Password attacks is one among the crucial stages of system hacking. Password cracking mechanisms often exploit otherwise legal means to realize unauthorized system access, like recovering a user’s forgotten password. Classification of password attacks depends on attacker’s actions.
Which are typically one among four types:
Non-Electronic Attacks :
This is often probably the attacker’s first attempt at gaining target system passwords. Non-electronic or non-technical attacks don’t require any technical knowledge about hacking or system exploitation. Therefore, this is often a non-electronic attack. Techniques wont to perform non-electronic attacks include shoulder surfing, social engineering, dumpster diving, etc.
Active Online Attacks :
This is often one among the simplest ways to realize unauthorized administrator-level system access. An attacker must communicate with target machines to realize password access. Techniques employed by the attacker to perform active online attacks include password guessing, dictionary and brute-forcing attack, hash injection, phishing, Poisoning, using Trojan spyware key loggers, etc.
Passive Online Attacks :
A passive attack may be a system attack that doesn’t end in a change to the system in any way. During this attack, the attacker doesn’t get to communicate with the system. Instead, he/she passively monitors or records the info passing over the channel to and from the system. The attacker then uses the observed data to interrupt into the system. Techniques wont to perform passive online attacks include wire sniffing, man-in-the-middle attack, replay attack, etc.
Related Product : Certified Ethical Hacker | CEH Certification
Offline Attacks :
Offline attack refers to password attacks where an attacker tries to recover clear text passwords from a password hash dump. Offline attacks are often time-consuming, but are often successful, as password hashes are often reversed thanks to their smaller keyspace and shorter length. Attackers use pre-computed hashes from rainbow tables to perform offline and distributed network attack.
Non-Electronic Attacks :
Non-electronic, or non-technical, attacks don’t require technical knowledge of methods of system intrusion. There are four kinds of non-electronic attacks: social engineering, shoulder surfing, keyboard sniffing, and dumpster diving.
– Dumpster Diving
“Dumpster diving” may be a key attack method that targets a considerable failure in computer security. The sensitive information that folks crave, protect, and devotedly secure are often accessed by almost anyone willing to scrutinize garbage. Searching through the trash may be a sort of low-tech attack with many implications.
Dumpster diving was actually quite popular within the 1980s. The term itself refers to the gathering of any useful, general information from waste dumps like trashcans, curbside containers, and dumpsters. Even today, curious and/or malicious attackers sometimes find discarded media with password files, manuals, reports, receipts, MasterCard numbers, or other sensitive documents.
Examination of waste products from waste dumps can help attackers, and there’s ample evidence to support this idea. Support staff often dumps sensitive information without an idea regarding on whose hands it’s going to find yourself in. Attackers thus gain unauthorized system, access using these methods. Likewise, the objects found can cause other sorts of attacks, like social engineering.
– Shoulder Surfing
Shoulder surfing may be a technique through which attackers steal passwords by hovering near legitimate users and watching them enter their passwords. Attackers simply watch users’ keyboards or screens as they log in, and to ascertain if users ask, for instance, an object on their desks for written passwords or- mnemonics. Obviously, shoulder surfing is feasible only in some proximity to the target. This type of attack also can occur during a grocery queue, when a possible victim is swiping a revolving credit and entering the specified PIN (Personal Identification Number), which is usually only four digits, making it easier to watch.
Also Read : Top 10 Most Common Types of Cyber Attacks
– Social Engineering
1) In computer security, social engineering is that the term applied to a non-technical sort of intrusion that exploits human behaviour. Typically, it relies heavily on human interaction and sometimes involves tricking people into breaking normal security procedures.
2) A social engineer runs a “con game” to interrupt security procedures. For instance, an attacker using social engineering to interrupt into a network would attempt to gain the trust of somebody authorized to access the network, then attempt to extract the knowledge that compromises network security. Social engineering is, in effect, a run-through won’t to procure tip by deceiving or swaying people.
3) An attacker can misrepresent himself/herself as a user or supervisor to get a user’s password. It’s natural for people to be helpful and trusting. People generally make an attempt to create amicable relationships with friends and colleagues. Social engineers cash in of this tendency.
4) Another trait of social engineering relies on the lack of individuals to stay up with a culture that relies heavily on information technology. Most of the people aren’t conscious of the worth of the knowledge they possess and few are careful about protecting it.
5) Attackers cash in of this fact. Social engineers will typically search dumpsters for valuable information. A social engineer would have a tougher time getting the mixture to a secure, or to a health-club locker, than a password. The simplest defence is to teach, train, and make awareness.
Active Online Attacks :
An attacker must communicate with target machines to realize password access. Techniques employed by the attacker to perform active online attacks include password guessing, dictionary and brute-forcing attack, hash injection, phishing, Poisoning, using Trojan spyware key loggers, etc.
– Dictionary attack
An attack that takes advantage of the fact people tend to use common words and short passwords. The hacker uses a list of common words, the dictionary, and tries them, often with numbers before and/or after the words, against accounts in a company for each username. (Usernames are generally pretty easy to determine as they are almost universally based on the names of the employees.)
– Brute force
Using a program to generate likely passwords or even random character sets. These attacks start with commonly used, weak passwords like Password 123 and move on from there. The programs running these attacks usually try variations on upper and lowercase characters, as well.
– Man In The Middle
In this attack, the hacker’s program doesn’t just monitor information being passed but actively inserts itself in the middle of the interaction, usually by impersonating a website or app. This allows the program to capture the user’s credentials and other sensitive information, such as account numbers, social security numbers, etc. Man in the middle (MITM) attacks are often facilitated by social engineering attacks which lure the user to a fake site.
Ethical Haker needs to know about all these types of password attack. if ethical hacker can crack the compromise computer password so we can assume hacker easily crack those password. because ethical hacker all have to think like a hacker. In CEHv10 Training and Certification you will learn all possible password Attacks. CEHv10 Accreditation by EC-Council.
People also ask Questions
- What type of account policy can protect against password guessing attacks?
- What is a password-based attack?
- Which is generally faster an offline password attack or an online password attack?
- Can password be hacked?
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article Written by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com