Buy Instagram Followers
CYBER SECURITY
Trending

Password breaking ?

Password breaking
Before proceeding to Password breaking, you should know about three types of authentication factors


Something I have, like username and password.
Something I am, like biometrics
Something I possess, like registered / allowed devices


Password breaking is that the method of extracting the password to realize authorized access to the target system within the guise of a legitimate user. Usually, only the username and password authentication are configured but now, password authentication is the moving toward two-factor authentication or multiple-factor authentication which includes something you have such as username and password with the biometrics.

Password cracking could also be performed by social engineering attack or cracking through tempering the communication and stealing the stored information. Guessable password, short password, password with weak encryption, a password only containing numbers or alphabets can be brreak with ease. Having a robust lengthy and difficult password is usually an offensive line of defense against these breaking attacks.

Typically, as good password contains: –
Case Sensitive letters
Special characters
Numbers
Lengthy password (typically more than 8 letters)


Types of Password Attacks
Password Attacks are classified into the subsequent types: –


Non-Electronic Attacks
Active Online Attacks
Passive Online Attacks
Default Password
Offline Attack

  1. Non-Electronic Attacks
    Non-Electronic attacks or Nontechnical Attacks are the attacks which do not require any type of technical understanding and knowledge. This is the type of attack that can be done by shoulder surfing, social engineering, and dumpster diving. For example, gathering username and password information by standing behind a target when he is logging in, interacting with sensitive information or else. By Shoulder surfing, passwords, account numbers, or other secret information are often gathered depending upon the carelessness of the target.
  2. Active Online Attacks
    Active Online Attack includes different techniques that directly interact with the target for cracking the password. Active Online attacks include: –
  3. Dictionary Attack
    In the Dictionary attack to perform password cracking, a password cracking application is employed along side a dictionary file. This dictionary file contains entire dictionary or list of known and customary words to aim password recovery. This is the only sort of password cracking, and typically , systems aren’t susceptible to dictionary attacks if they use strong, unique and alphanumeric passwords.
  4. Brute Force Attack
    Brute Force attack plan to recover the password by trying every possible combination of characters. Each combination pattern is attempted until the password is accepted. Brute forcing is the common, and basic technique to uncover password.
  5. Hash Injection
    In the Hash injection attack, hashing and other cryptography techniques knowledge is required. In this type of attack,
    The attacker needs to extract users log on hashes, stores in Security Account Manager (SAM)
    By compromising a workstation, or a server by exploiting the vulnerabilities, attacker gain access to the
    Once it compromises the machine, it extracted the log-on hashes of valuable users and
    With the help of these extracted hashes, attacker logged on to the server like domain controller to exploit more
  6. Passive Online Attacks
    Passive online attacks are performed without interfering with the target. Importance of those attacks is due to extraction of the password without revealing the knowledge because it obtains password without directly probing the target.
  7. The most common types of Passive Online Attacks are
    Wire Sniffing
    Wire Sniffing, packet Sniffing may be a process of sniffing the packet using packet sniffing tools within an area Area Network (LAN). By inspecting the Captured packets, sensitive information and password such as Telnet, FTP, SMTP, rlogin credentials can be extracted. There are different sniffing tools available which may collect the packets flowing across the LAN, independent of the sort of data carrying. Some sniffers offer to filter to catch only certain sorts of packets.
  8. Man-in-the-Middle Attack
    A man-in-the-middle attack is that the sort of attack during which attacker involves himself into the communication between other nodes. MITM attack are often explained as a user communicating with another user, or server and attacker insert himself in between the conversation by sniffing the packets and generating MITM or Replay traffic.
  9. The following are some utilities available for attempting Man-in-the-middle (MITM) attacks:
    SSL Strip
    Burp Suite
    Browser Exploitation Framework (BeEF)
    Replay Attack
    In a Replay attack, Attacker capture packets using a packet sniffer tools. Once packets are captured, relevant information like passwords is extracted. By generating replay traffic with the injection of extracted information, attacker gain access to the system
  10. Default Password
    Every new equipment is configured with a default password by the manufactures. It is recommended to change the default password to a unique, secret set of characters. An attacker using default passwords by rummaging through the official website of device manufacturer or through online tools for searching default passwords can attempt this sort of attack. The following are the list of online tools available for searching default password.
    https://cirt.net/
    https://default-password.info/
    http://www.passwordsdatabase.com/

Tip :- Change your password just like a toothbrush

Ankush Gaikwad

Ankush Gaikwad  is the founder and CEO of  CYBRAIN INFOSEC, a Award winning cyber security and IT services company. Ankush is a Software engineer, Certified Ethical Hacker, Blogger, Author, Host , Web scam analyst, Gadget and Product Reviewer, Cyber Security Influencer and Security Researcher.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button