Obtaining the system administrator password through cracking and then grasping the control of the server is an important means for hackers. There are many ways to crack the administrator password, and the following are three most common methods.
(1) Guess the simple password: Many people use their or their family’s birthday, phone number, room number, simple number or several digits in their ID number; some people use their own, children, spouse or pet’s names; some system administrators use “password” without even setting passwords, so that hackers can easily get passwords through guessing.
(2) Dictionary attack: If the guesswork fails after the simple password attack, the hacker begins to try dictionary attacks, that is, using the program to try every possibility of words in the dictionary. Dictionary attacks can use duplicate logins or collect encrypted passwords and try to match words in the encrypted dictionary. Hackers usually use an English dictionary or dictionary in other languages. They also use additional dictionary databases such as names and commonly used passwords.
(3) Brutal guess: Similar to dictionary attacks, hackers try all possible character combination methods. A password composed of 4 lowercase letters can be cracked in minutes, while a longer password composed of uppercase letters, including numbers and punctuation points, has a possible combination of 10 trillion. If you can try 1 million combinations per second, you can crack them in one month.