Editing Access Control attacks
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 13: | Line 13: | ||
*'''Reverse brute force attack''':Involves using a common password or group of passwords against multiple possible usernames. | *'''Reverse brute force attack''':Involves using a common password or group of passwords against multiple possible usernames. | ||
*'''Credential stuffing''':Credential stuffing is a unique form of brute force attack that uses breached username and password pairs. | *'''Credential stuffing''':Credential stuffing is a unique form of brute force attack that uses breached username and password pairs. | ||
+ | |||
Automated tools are also available to help with brute-force attacks, the most popular are: | Automated tools are also available to help with brute-force attacks, the most popular are: | ||
− | * | + | *Aircrack-ng |
− | * | + | |
− | * | + | *John the Ripper |
− | + | ||
− | + | *Rainbow Crack | |
− | |||
− | |||
− | |||
− | + | *Crack | |
− | + | *Hashcat | |
− | + | *DaveGrohl | |
− | + | *Ncrack | |
+ | *THC Hydra | ||
− | |||
− | |||
− | + | ===Rainbow Table=== | |
− | === | + | The passwords in a computer system are not stored directly as plain texts, but are hashed using encryption. A hash function is a one way function, which means that it can’t be decrypted. Whenever a user enters a password, it is converted into a hash value and is compared with the already stored hash value. If the values match, the user is authenticated. |
+ | |||
+ | '''A rainbow table is a database that is used to gain authentication by cracking the password hash.''' It is a pre-computed dictionary of plain-text passwords and their corresponding hash values that can be used to find out what plain-text password produces a particular hash. | ||
+ | |||
+ | ===Password Spraying=== | ||
===Sniffer Attacks=== | ===Sniffer Attacks=== | ||
Line 53: | Line 54: | ||
===Phishing Attack=== | ===Phishing Attack=== | ||
===Spear Phishing Attack=== | ===Spear Phishing Attack=== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Advertising: