Premium Resources
Free Resources
Gaining Access
The goal here is to collect enough information to gain access to the target.
Password Cracking:
There are few basic methods of password cracking:
-
Bruteforce: trying all possible combinations until the password is cracked.
-
Dictionary attack: This is a compiled list of meaningful words, compared against the password field till a match is found.
-
Rule based attack: If some details about the target are known, we can create rules based on the information we know.
-
Rainbow table: Instead of comparing the passwords directly, taking the hash value of the password, comparing them with a list of pre-computed hash values until a match is found.
Rainbow table method gives an advantage to the attacker since no account lockout is enabled for wrong hashes against the password. To prevent rainbow table attack, salting can be used. Salting is a process of adding random numbers to the password so the attacker will not be able to crack the hash without that salt added.
Types of Password Attacks
Passive online attacks
A passive attack is an attack on a system that does not result in a change to the system in any way.
The attack is to purely monitor or record data.
-
Wire Sniffing
-
Man in the middle
-
Replay attack
Active online attack
An active online attack is the easiest way to gain unauthorized administrator-level access to the system
-
Password guessing
-
Trojan/spyware/keyloggers
-
Hash injection
-
Phishing
Offline attacks
Offline attacks occur when the intruder checks the validity of the passwords. Offline attacks are often time to consume.
-
Pre-computed hashes
-
Distributed Network
-
Rainbow
Non-electronic attacks
Non-electronic attacks are also known as non-technical attacks. This kind of attack doesn't require any technical knowledge about the methods of intruding into another system.
-
Social engineering
-
Shoulder surfing
-
Dumpster Diving
How to defend against password cracking:
-
Don't share your password with anyone
-
Do not use the same passwords during password change
-
Enable security auditing to help monitor and track password attack
-
Do not use cleartext protocols and protocols with weak encryption
-
Set the password change policy to 30 days
-
Monitor the server’s logs for brute force attacks on the user’s accounts
-
Avoid storing passwords in an unsecured location
-
Never use passwords such as date of birth, spouse, or child’s or pet’s name
-
Enable SYSKEY with the strong password to encrypt and protect the SAM database
-
Lockout an account subjected to too many incorrect password guesses.