Password Cracking tool

Hello All, I need your inputs again. I have doubt on one of practice question from Darril's book.

Which of the following is used to crack passwords?(Choose all that apply)
A.John the Ripper
B.Rainbow table
C.Cain and Abel
D.Wireshark

Answer given is A,B,C. I also selected D. Wireshark which i think can be used to crack passwords.

Find more posts tagged with

Comments

rogue2shadow

If you take that literally it could be all four because what if you catch a password passed in the clear. If the phasing was different you'd probably have A and C.

chrisone

I dont believe wireshark cracks anything, it just sniffs packets and if you can see a password in clear text, then that is what you see, but you didnt crack or force your way into any password.

ibcritn

ketanwip wrote: »

Hello All, I need your inputs again. I have doubt on one of practice question from Darril's book.

Which of the following is used to crack passwords?(Choose all that apply)
A.John the Ripper
B.Rainbow table
C.Cain and Abel
D.Wireshark

Answer given is A,B,C. I also selected D. Wireshark which i think can be used to crack passwords.

Wireshark "sniffs" and may find a password sent in clear, but doesn't "crack" the password.

A, B, C could perform password cracking through various techniques. John the Ripper would be the most versatile PW cracker if you asked me.

ketanwip

In Darril's book, its mentioned under topic Protocol Analyzer.."Protocol Analyzers such as Wireshark can be used to discover passwords sent in clear text". Again its mentioned as one of its common purpose.
And if i am attacker and i came to know abt clear text password are flowing across a network, i will definitely use Wireshark to crack it.

rogue2shadow

chrisone wrote: »

I dont believe wireshark cracks anything, it just sniffs packets and if you can see a password in clear text, then that is what you see, but you didnt crack or force your way into any password.

True; it is a protocol analyzer by profession. The question is a little loosely stated but I hear ya. Do they mean "crack" as in break/reveal/reassemble the hash's contents? "Crack" as in you "obtained the password by an alternate means?". Wireshark definitely does not logically crack passwords lol. What it should say is "Which of the following tools is used to crack passwords? (Select two)" to avoid any misconceptions (even in the slightest).

EDIT: Playing devil's advocate

ibcritn

ketanwip wrote: »

In Darril's book, its mentioned under topic Protocol Analyzer.."Protocol Analyzers such as Wireshark can be used to discover passwords sent in clear text". Again its mentioned as one of its common purpose.
And if i am attacker and i came to know abt clear text password are flowing across a network, i will definitely use Wireshark to crack it.

Here is the problem. If you capture a password sent in clear with Wireshark it requires no "Cracking". So Wireshark isn't "Cracking" passwords, but can capture clear-text passwords.

Make sense?

badboyeee

ketanwip wrote: »

In Darril's book, its mentioned under topic Protocol Analyzer.."Protocol Analyzers such as Wireshark can be used to discover passwords sent in clear text". Again its mentioned as one of its common purpose.

key word is discover. discover does not mean cracking it, just sniffing it.

ketanwip wrote: »

And if i am attacker and i came to know abt clear text password are flowing across a network, i will definitely use Wireshark to crack it.

replace crack with sniff.

ketanwip

ibcritn wrote: »

Wireshark "sniffs" and may find a password sent in clear, but doesn't "crack" the password.

A, B, C could perform password cracking through various techniques. John the Ripper would be the most versatile PW cracker if you asked me.

Appreciate your reply.
You said Wireshark sniffs and may "find" password. According to book "Crack" also means "Discover".

"Cain and Abel: Commonly used to discover passwords on windows system..."
"Password Crackers discover or crack passwords"
So finding or cracking, one and the same, right?

ketanwip

badboyeee wrote: »

key word is discover. discover does not mean cracking it, just sniffing it.

replace crack with sniff.

In the book, discover term is frequently used (along with Crack) while describing Password Cracker tools.

badboyeee

ketanwip wrote: »

In the book, discover term is frequently used (along with Crack) while describing Password Cracker tools.

hmm hehe..

ok discover is a more general term.. it can mean crack or sniff or capture... but cracking and sniffing doesn't mean the same thing... (see other replies for more info)

but the question is being more specific, asking what programs can crack passwords.. so it cant be wireshark. wireshark can only capture/sniff packets that may contain passwords in clear text.

fss

Wireshark is clearly not a password cracker. "Cracking" implies actively trying to obtain a password, which Wireshark does not do. Cain & Able (IIRC) can brute-force and use rainbow tables. John the Ripper is a well-known, de facto password cracker.

ketanwip

fss wrote: »

Wireshark is clearly not a password cracker. "Cracking" implies actively trying to obtain a password, which Wireshark does not do. Cain & Able (IIRC) can brute-force and use rainbow tables. John the Ripper is a well-known, de facto password cracker.

Thank you all. I will have to agree to what each of you suggested.

I agree Wireshark is clearly not password cracker. Had the question been "Which of following are Password Cracker", i would not have raised the doubt.
Question says what can be used to crack?

Thanks again

fss

ketanwip wrote: »

I agree Wireshark is clearly not password cracker. Had the question been "Which of following are Password Cracker", i would not have raised the doubt.
Question says what can be used to crack?

...

Well, if Wireshark is not a password cracker, how can it be used to crack passwords?

ketanwip

fss wrote: »

...

Well, if Wireshark is not a password cracker, how can it be used to crack passwords?

Sorry, I meant to say, Wireshark is not Password Cracker (Tool).

fss

ketanwip wrote: »

Sorry, I meant to say, Wireshark is not Password Cracker (Tool).

It doesn't matter- Wireshark has no active cracking capability. Therefore, it cannot be used to crack passwords by definition.

badboyeee

ketanwip wrote: »

Which of the following is used to crack passwords?(Choose all that apply)

is the same thing as..

ketanwip wrote: »

Had the question been "Which of following are Password Cracker"(Choose all that apply)

ibcritn

Wireshark can in fact discover passwords, but it can't "crack" passwords. This is the problem...sniffing network traffic isn't cracking passwords. All Wireshark does is sniff network traffic.

eansdad

Key word is crack. Wireshark doesn't crack anything only shows. Easiest way to put it.

A.John the Ripper - Program used to crack passwords
B.Rainbow table - A table of hashes used to crack passwords
C.Cain and Abel - Program used to crack passwords
D.Wireshark - Program used to capture packets

Verruckt

Yep - You have to pay attention to the actual question as the exact questions can trick you. The wording as others have said was "crack". Wireshark doesn't crack but sniffs or just catches the password if in plain text.

Many questions seem to be like that - it's the exact wording you need to pay attention to.

cyberguypr

I've noticed that some people struggle with questions like this. Remember, they want the best answer. In some cases all may be correct to some extent but as other mentioned, the way the question is phrased points you in the right direction. Read the question a few times.

ibcritn

cyberguypr wrote: »

I've noticed that some people struggle with questions like this. Remember, they want the best answer. In some cases all may be correct to some extent but as other mentioned, the way the question is phrased points you in the right direction. Read the question a few times.

+1 People that struggle with these types of questions will have a very difficult time with some of the tricky tests that employ several possible correct answers, but they want the MOST correct (Cisco, ISC2 come to mind)