Robert: They making their own password cracking softwares, BUT for banks, they put some hardware in the "Insert card" socket (they replacing it with the original) so once you put your card, it get's duplicated and all of the info goes to the hacker.
Also, for sites, hackers make Phishing sites, so if you enter your credentials, your credit balance gets zero…
Mostly they do NOT guess. That is why they send scam emails supposedly from the bank notifying them that their account has been compromised or similar. Then a link to a false copy of the bank site so they log in and the hacker captures the typed password. Then passes them to the real bank with an error incorrect password. There are other tricks.
They usually just trick you into giving them your password.
Good hackers rely more on social engineering than raw technical know-how.
Then there is another, they know the individuals that maintain the ATM machines or one better, someone out of their group gets a position in maintenance of ATM's and doesn't refill the paper to issue the receipts..So now ur info is coming back to u and bingo they hit the jack pot..Next thing u know a bank has been compromised. No receipt. No transaction..but most of us will anyway.
Why do you think they guess? A key logger on your pc will tell them directly what passwords you are using.
they usually exploit known weaknesses rather than guessing or brute force
enough people give away their logins on simple request
They create software programs that do the hacking.