How To Find Out Someones Password On Mac

broken image


In the spirit of DEF CON and a week of hacking, Tech Talker covers one question he gets asked all the time: How do you 'crack' a password?

  1. How To Find Someone's Roblox Password
  2. How To Find Saved Passwords On Mac
By
How to see saved passwords on mac

Well, that depends on how your settings are. But since you don't have your administrator password, you can't make changes anyway. In the future when you reset the password and regain access you can find these settings in system preferencessecurity and privacy general tab. Someone has told me I should be shutting it down when I'm not using it. When you change the password, you'll see a prompt letting you know a new login keychain - what MacOS uses to store your passwords will be created, but your old keychain will remain saved on your Mac.

April 7, 2016
Episode #136
Listen
How to Crack a Password Like a Hacker
We are currently experiencing playback issues on Safari. If you would like to listen to the audio, please use Google Chrome or Firefox.
Subscribe
Hide player

I'm going to cover one question that I get asked all the time: How do you 'crack' a password?

To answer that, I'm going to take you through the steps a hacker would use to break your password—so that you can avoid some of the pitfalls that would make you an easy target to any password cracker out there.

What's a Hash?

First, let's talk about how passwords are stored. If a website or program is storing your password--like Google, Facebook or anywhere that you have an online account--the password is generally stored in the form of a hash. A hash is basically a secure way of storing passwords based upon math.

A hash is also a way of scrambling a password—so if you know the trick, you can easily unscramble it. It would be similar to hiding a key to your house in your front yard: if you knew where the key was, it would take you only a few seconds to find it. How to screenshot screen on mac. However, if you didn't know where the key was it would probably take you a long time to find it.

The 2 Types of Hacker Attacks

Now, let's break down password attacks into two different types: online and offline.

Offline attacks are where a hacker can take a password hash, copy it, and take it home with them to work on. Online attacks require the attacker trying to login to your online account to go to the specific website they are targeting.

How To Find Someone's Roblox Password

Online attacks on secure websites are very difficult for a hacker, because these types of sites will limit the number of times an attacker can try a password. This has probably happened to you if you've forgotten your password and been locked out of your account. This system is actually designed to protect you from hackers who are trying billions of guesses to figure out your password.

An online attack would be like if you tried to search for someone's hidden key in their front yard while they were home. If you looked in a few places, it probably wouldn't look too odd; however, if you spent all day in front of the house, you'd be spotted and told to leave right away!

In the case of an online attack, a hacker would most likely do a lot of research on a particular target to see if they could find any identifying information about them, such as children's names, birthdays, significant others, old addresses, etc. From there, an attacker could try a handful of targeted passwords that would have a higher success rate than just random guesses.

Offline attacks are much more sinister, and don't offer this protection. Offline attacks take place when an encrypted file, such as a PDF or document, is intercepted, or when a hashed key is transferred (as is the case with WiFi.) If you copy an encrypted file or hashed password, an attacker can take this key home with them and try to crack it at their leisure.

Although this may sound awful, it's not as bad as you may think. Password hashes are almost always 'one-way functions.' In English, this just means that you can perform a series of scrambles of your password that are next to impossible to reverse. This makes finding a password pretty darn difficult.

Essentially, a hacker has to be very very patient and try thousands, millions, billions, and sometimes even trillions of passwords before they find the right one. There are a few ways hackers go about this to increase the probability that they can find your password. These include:

  1. Dictionary Attacks

  2. Mask/Character Set Attacks

  3. Bruteforce

Let's talk more about each of these.

Dictionary Attacks

Dictionary attacks are just what they sound like: you use the dictionary to find a password. Hackers basically have very large text files that include millions of generic passwords, such as password, iloveyou, 12345, admin, or 123546789. (If I just said your password, change it now!!!)

Hackers will try each of these passwords --which may sound like a lot of work, but it's not. Hackers use really fast computers (and sometimes even video game graphics cards) in order to try zillions of passwords. As an example, while competing at DEFCON this last week, I used my graphics card to break an offline password, at a speed of 500,000 passwords a second!

Mask/Character Set Attacks

If a hacker can't guess your password from a dictionary of known passwords, their next option will be to use some general rules to try a lot of combinations of specified characters. This means that instead of trying a list of passwords, a hacker would specify a list of characters to try.

For example, if I knew your password was just numbers, I would tell my program to only try number combinations as passwords. From here, the program would try every combination of numbers until it cracked the password. Hackers can specify a ton of other settings, like minimum and maximum length, how many times to repeat a specific character in a row, and many more. This decreases the amount of work the program would need to do.

So, let's say I had an 8 character password made up of just numbers. Using my graphics card, it would take about 200 seconds--just over 3 minutes--to crack this password. However, if the password included lowercase letters and numbers, the same 8 character password would take about 2 days to decode.

Bruteforce

If an attacker has had no luck with these two methods, they may also 'bruteforce' your password. A bruteforce tries every character combination until it gets the password. Generally, this type of attack is impractical, though--as anything over 10 characters would take millions of years to figure out!

As you can see, cracking a password isn't as hard as you may think, in theory--you just try trillions of passwords until you get one right! However, it's important to remember that finding that one needle in the haystack is sometimes next to impossible.

Your best safety bet is to have a long password that is unique to you, and to whatever service you're using. I'd highly recommend checking out my episodes on storing passwords and creating strong passwords for more info.

Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.

Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn't encouraging.

First, the good news. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme.

What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. WPA and WPA2 also use a network's SSID as salt, ensuring that hackers can't effectively use precomputed tables to crack the code.

That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.

I started this project by setting up two networks with hopelessly insecure passphrases. The first step was capturing what is known as the four-way handshake, which is the cryptographic process a computer uses to validate itself to a wireless access point and vice versa. This handshake takes place behind a cryptographic veil that can't be pierced. But there's nothing stopping a hacker from capturing the packets that are transmitted during the process and then seeing if a given password will complete the transaction. With less than two hours practice, I was able to do just that and crack the dummy passwords 'secretpassword' and 'tobeornottobe' I had chosen to protect my test networks.

Advertisement

Brother, can you spare a deauth frame?

To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point. This requirement may sound like a steep hurdle, since people often stay connected to some wireless networks around the clock. It's easy to get around, however, by transmitting what's known as a deauth frame, which is a series of deauthorization packets an AP sends to client devices prior to it rebooting or shutting down. Devices that encounter a deauth frame will promptly rejoin an affected network.

Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro. Indeed, using freely available programs like Aircrack-ng to send deauth frames and capture the handshake isn't difficult. The nice thing about Silica is that it allowed me to pull off the hack with a single click of my mouse. In less than 90 seconds I had possession of the handshakes for the two networks in a 'pcap' (that's short for packet capture) file. My Mac never showed any sign it had lost connectivity with the access points.

I then uploaded the pcap files to CloudCracker, a software-as-a-service website that charges $17 to check a WiFi password against about 604 million possible words. Within seconds both 'secretpassword' and 'tobeornottobe' were cracked. A special WPA mode built-in to the freely available oclHashcat Plus password cracker retrieved the passcodes with similar ease.

It was the neighborly thing to do

Cracking such passcodes I had set up in advance to be guessed was great for demonstration purposes, but it didn't provide much satisfaction. What I really wanted to know was how much luck I'd have cracking a password that was actually being used to secure one of the networks in the vicinity of my office. Mac movie editor.

So I got the permission of one of my office neighbors to crack his WiFi password. To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.

Mac

Well, that depends on how your settings are. But since you don't have your administrator password, you can't make changes anyway. In the future when you reset the password and regain access you can find these settings in system preferencessecurity and privacy general tab. Someone has told me I should be shutting it down when I'm not using it. When you change the password, you'll see a prompt letting you know a new login keychain - what MacOS uses to store your passwords will be created, but your old keychain will remain saved on your Mac.

April 7, 2016
Episode #136
Listen
How to Crack a Password Like a Hacker
We are currently experiencing playback issues on Safari. If you would like to listen to the audio, please use Google Chrome or Firefox.
Subscribe
Hide player

I'm going to cover one question that I get asked all the time: How do you 'crack' a password?

To answer that, I'm going to take you through the steps a hacker would use to break your password—so that you can avoid some of the pitfalls that would make you an easy target to any password cracker out there.

What's a Hash?

First, let's talk about how passwords are stored. If a website or program is storing your password--like Google, Facebook or anywhere that you have an online account--the password is generally stored in the form of a hash. A hash is basically a secure way of storing passwords based upon math.

A hash is also a way of scrambling a password—so if you know the trick, you can easily unscramble it. It would be similar to hiding a key to your house in your front yard: if you knew where the key was, it would take you only a few seconds to find it. How to screenshot screen on mac. However, if you didn't know where the key was it would probably take you a long time to find it.

The 2 Types of Hacker Attacks

Now, let's break down password attacks into two different types: online and offline.

Offline attacks are where a hacker can take a password hash, copy it, and take it home with them to work on. Online attacks require the attacker trying to login to your online account to go to the specific website they are targeting.

How To Find Someone's Roblox Password

Online attacks on secure websites are very difficult for a hacker, because these types of sites will limit the number of times an attacker can try a password. This has probably happened to you if you've forgotten your password and been locked out of your account. This system is actually designed to protect you from hackers who are trying billions of guesses to figure out your password.

An online attack would be like if you tried to search for someone's hidden key in their front yard while they were home. If you looked in a few places, it probably wouldn't look too odd; however, if you spent all day in front of the house, you'd be spotted and told to leave right away!

In the case of an online attack, a hacker would most likely do a lot of research on a particular target to see if they could find any identifying information about them, such as children's names, birthdays, significant others, old addresses, etc. From there, an attacker could try a handful of targeted passwords that would have a higher success rate than just random guesses.

Offline attacks are much more sinister, and don't offer this protection. Offline attacks take place when an encrypted file, such as a PDF or document, is intercepted, or when a hashed key is transferred (as is the case with WiFi.) If you copy an encrypted file or hashed password, an attacker can take this key home with them and try to crack it at their leisure.

Although this may sound awful, it's not as bad as you may think. Password hashes are almost always 'one-way functions.' In English, this just means that you can perform a series of scrambles of your password that are next to impossible to reverse. This makes finding a password pretty darn difficult.

Essentially, a hacker has to be very very patient and try thousands, millions, billions, and sometimes even trillions of passwords before they find the right one. There are a few ways hackers go about this to increase the probability that they can find your password. These include:

  1. Dictionary Attacks

  2. Mask/Character Set Attacks

  3. Bruteforce

Let's talk more about each of these.

Dictionary Attacks

Dictionary attacks are just what they sound like: you use the dictionary to find a password. Hackers basically have very large text files that include millions of generic passwords, such as password, iloveyou, 12345, admin, or 123546789. (If I just said your password, change it now!!!)

Hackers will try each of these passwords --which may sound like a lot of work, but it's not. Hackers use really fast computers (and sometimes even video game graphics cards) in order to try zillions of passwords. As an example, while competing at DEFCON this last week, I used my graphics card to break an offline password, at a speed of 500,000 passwords a second!

Mask/Character Set Attacks

If a hacker can't guess your password from a dictionary of known passwords, their next option will be to use some general rules to try a lot of combinations of specified characters. This means that instead of trying a list of passwords, a hacker would specify a list of characters to try.

For example, if I knew your password was just numbers, I would tell my program to only try number combinations as passwords. From here, the program would try every combination of numbers until it cracked the password. Hackers can specify a ton of other settings, like minimum and maximum length, how many times to repeat a specific character in a row, and many more. This decreases the amount of work the program would need to do.

So, let's say I had an 8 character password made up of just numbers. Using my graphics card, it would take about 200 seconds--just over 3 minutes--to crack this password. However, if the password included lowercase letters and numbers, the same 8 character password would take about 2 days to decode.

Bruteforce

If an attacker has had no luck with these two methods, they may also 'bruteforce' your password. A bruteforce tries every character combination until it gets the password. Generally, this type of attack is impractical, though--as anything over 10 characters would take millions of years to figure out!

As you can see, cracking a password isn't as hard as you may think, in theory--you just try trillions of passwords until you get one right! However, it's important to remember that finding that one needle in the haystack is sometimes next to impossible.

Your best safety bet is to have a long password that is unique to you, and to whatever service you're using. I'd highly recommend checking out my episodes on storing passwords and creating strong passwords for more info.

Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.

Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn't encouraging.

First, the good news. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme.

What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. WPA and WPA2 also use a network's SSID as salt, ensuring that hackers can't effectively use precomputed tables to crack the code.

That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.

I started this project by setting up two networks with hopelessly insecure passphrases. The first step was capturing what is known as the four-way handshake, which is the cryptographic process a computer uses to validate itself to a wireless access point and vice versa. This handshake takes place behind a cryptographic veil that can't be pierced. But there's nothing stopping a hacker from capturing the packets that are transmitted during the process and then seeing if a given password will complete the transaction. With less than two hours practice, I was able to do just that and crack the dummy passwords 'secretpassword' and 'tobeornottobe' I had chosen to protect my test networks.

Advertisement

Brother, can you spare a deauth frame?

To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point. This requirement may sound like a steep hurdle, since people often stay connected to some wireless networks around the clock. It's easy to get around, however, by transmitting what's known as a deauth frame, which is a series of deauthorization packets an AP sends to client devices prior to it rebooting or shutting down. Devices that encounter a deauth frame will promptly rejoin an affected network.

Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro. Indeed, using freely available programs like Aircrack-ng to send deauth frames and capture the handshake isn't difficult. The nice thing about Silica is that it allowed me to pull off the hack with a single click of my mouse. In less than 90 seconds I had possession of the handshakes for the two networks in a 'pcap' (that's short for packet capture) file. My Mac never showed any sign it had lost connectivity with the access points.

I then uploaded the pcap files to CloudCracker, a software-as-a-service website that charges $17 to check a WiFi password against about 604 million possible words. Within seconds both 'secretpassword' and 'tobeornottobe' were cracked. A special WPA mode built-in to the freely available oclHashcat Plus password cracker retrieved the passcodes with similar ease.

It was the neighborly thing to do

Cracking such passcodes I had set up in advance to be guessed was great for demonstration purposes, but it didn't provide much satisfaction. What I really wanted to know was how much luck I'd have cracking a password that was actually being used to secure one of the networks in the vicinity of my office. Mac movie editor.

So I got the permission of one of my office neighbors to crack his WiFi password. To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.

Advertisement

My fourth hack target presented itself when another one of my neighbors was selling the above-mentioned Netgear router during a recent sidewalk sale. When I plugged it in, I discovered that he had left the eight-character WiFi password intact in the firmware. Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters. There was no discernible pattern to this password. It didn't spell any word either forwards or backwards. I asked the neighbor where he came up with the password. He said it was chosen years ago using an automatic generation feature offered by EarthLink, his ISP at the time. The e-mail address is long gone, the neighbor told me, but the password lives on.

No doubt, this neighbor should have changed his password long ago, but there is a lot to admire about his security hygiene nonetheless. By resisting the temptation to use a human-readable word, he evaded a fair amount of cutting-edge resources devoted to discovering his passcode. Since the code isn't likely to be included in any password cracking word lists, the only way to crack it would be to attempt every eight-character combination of letters and numbers. Such brute-force attacks are possible, but in the best of worlds they require at least six days to exhaust all the possibilities when using Amazon's EC2 cloud computing service. WPA's use of a highly iterated implementation of the PBKDF2 function makes such cracks even harder.

Besides changing the password every six months or so and not using a 10-digit phone number, my neighbors could have taken another important step to improve their WiFi security. WPA allows for passwords with 63 characters in them, making it possible to append four or five randomly selected words—'applesmithtrashcancarradar' for instance—that are easy enough to repeat to guests who want to use your wireless network but are prohibitively hard to crack.

Yes, the gains made by crackers over the past decade mean that passwords are under assault like never before. It's also true that it's trivial for hackers in your vicinity to capture the packets of the wireless access point that routes some of your most closely held secrets. But that doesn't mean you have to be a sitting duck. When done right, it's not hard to pick a passcode that will take weeks, months, or years to crack.

How To Find Saved Passwords On Mac

With odds like that, crackers are likely to move onto easier targets, say one that relies on the quickly guessed 'secretpassword' or a well-known Shakespearean quote for its security.





broken image