Password Cracking is basically getting unauthorized access to a victim's account using different methods of which two are discussed below. There are many other ways of getting credentials the most used one is a phishing attack. Below we discuss two types of cracking attacks.
Brute-Force Attack
It’s a type of attack in which the attacker tries to do a trial-and-error
attack on victim's machine with either a predefined wordlist or create his own
wordlist using
crunch in which words might not make sense.
This kind of attack is most often used in cracking of
WEP/WPA/WPA2 cracking. The probability of getting a password via the
Brute-Force attack is low. Also, if the attacker uses the same trick against a
website, it might not work as the website may have a maximum attempt
rule.
The tools that can be used for brute forcing are:
- aircrack-ng: used for the WiFi password. Command - aircrack-ng -w (wordlist File) -b (MAC of the network) xyz.cap(cap file or the handshake file)
- hyrda: used in web apps, SSH, FTP, etc. Command - hydra -l(for single username)/-L(wordlist of usernames) -p/-P(single/list of password) <target-url> <module-name(post/get)> <parameters>
Dictionary Attack
In a dictionary attack, the wordlist is created using some basic information
about the target like name, DOB, etc. In the case of a website
CeWL is the best tool as it searches the website for the
keywords of the length that is specified and collects those names in a file
and store it as a wordlist.
The dictionary attack is similar to brute force as both wordlist is used but
the words used in the dictionary attacks are meaningful words just like in
dictionaries.
One that can be used is rockyou.txt which is available in
“/usr/share/wordlist”
CeWL command - cewl -m 5(min_length of word) -w (name of the file in which words should
be stored) “URL”
These are the most commonly used tool and there are many more like Medusa,
Ncrack, Wpscan, etc.
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment