1. Password Cracking Techniques 4.1.1 Rules of password. 4.1.2 Types of password attacks 4.1.3 Manual password cracking 4.1.4 Attacks that can be used to gain password 4.1.5 Password cracking attacks using tool such as Hydra 4.1.6 Password cracking countermeasures.
2. 4.1.1 Rules of password
2.1. -A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken. -Some examples of passwords that lend themselves to cracking: ■ Passwords that use only numbers ■ Passwords that use only letters ■ Passwords that are all upper- or lowercase ■ Passwords that use proper names ■ Passwords that use dictionary words ■ Short passwords (fewer than eight characters)
3. 4.1.2 Types of password attacks
3.1. a. Passive online attacks b. Active online attacks c. Offline attacks
4. 4.1.3 manual password cracking
4.1. a. Default passwords b. Guessing passwords
5. 4.1.4 attacks that can be used to gain password
5.1. a. Redirecting SMB Logon to attacker b. SMB relay MITM c. NetBIOS DOS attack
6. 4.1.5 password cracking attacks using tool such as Hydra
6.1. Hydra is a very well-known and respected network log on cracker (password cracking tool) which can support many different services. (Similar projects and tools include medusa and John The Ripper).
7. 4.1.6 password cracking countermeasures
7.1. Also network administrator should encourage users to change their passwords at regular intervals and ask them to never leave their consoles or desktop unlocked since they can invite troubles like key loggers, spy wares, Trojans and sniffers.
8. 4.2 Performs privilege escalation 4.2.1 Privilege escalation. 4.2.2 Rootkits. 4.2.3 Several types of rootkits such as: 4.2.4 Rootkits countermeasures.
