Password is as one of the most commonly used mechanisms to authenticate a user to a system. The most common way to exploit any user password is through hacking tools.
Share
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Methods used by hackers to crack any password
Dictionary Attack
As the name suggests, it is the type of attack where the attacker uses a program which cycles through hundreds and sometimes millions of common words found in the dictionary. Hacker usually bases the words cycle on some of the key factors of that person’s psychology. For example, a user is likely to select a short password which is based on the common words found in a dictionary, so the attacker starts searching from those words and most likely to succeed in finding the correct password. Some of the dictionary attack software include John the Ripper, Cain and Abel, L0phtCrack, Crack, and Aircrack-ng.
Brute Force Attack
It is the most commonly used method for gaining access to a person’s computer. In brute force, the attacker uses a program which checks all the possible password combinations starting with the simple ones, till the correct word is found. Unlike dictionary attack, it performs letter to letter search to find the correct password, while in dictionary attack performs word searches. Some of the software used to perform brute force attack include Ophcrack, DaveGrohl, RainbowCrack, and Hashcat.
Rainbow Table Attack
To understand the rainbow table attack, one needs first to understand the hashing technique. Hashing the passwords means converting password caches into a cryptographic random string using a mathematical equation, so that attacker cannot recognize the actual password. Now rainbow table contains the already computed hashes and their actual texts for most common hash algorithms used by the enterprises. It is usually used for a certain length and consist of a limited set of characters. For example, the attacker got the hashes of the actual passwords, so the attacker will use the reduction methods and constantly check with the table if the result collides with the table so the attack is successful and the attacker got the base of the chain, the one which produced the whole chain of hashes, and from that point attacker can find all other passwords of the enterprise.
Keylogger Attack
In keylogger attack, the attacker installs a program on the endpoints of users which can record every keystroke of a user to enter the system. Keylogger attack is one of the smart attack use by hackers, as it uses the type of malware or virus which needs first to infect the endpoints of the user, as it has to keep track of all the keystrokes which is not the built-in feature of any system. In successful keylogger attack, even the strong passwords are considered as weak and cannot protect the user from being hacked.