Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Phishing, Password Cracking & Keyloggers

Lesson 7 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Phishing, Password Cracking & Keyloggers

This lesson covers three of the most frequently used attack techniques against end users and authentication systems. Together, they form a complete credential theft pipeline: phishing steals credentials directly through deception; password cracking attacks hashed or encrypted passwords computationally; keyloggers intercept credentials as they are typed.

---

Phishing — Mechanics and Variations

Phishing is a social engineering attack that uses disguised electronic communication (typically email) to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. The attacker masquerades as a trusted entity.

Step-by-Step Phishing Attack Flow:

  1. Target Selection: Attacker identifies target (individual, organization, industry sector)
  2. Research: Gathers information about the target — employer, colleagues, services used (LinkedIn, OSINT)
  3. Pretext Creation: Constructs a convincing story — urgent security alert, prize notification, invoice, delivery notice
  4. Infrastructure Setup: Registers lookalike domain (paypa1.com, amazon-security.com), creates fake login page
  5. Email Crafting: Designs email matching legitimate sender's branding, injects spoofed "From" address
  6. Delivery: Sends phishing email to target (or thousands of targets in mass phishing)
  7. Harvest: Victim enters credentials on fake page; attacker receives them in real-time
  8. Exploitation: Uses stolen credentials immediately for account takeover, lateral movement, or sells them

Types of Phishing:

TypeTargetMethodExampleSophistication
Mass PhishingAnyone (random)Generic bulk emails"Your account has been compromised"Low
Spear PhishingSpecific individualPersonalized email using researched infoEmail appearing to come from colleagueMedium
WhalingC-suite executives (CEO, CFO)Highly researched attack on high-value targetFake merger document for CEOHigh
Clone PhishingRecent email recipientExact copy of legitimate email with malicious linkCloned IT security newsletterMedium
SmishingMobile usersSMS-based phishing"Your package is delayed. Click here"Low–Medium
VishingPhone usersVoice call impersonating authority"IRS calling about tax debt"Medium
PharmingAll web usersDNS poisoning redirects to fake siteBank website redirects to cloneHigh
Exam Tip: Spear phishing is targeted at specific individuals using personal information. Whaling is spear phishing specifically aimed at high-level executives. Pharming manipulates DNS to redirect users without requiring them to click any link — more dangerous as the URL in the browser may look correct.

---

Password Cracking — Types and Techniques

Password cracking is the process of recovering passwords from stored or transmitted credentials. Attackers crack passwords to gain unauthorized access when direct credential theft (phishing) is not possible.

Why Password Cracking Works:

  • Weak passwords: "password123", "123456" appear in billions of breach records
  • Unsalted hashes: same password always produces same hash (rainbow table attack)
  • MD5 / SHA-1 hashing (obsolete): can be cracked in seconds on modern GPUs
  • Password reuse: cracking one service's database reveals passwords for others

Types of Password Cracking:

Attack TypeMethodSpeedBest AgainstExample Tool
Dictionary AttackTries words from a wordlist fileVery FastCommon words, simple passwordsHashcat, John the Ripper
Brute Force AttackTries every possible combinationSlow (exponential)Short passwords with known charsetHashcat, THC-Hydra
Hybrid AttackDictionary words with added numbers/symbolsMediumPasswords like "password1!"Hashcat
Rainbow Table AttackPre-computed hash lookup tableInstantaneousUnsalted MD5/SHA-1 hashesOphcrack, RainbowCrack
Credential StuffingUses previously breached username:password pairsFastPassword reuse across servicesSentry MBA, Snipr
Pass-the-HashUses NTLM hash directly without crackingN/A (no cracking)Windows Active DirectoryMimikatz, PtH toolkit
Shoulder SurfingPhysical observation of typingN/AIn-person scenariosNo tools needed

Defense Against Password Cracking:

  • Strong passwords: 16+ characters, mixed case, numbers, symbols
  • Password salting: Adding a unique random value before hashing — defeats rainbow tables
  • bcrypt/Argon2id: Purpose-built, slow hashing algorithms designed to resist GPU cracking
  • Multi-Factor Authentication: Even if password is cracked, attacker needs second factor
  • Account lockout policies: Lock account after N failed attempts

---

Keyloggers — Capturing Keystrokes

A keylogger (keystroke logger) is a tool that records every key pressed on a keyboard, capturing passwords, credit card numbers, messages, and all other typed information without the user's knowledge.

How Keyloggers Work:

  1. Malware installs itself on victim's device (via phishing, drive-by download, physical access)
  2. Keylogger hooks into the OS input system at the driver or API level
  3. Records all keystrokes with timestamps and active window titles
  4. Periodically sends captured data to attacker via email, FTP, or C2 server

Types of Keyloggers:

TypeCategoryMechanismDetection DifficultyExample
API-basedSoftwareHooks Windows API (SetWindowsHookEx)Low–MediumMany commercial spyware products
Kernel-basedSoftwareOperates at OS kernel level as a driverHighRootkit-embedded keyloggers
Form GrabberSoftwareIntercepts browser form submissions before encryptionHighZeus banking Trojan
Memory InjectionSoftwareInjects code into browser process memoryVery HighAdvanced banking malware
Hardware (USB)HardwarePhysical device between keyboard and PCVery High (invisible to AV)KeyGrabber USB, KeyCarbon
AcousticHardwareAnalyzes sound of keystrokes to deduce keysHighResearch-level attack
ElectromagneticHardwareCaptures keyboard EM emissionsVery HighTempest attacks (NSA)
OpticalHardwareCamera recording keyboardMedium (physical placement needed)CCTV-based attacks
Exam Tip: Keyloggers are classified as software (API-based, kernel-based, form grabbers) and hardware (physical devices). Hardware keyloggers CANNOT be detected by antivirus software since they are physical. Software keyloggers operating at the kernel level (rootkit keyloggers) are very difficult to detect with standard AV.

---

Study Deep: Phishing, Password Attacks & Keyloggers

  1. Phishing bypasses all technical controls: You can have the best firewall, IDS, and antivirus — if an employee clicks a convincing phishing link and submits credentials on a fake page, all technical defenses are bypassed. This is why security awareness training is considered the single most important security investment. Annual phishing simulation exercises (KnowBe4, Proofpoint Security Awareness) measurably reduce click rates from 25% to under 5%.
  1. Have I Been Pwned (HIBP) reveals password exposure: Troy Hunt's database at haveibeenpwned.com contains over 12 billion breached credentials. Organizations and individuals can check if their email/passwords appear in known breaches. Microsoft and Google automatically check if users' passwords appear in breach databases.
  1. Rainbow table attacks are defeated by salting: A salt is a random string appended to a password before hashing: hash(salt + password). Because each password has a unique salt, pre-computed rainbow tables become useless — the attacker must compute hashes for every possible salt+password combination, making the attack computationally infeasible. Modern password storage uses bcrypt (cost factor adjustable), scrypt, or Argon2id.
  1. Keyloggers in banking malware: The Zeus banking Trojan (2007) combined keylogging with form grabbing and man-in-the-browser attacks to steal online banking credentials from millions of victims. It caused $100M+ in banking fraud. Its source code was leaked in 2011, spawning dozens of variants (SpyEye, GameOver Zeus).
  1. Browser password managers reduce keylogger risk: Password managers (Bitwarden, 1Password, LastPass) auto-fill credentials directly into form fields without keyboard input — potentially defeating traditional keystroke keyloggers. However, advanced form grabbers that intercept the browser API call at the point of form submission still capture these credentials.