Open In App

Introduction to Password Attacks | Ethical Hacking

Last Updated : 13 Sep, 2022
Like Article

Password cracking is one of the imperative phases of the hacking framework. Password cracking is a way to recuperate passwords from the information stored or sent by a PC or mainframe. The motivation behind password cracking is to assist a client with recuperating a failed authentication or recovering a password, as a preventive measure by framework chairmen to check for effectively weak passwords, or an assailant can utilize this cycle to acquire unapproved framework access.

Types of Password Attacks :
Password cracking is consistently violated regardless of the legal aspects to secure from unapproved framework access, for instance, recovering a password the customer had forgotten etc. This hack arrangement depends upon aggressors exercises, which are ordinarily one of the four types:

  1. Non-Electronic Attacks –
    This is most likely the hacker’s first go-to to acquire the target system password. These sorts of password cracking hacks don’t need any specialized ability or information about hacking or misuse of frameworks. Along these lines, this is a non-electronic hack. A few strategies used for actualizing these sorts of hacks are social engineering, dumpster diving, shoulder surfing, and so forth.
  2. Active Online Attacks – 
    This is perhaps the most straightforward approach to acquire unapproved manager-level mainframe access. To crack the passwords, a hacker needs to have correspondence with the objective machines as it is obligatory for password access. A few techniques used for actualizing these sorts of hacks are word reference, brute-forcing, password speculating, hash infusion, phishing, LLMNR/NBT-NS Poisoning, utilizing Trojan/spyware/keyloggers, and so forth.
  3. Passive Online Attacks –
    An uninvolved hack is a deliberate attack that doesn’t bring about a change to the framework in any capacity. In these sorts of hacks, the hacker doesn’t have to deal with the framework. In light of everything, he/she idly screens or records the data ignoring the correspondence channel to and from the mainframe. The attacker then uses the critical data to break into the system. Techniques used to perform passive online hacks incorporate replay attacks, wire-sniffing, man-in-the-middle attack, and so on.
  4. Offline Attacks –
    Disconnected hacks allude to password attacks where an aggressor attempts to recuperate clear content passwords from a password hash dump. These sorts of hacks are habitually dreary yet can be viable, as password hashes can be changed due to their more modest keyspace and more restricted length. Aggressors utilize preprocessed hashes from rainbow tables to perform disconnected and conveyed network hacks.

Some of the best practices protecting against password cracking include :

  1. Perform data security reviews to screen and track password assaults.
  2. Try not to utilize a similar password during the password change.
  3. Try not to share passwords.
  4. Do whatever it takes not to use passwords that can be found in a word reference.
  5. Make an effort not to use clear content shows and shows with weak encryption.
  6. Set the password change technique to 30 days.
  7. Try not to store passwords in an unstable area.
  8. Try not to utilize any mainframe’s or PC’s default passwords.
  9. Unpatched computers can reset passwords during cradle flood or Denial of Service assaults. Try to refresh the framework.
  10. Empower account lockout with a specific number of endeavors, counter time, and lockout span. One of the best approaches to oversee passwords in associations is to set a computerized password reset.
  11. Ensure that the computer or server’s BIOS is scrambled with a password, particularly on devices that are unprotected from real perils, for instance, centralized servers and PCs.

Like Article
Suggest improvement
Share your thoughts in the comments

Similar Reads