Cracking passwords is one attack vector that can work %100 with time being the only restraint. If trying to crack a pw on a well prepared system/app you may very well die before you ever see even one success, still it can be done. We will look at two kinds of password cracking, they are very vague so this is in no way will cover all there is to know about cracking passwords. I encourage you to ask google about cracking passwords, password crackers and brute force. In fact I suggest you use google to expand your knowledge of all the other topics that are covered here and ones to come. Ok anyway, so the “two kinds” of cracking we are going to look at are cracking of some kind of encryption protected key that we have access to. Such as liunx's passwd file or winblows SAM file. The other is cracking some kind of network service, device, or web cracking such as a forum login. The first is the kind of cracking I would call the easiest and fastest of the two. Something they both have in common is they both involve the same basic method or idea. They both use a word list known as a dictionary attack or brute force attack. Cracking something like the linux passwd file that isnt shadowed “ask google” you would use a program like Jack The Ripper that takes a word from your word list or string from the BF function “that comes as part of most crackers” encrypts it and see if it matches the encrypted key it does this until it finds a match. So now you would then have to make up your mind, to use word lists or to brute force. The main advantage of using word lists is that most ppl use human readable password making words lists more practical over using a brute force that may break the same password but could take days to finely get to that right combo of letters where as a word list could do it in just a few hours if you get really luck even after using just a few word lists. You can find word lists that cover every subject you could think of from words in Moby Dick to first and last names most common to the US or where ever. A good brute force program will have a built in function that generates the keys on demand some rip offs have you make a list that has stings with every possible combo of letters and what not then run it with the cracker. While it works kinda like a brute force it really is a dictionary attack. Now to attack a network service, device, or web cracking such as a forum login you will still be using a word list or a BF method but the encryption step is replaced with a connection to the server trying the user name and password the cracker program gets from the word list or BF function. Now that we are trying to “crack” a password from a remote location it can get really tricky, most places have all kinds of countermeasures to password crackers. Some places only allow so many attempts per some length of time for each account or IP. Others use CAPTCHAs after so many failed attempts then lock the accounts for a length of time. Thats the two main cracking types and the two basic methods used by both. Hope this helps.