Cracking

Introduction Password cracking is an offline process where you attempt to recover plaintext from captured hashes or protected files. In penetration tests, weak or reused passwords are common, so success usually comes from smart wordlists and realistic mutations rather than raw brute force. Hashcat is the main tool for this workflow because it supports many algorithms and scales well on GPUs. Hashing, Salting, and Encryption Hashing turns input into a fixed-length digest and is designed to be one-way, so cracking depends on guessing candidates and comparing their hashes. Slow password hashes like PBKDF2 or bcrypt increase cost, while fast hashes like MD5 or SHA1 remain common in legacy systems and breach dumps, and salting reduces rainbow table value without preventing offline attacks. Encryption is reversible with a key and appears in data-at-rest or transport use cases, so it is a different problem from password hashing. The list below summarizes common encryption families, and the commands that follow show how salting changes a digest. ...

Password Attack Overview Password attacks focus on weakening or bypassing authentication by recovering valid credentials from hashes, files, memory, or network workflows. The attacker goal is not just to crack a string, but to turn it into access and prove impact. That is why the process usually mixes offline cracking, remote login checks, and credential harvesting. A clean workflow also documents the source of each credential for reporting. Authentication relies on something you know, have, or are, but in practice passwords are still the most common factor. Users reuse passwords, pick predictable patterns, and store them in unsafe places, which creates opportunities for attackers. Defenders often rely on lockouts and monitoring, but attackers can still use slow, low-noise methods such as spraying. Understanding where passwords live and how they are processed is the key to efficient testing. ...