For offline password cracking (say acquiring a SAM or passwd file), yeah, that is the rudimentary basics of the process.
There are other nuances to the process of password cracking... for instance, will you be bruteforcing (going through every possible sequence of viable digits until reaching the actual passwords), what type of cypher is it? will you be using rainbow tables? do you have a password list based on a targeted user profile? Have you intercepted other passwords/data via other means such as: packetsniffing, spyware, RAT, phishing/general social engineering, or some other surveillance method that can help you make more educated guesses and thus speed up the process?
Often times users will ignorantly use the same password over and over, and if not, the second most common method is using permutations of existing passwords/phrases which aids in creating targeted password files. If the user opts for using a passwordmanager/generator, you have a different problem set, with potentially a very big payoff.
This can be a very simple or very involved process depending on what direction you take it. But yeah, for the basics, you have the general idea...
BTW, you need to post an introduction before posting on other locations within the forum.
