From cracking passwords to defending systems — this module dives deep into the “Gaining Access” phase of ethical hacking. 🔸 Password Cracking 101 – LM, NTLM, and Kerberos explained 🔸 Common Attack Types – Brute Force, Dictionary, Spraying & More 🔸 Top Tools – John the Ripper, Hydra, Metasploit, GMER 🔸 Defense Tactics – MFA, Password Policies, Monitoring, and Anti-Malware Understand how attackers break in — so you can stop them before they do.

3. www.infosectrain.com
PASSWORD CRACKING - MICROSOFT AUTHENTICATION
SAM
Database
Kerberos
Authentication
NTLM
Authentication
Stores user credentials as LM/NTLM hashes
Located in the system directory, locked during runtime
Example hash: OCB6948805E797BE2A82807973B89537
Replay attacks
Interception
Impersonation
Basic scrambling method for passwords
Uses domain controller challenge-response
Has 3 security versions
Example: Joy:2001
NO PASSWORD**************
AD34FAD1234FED12345ABCDE:::
More secure, ticket-based protocol
Uses secret-key cryptography
Protects
against:
Ensures mutual authentication (client and server)
Process:
Client requests access from the
Authentication Server (AS)
AS issues Ticket Granting Ticket (TGT)
Client sends TGT to Ticket Granting
Server (TGS)
TGS issues Service Ticket
Client uses the Service Ticket to
access the target service
Both client and server validate
each other’s identity
CEH
MODULE
6

4. www.infosectrain.com
Non-Electric
Attacks
Active
Online
Attacks
Passive
Online
Attacks
Offline
Attacks
TYPES OF PASSWORD ATTACKS
Password spraying: common passwords across users
Rainbow table attacks: using precomputed
hash-password maps
Distributed network attacks: using multiple
systems to crack hashes
Wire sniffing: intercepting data over networks
Replay attacks: reusing captured credentials
Man-in-the-Middle: intercepting communications
between parties
Shoulder surfing: watching password entry
Social engineering: tricking users
Dumpster diving: finding written passwords
Brute force: every combo
Dictionary: common words
Rule-based: patterned variations
Malware: Trojans, spyware
LLMNR/NBT-NS poisoning: network spoofing
Kerberos cracking: protocol exploitation
CEH
MODULE
6

5. www.infosectrain.com
John the Ripper
Hydra
Metasploit
GMER
Fast password cracker
Supports various hash types
Network logon cracker
Supports many protocols
Rootkit detector
Useful for stealth malware analysis
PASSWORD CRACKING TOOLS
Used for exploitation and privilege escalation
CEH
MODULE
6

6. www.infosectrain.com
DEFENSIVE STRATEGIES AGAINST PASSWORD CRACKING
Password
Policies
Multi-Factor
Authentication (MFA)
Monitoring
and Detection
Anti-Malware
Tools
Application
Controls
Enforce strong, complex passwords
Use regular password changes
Adds a second layer of security
Reduces reliance on passwords
Use application whitelisting
Restrict unauthorized software execution
Detect brute force attempts
Analyze behavior and system logs
Defend against spyware/keyloggers
Detect rootkits and stealth attacks
CEH
MODULE
6

7. To Get More Insights Through Our FREE
FOUND THIS USEFUL?
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE FOLLOW
SHARE