Password Attack Techniques
In this room, we will discuss the techniques that could be used to perform password attacks.ย We will cover various techniques such as a dictionary, brute-force, rule-base, and guessing attacks.ย All the above techniques are considered active โonlineโ attacks where the attacker needs to communicate with the target machine to obtain the password in order to gain unauthorized access to the machine.
Password Cracking vs. Password Guessing
This section discusses password cracking terminology from a cybersecurity perspective. Also, we will discuss significant differences between password cracking and password guessing.ย Finally, weโll demonstrate various tools used for password cracking, includingย Hashcatย andย John the Ripper.
Password cracking is a technique used for discovering passwords from encrypted or hashed data to plaintext data. Attackers may obtain the encrypted or hashed passwords from a compromised computer or capture them from transmitting data over the network.ย Once passwords are obtained, the attacker can utilize password attacking techniques to crack these hashed passwords using various tools.
Password cracking is considered one of the traditional techniques in pen-testing. The primary goal is to let the attacker escalate to higher privileges and access to a computer system or network.ย Password guessing and password cracking are often commonly used by information security professionals. Both have different meanings and implications. Password guessing is a method of guessing passwords for online protocols and services based on dictionaries.ย The following are major differences between password cracking and password guessing:
- Password guessing is a technique used to target online protocols and services. Therefore, itโs considered time-consuming and opens up the opportunity to generate logs for the failed login attempts. A password guessing attack conducted on a web-based system often requires a new request to be sent for each attempt, which can be easily detected. It may cause an account to be locked out if the system is designed and configured securely.
- Password cracking is a technique performed locally or on systems controlled by the attacker.