Password Attacks

(OBJ 2.4)

Password Attacks

• Methods used by attackers to crack or recover passwords
• Types of password attacks
  • Brute Force
  • Dictionary
  • Password Spraying
  • Hybrid

Brute Force Attack

• Tries every possible character combination until the correct password is found
• Effective for simple passwords but time-consuming for complex ones
• Mitigation
  • Increasing password complexity and length
  • Limiting login attempts
  • Using multi factor authentication
  • Employing CAPTCHAS

Dictionary Attack

• Uses a list of commonly used passwords (a dictionary) to crack passwords
• May include variations with numbers and symbols
  • P@$sw0rd
  • password
  • PASSWORD
  • etc.
• Effective against common, easy-to-guess passwords
• Mitigation
  • Increase password complexity and length, limit login attempts, use multifactor authentication, and employ CAPTCHAS
  • Same techniques as brute-force attacks

Password Spraying

• A form of brute force attack that tries a few common passwords against many usernames or accounts
• Effective because it avoids account lockouts and targets weak passwords
  • Avoid triggering account lockouts from too many failed login attempts on one account
• There is a good chance that from a large group of people at least someone is using an easy to guess password
• Mitigation
  • Use unique passwords and implement multi-factor authentication

Hybrid Attack

• Combines elements of brute force and dictionary attacks
• May include variations, such as adding numbers or special characters to passwords
• Can use a static dictionary or dynamically create variations
• Effective for discovering passwords following specific patterns
• Example:
  • Password must contain an 8-character dictionary word and then append a 6-digit random number at the end
  • If you know that everyone's password follows this format, you can use a dictionary based attack to find the first word like fabulous and then use a brute force attack to try ever combination from fabulous000001 to fabulous999999 until the correct password is found

John the Ripper Password Hacking tool

• Primarily used to identify weak Unix passwords but supports other hashes as well

Installing John the Ripper

┌──(macc㉿kaliLab)-[~]
└─$ sudo apt-get install john

Example using echo command:

┌──(macc㉿kaliLab)-[~]
└─$ echo -n "password" | md5sum | awk '{print $1}' > mypasswords.txt

• We want to get the md5sum of the word "password"
  • Note that when you use the md5sum command, it's gonna add a hyphen at the end.
• Use the awk command to remove the hyphen character added by the md5sum command
• Add this as text to the mypasswords.txt file

See the content added to the file

┌──(macc㉿kaliLab)-[~]
└─$  cat mypasswords.txt
5f4dcc3b5aa765d61d8327deb882cf99

• This is the MD5 hash of the word "password"

Example using john command:

┌──(macc㉿kaliLab)-[~]
└─$ john -- format=Raw-MD5 mypasswords.txt

• The word "password" will be displayed highlighted in orange, that is the actual password directly gotten from the provided hash.
• It also shows if the password was already in the MD5 lookup table, meaning it is a common password.