Manual password cracking involves attempting to log on with different passwords. The hacker follows these steps:
- Get information about a valid user account (e.g Administrator or Guest user).
- list down the possible passwords.
- Arrange the passwords from high to low.
- Verify using each password from the list.
- Try again and again until a correct password is found.
Hackers can also execute a script file that tries each and every password in a list. This process is manual, time consuming and not usually that effective. A more efficacious way of cracking a password is by accessing the password file. Most systems provide one-way encryption to a password for storage on a system and at the logon process, the password entered by the user is encrypted using the same algorithm and then compared to the encrypted passwords stored in the file on system. Hackers can attempt to access the encryption algorithm stored on the encryption server instead of guessing or listing the probable passwords. Once the hackers are successful in that, they can decrypt the passwords on server.