SlideShare a Scribd company logo

Password Cracking using dictionary attacks

lord
lord

Dictionary attacks theory and used code (in screenshots) made my assignment look great.

Education
1 of 7
Download to read offline
Cyber Security Assignment 2 Performing Password Cracking Vibhansh Gupta 17BCS059 14 December 2020 Page of1 7
The Nature of Passwords Passwords are the most common means of authentication. Passwords are protected by using one-way cryptographic algorithms that produce a hash of set length. Cryptography can only protect something to the point where the only feasible attack on the encrypted secret is to try and guess it. However, in the case of passwords guessing is easy. Passwords are insecure by nature because they are used for preventing humans from guessing a small secret created by humans. 
 It isn’t just web applications that are at risk from brute force attacks. Encrypted databases, password-protected documents, and other secure data can also be stolen in a brute force attack, whether it’s available online or downloaded to an attacker’s computer. GPUs and cryptocurrency ASICs are designed to handle large loads of repetitive tasks, which is exactly what a brute force attacker needs. That doesn't mean every hacker who is attempting a brute force attack uses one, but those who are serious about stealing your data de f initely do. Exhaustive key searches are the solution to cracking any kind of cryptography, but they can take a very long time. When an attacker has a high degree of con f idence that the password they're trying to crack consists of certain words, phrases, or number and letter combinations, it can be much quicker to compile a dictionary of possible combinations and use that instead. Page of2 7
Dictionary Attacks Dictionaries are raw text f iles consisting of one word or phrase per line. Each line is a candidate match where each hash is computed and compared to the hashes to be recovered. The di ff erence between a Dictionary and a brute-force attack is that a Dictionary contains a list of probable matches rather than all possible string combinations. A Dictionary needs to be well optimised otherwise if it includes any string combinations it risks becoming a brute-force attack and loses its e ff iciency. Therefore Dictionaries often include known popular passwords, words from the English and other languages, ID numbers, phone numbers, sentences from books etc. Many services prevent users from using simple words as their passwords and ask to include special characters, numbers, and uppercase letters. But even though “Password123!” technically matches these criteria, it can’t be considered a strong password, and any dictionary attack would crack it. The wordlists with the best success rate are the ones that are composed from actual passwords taken from di ff erent public sources or previously disclosed databases. A well-optimised wordlist can be the most successful of all the attacks described. Fig. 1 A simple bash script that can be used for a dictionary attack. Page of3 7
The Attack with screenshots Fig. 2 Old Ubuntu IRC Channel logs available online Fig. 3 Generating the dictionary from IRC chat log f iles Page of4 7

 Fig. 4 Main Method for staging the attack Page of5 7
Fig. 5 Attack ran on data from a FTP Server where ua-h000** are users Page of6 7
Conclusion Reviewing the output you can see I was able to determine the password for the account in less than 4 minutes. That’s just one of many accounts on the server. From here you could write an automated tool to crack accounts and then implant backdoors once an account is compromised. While brute-force and dictionary attacks aren’t generally your go-to options, they do have their place. Dictionary attacks, especially, can be really powerful if used in the correct manner. References Used • Lecture 24: The Dictionary Attack and the Rainbow-Table Attack on Password Protected Systems by Avi Kak - Purdue University (May 19, 2020) • Cracking Encrypted PDF Password Using Dictionary Attack by Shaquib Izhar - Cybrary Blog (Feb 15, 2018) • Modern Password Cracking: A hands-on approach to creating an optimised and versatile attack by Chrysanthou Yiannis - Royal Holloway, University of London (May 01, 2013) Page of7 7

Recommended

Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
Scott Sutherland
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
美兰 曾
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 

Recommended

Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
Scott Sutherland
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
美兰 曾
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Ethical Hacking Tools
Ethical Hacking ToolsEthical Hacking Tools
Ethical Hacking Tools
Multisoft Virtual Academy
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Hash cat
Hash catHash cat
Hash cat
Sreekanth Narendran
 
Firewalls
FirewallsFirewalls
Firewalls
vaishnavi
 
Computer System Security
Computer System SecurityComputer System Security
Computer System Security
SURBHI SAROHA
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
zeus7856
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 

More Related Content

What's hot

Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Ethical Hacking Tools
Ethical Hacking ToolsEthical Hacking Tools
Ethical Hacking Tools
Multisoft Virtual Academy
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Hash cat
Hash catHash cat
Hash cat
Sreekanth Narendran
 
Firewalls
FirewallsFirewalls
Firewalls
vaishnavi
 
Computer System Security
Computer System SecurityComputer System Security
Computer System Security
SURBHI SAROHA
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 

What's hot (20)

Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Ethical Hacking Tools
Ethical Hacking ToolsEthical Hacking Tools
Ethical Hacking Tools
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Hash cat
Hash catHash cat
Hash cat
 
Firewalls
FirewallsFirewalls
Firewalls
 
Computer System Security
Computer System SecurityComputer System Security
Computer System Security
 
Ipsec
IpsecIpsec
Ipsec
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Firewall
FirewallFirewall
Firewall
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall
FirewallFirewall
Firewall
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 

Similar to Password Cracking using dictionary attacks

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
zeus7856
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
Klaus Drosch
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
n|u - The Open Security Community
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
 
Enterprise Password Worst Practices
Enterprise Password Worst PracticesEnterprise Password Worst Practices
Enterprise Password Worst Practices
Imperva
 
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
IJCNCJournal
 
Ethical hacking - Skills.pptx
Ethical hacking - Skills.pptxEthical hacking - Skills.pptx
Ethical hacking - Skills.pptx
Nargis Parveen
 
The strategies of password
The strategies of passwordThe strategies of password
The strategies of password
Alimasmali3
 
Study of Directory Traversal Attack and Tools Used for Attack
Study of Directory Traversal Attack and Tools Used for AttackStudy of Directory Traversal Attack and Tools Used for Attack
Study of Directory Traversal Attack and Tools Used for Attack
ijtsrd
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
Pixel Crayons
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
ColumnInformationSecurity
 

Similar to Password Cracking using dictionary attacks (20)

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
Brute force
Brute forceBrute force
Brute force
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
Enterprise Password Worst Practices
Enterprise Password Worst PracticesEnterprise Password Worst Practices
Enterprise Password Worst Practices
 
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
 
Ethical hacking - Skills.pptx
Ethical hacking - Skills.pptxEthical hacking - Skills.pptx
Ethical hacking - Skills.pptx
 
The strategies of password
The strategies of passwordThe strategies of password
The strategies of password
 
Study of Directory Traversal Attack and Tools Used for Attack
Study of Directory Traversal Attack and Tools Used for AttackStudy of Directory Traversal Attack and Tools Used for Attack
Study of Directory Traversal Attack and Tools Used for Attack
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Network Security
Network SecurityNetwork Security
Network Security
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 

Recently uploaded

Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 

Recently uploaded (20)

Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 

Password Cracking using dictionary attacks

  • 1. Cyber Security Assignment 2 Performing Password Cracking Vibhansh Gupta 17BCS059 14 December 2020 Page of1 7
  • 2. The Nature of Passwords Passwords are the most common means of authentication. Passwords are protected by using one-way cryptographic algorithms that produce a hash of set length. Cryptography can only protect something to the point where the only feasible attack on the encrypted secret is to try and guess it. However, in the case of passwords guessing is easy. Passwords are insecure by nature because they are used for preventing humans from guessing a small secret created by humans. 
 It isn’t just web applications that are at risk from brute force attacks. Encrypted databases, password-protected documents, and other secure data can also be stolen in a brute force attack, whether it’s available online or downloaded to an attacker’s computer. GPUs and cryptocurrency ASICs are designed to handle large loads of repetitive tasks, which is exactly what a brute force attacker needs. That doesn't mean every hacker who is attempting a brute force attack uses one, but those who are serious about stealing your data de f initely do. Exhaustive key searches are the solution to cracking any kind of cryptography, but they can take a very long time. When an attacker has a high degree of con f idence that the password they're trying to crack consists of certain words, phrases, or number and letter combinations, it can be much quicker to compile a dictionary of possible combinations and use that instead. Page of2 7
  • 3. Dictionary Attacks Dictionaries are raw text f iles consisting of one word or phrase per line. Each line is a candidate match where each hash is computed and compared to the hashes to be recovered. The di ff erence between a Dictionary and a brute-force attack is that a Dictionary contains a list of probable matches rather than all possible string combinations. A Dictionary needs to be well optimised otherwise if it includes any string combinations it risks becoming a brute-force attack and loses its e ff iciency. Therefore Dictionaries often include known popular passwords, words from the English and other languages, ID numbers, phone numbers, sentences from books etc. Many services prevent users from using simple words as their passwords and ask to include special characters, numbers, and uppercase letters. But even though “Password123!” technically matches these criteria, it can’t be considered a strong password, and any dictionary attack would crack it. The wordlists with the best success rate are the ones that are composed from actual passwords taken from di ff erent public sources or previously disclosed databases. A well-optimised wordlist can be the most successful of all the attacks described. Fig. 1 A simple bash script that can be used for a dictionary attack. Page of3 7
  • 4. The Attack with screenshots Fig. 2 Old Ubuntu IRC Channel logs available online Fig. 3 Generating the dictionary from IRC chat log f iles Page of4 7
  • 5. 
 Fig. 4 Main Method for staging the attack Page of5 7
  • 6. Fig. 5 Attack ran on data from a FTP Server where ua-h000** are users Page of6 7
  • 7. Conclusion Reviewing the output you can see I was able to determine the password for the account in less than 4 minutes. That’s just one of many accounts on the server. From here you could write an automated tool to crack accounts and then implant backdoors once an account is compromised. While brute-force and dictionary attacks aren’t generally your go-to options, they do have their place. Dictionary attacks, especially, can be really powerful if used in the correct manner. References Used • Lecture 24: The Dictionary Attack and the Rainbow-Table Attack on Password Protected Systems by Avi Kak - Purdue University (May 19, 2020) • Cracking Encrypted PDF Password Using Dictionary Attack by Shaquib Izhar - Cybrary Blog (Feb 15, 2018) • Modern Password Cracking: A hands-on approach to creating an optimised and versatile attack by Chrysanthou Yiannis - Royal Holloway, University of London (May 01, 2013) Page of7 7