It depends. Usually by knowing the password befor they type it in. Most hackers dont try to bruteforce you password, they buy it from another hack of another side, get it from yourself through fishing attacks or use social engeneering to reset your password.