Day 14: Password Attacks
Master password attack techniques including online brute-force with Hydra, offline hash cracking with John the Ripper and Hashcat, and NTLM hash capture with Responder. Learn to identify hash types and use effective wordlists.
Learning Objectives
- ✓Master password attack techniques and methodologies
- ✓Understand online vs offline password attack differences
- ✓Differentiate between dictionary and brute-force attacks
- ✓Learn about common wordlists and their sources
- ✓Use Hydra for online brute-force attacks effectively
- ✓Crack password hashes with John the Ripper and Hashcat
- ✓Identify different hash types using hash-identifier tool
- ✓Understand NTLM hash capture concepts with Responder
Password Attack Fundamentals
Understanding core concepts and methodologies
Online vs Offline Attacks
Understanding the fundamental differences in password attack approaches
Online Attacks
Direct attacks against live systems or services
- • Requires network access to target
- • Limited by network speed and rate limiting
- • Higher risk of detection
- • Can trigger account lockouts
- • Limited attempts per time period
Tools: Hydra, Medusa, Ncrack, Patator
Offline Attacks
Attacks against captured password hashes or encrypted data
- • Requires hash acquisition first
- • Limited only by computing power
- • Stealthy and undetectable
- • Unlimited attempts possible
- • Can use advanced cracking techniques
Tools: John the Ripper, Hashcat, Ophcrack, Rainbow tables
Dictionary vs Brute-Force Attacks
Comparing different password attack methodologies
Dictionary Attacks
Using pre-compiled wordlists for password attempts
- • Fast execution
- • High success rate for common passwords
- • Uses real-world password data
- • Memory efficient
- • Can be combined with rules
Success Rate: High for weak passwords, low for complex ones
Brute-Force Attacks
Systematically trying all possible character combinations
- • Guaranteed to find password given time
- • Extremely time-consuming
- • High computational requirements
- • Effective against short passwords
- • Can be optimized with masks
Success Rate: Guaranteed but may take impractical time