking.
● "Hacking: The Art of Exploitation" by Jon Erickson: A deep dive into the technical aspects of hacking,
including password cracking methodologies.
● "Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers" by
TJ O'Connor: A collection of practical Python scripts for offensive and defensive security operations.
● John the Ripper Documentation: Website: https://www.openwall.com/john/
● Hashcat Documentation: Website: https://hashcat.net/wiki/
● NIST (National Institute of Standards and Technology) Password Guidelines: Website:
https://pages.nist.gov/800-63-3/sp800-63b.html
 QUESTIONS

1. What are the main differences between brute force and dictionary attacks?
2. How does the length and complexity of a password affect the time required for a brute
force attack?
3. Why is the comprehensiveness of the dictionary file crucial for the success of a dictionary
attack?
4. What are the key vulnerabilities of non-hashed passwords?
5. How can the implementation of strong hashing mechanisms improve password security?
6. What were the limitations encountered during the project?
7. What future work or improvements do you propose for enhancing password security?
THANK YOU