Difference between Brute Force Attack and Dictionary Attack

Password Cracking is basically getting unauthorized access to a victim's account using different methods of which two are discussed below. There are many other ways of getting credentials the most used one is a phishing attack. Below we discuss two types of cracking attacks.


Brute-Force Attack 

It’s a type of attack in which the attacker tries to do a trial-and-error attack on victim's machine with either a predefined wordlist or create his own wordlist using crunch in which words might not make sense. 

This kind of attack is most often used in cracking of WEP/WPA/WPA2 cracking. The probability of getting a password via the Brute-Force attack is low. Also, if the attacker uses the same trick against a website, it might not work as the website may have a maximum attempt rule. 

The tools that can be used for brute forcing are:
  • aircrack-ng: used for the WiFi password. Command - aircrack-ng -w (wordlist File) -b (MAC of the network) xyz.cap(cap file or the handshake file)
  • hyrda: used in web apps, SSH, FTP, etc. Command - hydra -l(for single username)/-L(wordlist of usernames) -p/-P(single/list of password) <target-url> <module-name(post/get)> <parameters>

Dictionary Attack

In a dictionary attack, the wordlist is created using some basic information about the target like name, DOB, etc. In the case of a website CeWL is the best tool as it searches the website for the keywords of the length that is specified and collects those names in a file and store it as a wordlist. 

The dictionary attack is similar to brute force as both wordlist is used but the words used in the dictionary attacks are meaningful words just like in dictionaries.  

One that can be used is rockyou.txt which is available in “/usr/share/wordlist” 

CeWL command - cewl -m 5(min_length of word) -w (name of the file in which words should be stored) “URL”

These are the most commonly used tool and there are many more like Medusa, Ncrack, Wpscan, etc.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment