Get Started. It's Free
or sign up with your email address

1. Manual Password Cracking

1.1. Default passwords

1.1.1. Set by the manufacturer when the device or system is built.

1.1.2. They are documented and provided to the final consumer of the product and are intended to be changed.

1.1.3. However, not all users or businesses get around to taking this step, and hence they leave themselves vulnerable.

1.2. Guessing passwords

1.2.1. Locate a valid user

1.2.2. Determine a list of potential passwords.

1.2.3. Rank possible passwords from least to most likely.

2. Attacks That Can Be Used To Gain Password

2.1. Redirecting Server Message Block (SMB) Logon to attacker

2.1.1. Eavesdropping on LM responses becomes much easier if the attacker can trick the victim to attempt Windows authentication of the attacker's choice.

2.1.2. Basic trick is to send an email message to the victim with an embedded hyperlink to a fraudulent SMB server.

2.1.3. When the hyperlink is clicked, the user unwittingly sends his credentials over the network.

2.2. SMB relay MITM

2.2.1. where the attacker asks the victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target.

2.2.2. the attacker forwards the authentication information both ways, giving him access.

2.3. NetBIOS DOS attack

2.3.1. A NetBIOS denial-of-service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS Name Service on a target Windows systems and forces the system to place its name in conflict so that the name can no longer be used. This essentially blocks the client from participating in the NetBIOS network and creates a network DoS for that system.

3. Password Cracking Attacks Using Tool Such As Hydra

3.1. password cracking countermeasures

3.1.1. The first best counter measure against password cracking is using strong password

3.1.2. Possible strong password should be implemented to protect you against password cracking.

3.2. Performs privilege escalation

3.2.1. Privilege escalation types: horizontal and vertical

3.2.2. Rootkits.

3.2.3. Several types of rootkits

3.2.4. Rootkits countermeasures

3.3. Perform system attack

3.3.1. Hiding files purpose and the techniques

3.3.2. NTFS file streaming.

3.3.3. NTFS countermeasures

3.3.4. Steganography technologies.

3.3.5. Buffer overflow attack

4. Password Cracking Techniques

4.1. Rules of password

4.1.1. A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.

4.1.2. Some examples of passwords that lend themselves to cracking: ■ Passwords that use only numbers ■ Passwords that use only letters ■ Passwords that are all upper- or lowercase ■ Passwords that use proper names ■ Passwords that use dictionary words ■ Short passwords (fewer than eight characters)

5. Types Of Password Attacks

5.1. Passive online attacks

5.1.1. A passive online attack, the attacker tends to be not engaged or less engaged than they would be during other kinds of attacks

5.2. The rules for creating a strong password are a good line of defense against the attacks we will explore. Avoid the following:

5.2.1. ■ Passwords that contain letters, special characters, and numbers: stud@52 ■ Passwords that contain only numbers: 23698217 ■ Passwords that contain only special characters: &*#@!(%) ■ Passwords that contain letters and numbers: meetl23 ■ Passwords that contain only letters: POTHMYDE ■ Passwords that contain only letters and special characters: rex@&ba ■ Passwords that contain only special characters and numbers: 123@$4

5.3. Active Online Attacks

5.3.1. These attacks use a more aggressive form of penetration that is designed to recover passwords.

5.3.2. Examples: Using password guessing, Trojans, Spyware, Hash Injection and Keyloggers

5.4. Offline Attacks

5.4.1. Offline attacks represent yet another form of attack that is very effective and difficult to detect in many cases.

6. Password Cracking Countermeasures

6.1. To protect against hashing of the algorithms for password stored on the server it should be physically isolated and even passwords should be salted (randomized).